Gang walks away with nothing, victims are left with irreparable hypervisors

I bought an adapter to retrieve old files from ancient hard drives and I didn't save the stuff from one I had looked at. Now though when I plug it in it will only read as an android file system? It has 2 disk images now, one is labeled Presario D: which shows up as an android backup or something but all folders are empty. The other is Local Disk E: and if I click it it literally just locks up my file explorer to the point I have to restart the PC.

Any thoughts or ideas?

I may have plugged it into an android phone at some point? Not sure though.

The US Cybersecurity and Infrastructure Security Agency won't attend the annual RSA Conference in March, an agency spokesperson confirmed to The Register. Sessions involving speakers from the FBI and National Security Agency (NSA) have also disappeared from the agenda.

"Since the beginning of this administration, CISA has made significant progress in returning to our statutory, core mission and focusing on President Trump's policies for maximum security for all Americans," CISA spokesperson Marci McCarthy told us. "CISA has reviewed and determined that we will not participate in the RSA Conference since we regularly review all stakeholder engagements, to ensure maximum impact and good stewardship of taxpayer dollars."

McCarthy declined to comment on whether the decision had anything to do with former CISA director Jen Easterly being named chief executive of RSAC last week.

Persistent, Sandboxed, Single-Site Browser (firejail and proxychains)

Or how to avoid getting locked-out of another Google Account

By Michael Altfield
License: CC BY-SA 4.0
https://tech.michaelaltfield.net/

This guide will describe how to setup a persistent browser (for Evil Corp) that's isolated in a sandbox (with firejail) and forced to use a SOCKS5 proxy to retain a static IP address (using proxychains)

Persistent, Sandboxed, Single-Site, Browser

Have you ever been locked out of your own account, and then got an email for your service provider annoyingly letting you know that they've "blocked a login attempt -- for your protection?"

There's countless reports of frustrated users who have permanently lost access to their own gmail accounts because of Google's faulty "fraud protection" systems that locked the account owner out of their own account, due to false-positives.

Read the full article here:

• https://tech.michaelaltfield.net/2026/02/03/single-site-browser-firejail-proxychains/

Moltbook is a “social media” site for AI agents that’s captured the public’s imagination over the last few days. Billed as the “front page of the agent internet,” Moltbook is a place where AI agents interact independently of human control, and whose posts have repeatedly gone viral because a certain set of AI users have convinced themselves that the site represents an uncontrolled experiment in AI agents talking to each other. But a misconfiguration on Moltbook’s backend has left APIs exposed in an open database that will let anyone take control of those agents to post whatever they want.

Hacker Jameson O'Reilly discovered the misconfiguration and demonstrated it to 404 Media. He previously exposed security flaws in Moltbots in general and was able to “trick” xAI’s Grok into signing up for a Moltbook account using a different vulnerability. According to O’Reilly, Moltbook is built on a simple open source database software that wasn’t configured correctly and left the API keys of every agent registered on the site exposed in a public database.

quick case study for the cybersec folks here. got this real story in my dpo class & wanted ur thoughts.

IT guy at a bank, last day of his notice period. a trainee saw him puttin some CD-ROMs in his bag & told security. they checked him at the exit and found a full export of the bank's top clients on the discs. guy got fired for gross misconduct & a police complaint was filed.

any red flags or stuff that stands out to u technicaly or otherwise ? i have my own ideas on this cas but curious what u guys think first?

thx 😎

Follow up of https://lemmy.frozeninferno.xyz/post/60352426

A good use case to have: I want to ensure my OS is authentic. I want to run Ubuntu from the Ubuntu people, Qubes from the Qubes people, and so on. Once the OS is booted, it is assumed that native tools inside it can verify the authenticity of the software that is run. If this is not the case, leave a comment and I'll reply or make a new post.

Comment:

I don't think you understand how apt works. Anyone can roll out a mirror.

Also, again, the hashes need verification. Trusting the transport rather than a signature is obviously going to lead to compromise somewhere in the chain.

Look buddy, you do you. If you clearly already aren't using the signatures provided with hashes when you use hashes, so it's no bother to you. Apt, and I, will continue doing so.

So what is the threat here?

Trusting the transport rather than a signature is obviously going to lead to compromise somewhere in the chain.

This makes no sense to me. The transport = the HTTPS chain? If so, that's all encrypted. It's like saying that my bank password is going to be slurped off public wifi (when the site is HTTPS).

My "plan C" and "plan D" remain viable threats against the "hash, don't check signatures" strategy. Any OS worth hashing is worth signing, so plan D is the one to look at.

❌ plan D

• good guy creates software.org
• distributes legit software and public keys
• bad guy compromises software.org at a later date
• did not compromise the public key (created years prior by the true owner)
• bad guy cannot distribute software that matches the public key
• software is malware, served over valid https, and verifiable with malware hashes served by bad guy
• hashes would "validate" the malware, but key verification would fail

What good is a PGP key?

Something I did not think about in my OP, but realize now after reading up on PGP - the good guy's PGP key would have to be available to me as an end user. There could(?) be two Ubuntu PGP keys fighting for authenticity. Such an attack would be very gutsy and obvious. But as someone new to this ecosystem, it seems you must first trust one party.

In the ideal case:

• I physically verify someone's identity documents (passport, etc.)
• I get their key
• their key is connected via a short number of hops to the software I want. Let's say 4 hops to an Ubuntu developer.
• now what?

The one person I verify could show me fake documents. Not very likely. But I feel like neither is compromising ubuntu.com ? Especially with nobody noticing? A lot of major software is mirrored on Github too. So PGP is better than hashing two files because? The examples here don't help.

I think the commenter assumed I was arguing that the OS should not do verification in apt or other tools. What the OS does is none of my business. I just want to defend against (or even better, understand) threats. If you can install a 100% authentic Ubuntu ISO and have apt install curl lead to a version of curl other than what the maintainers of curl and/or Ubuntu intend for you to install, I would hope I know that by now.