Eric Brandel

@SeamusHughes Mara in the Four Seasons is also great and they have a nice bar as well. Upscale mediterranean. Other great options outside of downtown: Minari, Hai Hai, Vinai, Stargazer. All in northeast Minneapolis.

@SeamusHughes Spoon and Stable’s lounge/bar. From like 8pm until close. If you’re looking for a spot after that, check out Meteor. Awesome drinks, alt crowd, good stuff. On the other end of the financial spectrum: Flora Room, fancier basement bar underneath Porzana. You enter around back.

Made it to Minneapolis. Give me your best restaurant and spots in general recommendations.

@barryjSDTXMNIL @iowahawkblog Tough to beat the exterior from the 1950s, that's for sure.

@iowahawkblog Murray’s in Minneapolis

it takes its place of honor next to the vintage Mountain Dew sign

Just found and built my best exploits ever. Really proud of these. The Internet was a mistake. Happy New Year!

probably meetautoex[.]us as well?

100k users. Tracks every URL you visit. Exfil via hxxps://service[.]voicewave[.]xyz/get_styles_for_web_tts Using a persistent uid on each "styles" request. Via a delayed API call by the extension. Totally legit. Definitely necessary. chromewebstore.google.com/detail/voice-m…

More good work from the folks at Koi koi.ai/blog/darkspect…

The only acceptable way to say bye to the LLM that has done good work.

Buying a bunch of hardware on ebay. Seeing obvious scam listings, looking for this link and it is apparently gone. fun.

I’m a bit concerned about the non-inquisitive celebration from infosec on this. Where is the “what does keystroke latency even mean?” Without that, you can’t implement it for yourself, nor can you identify weaknesses. ~3yrs I was privately proposing similar options. So, AS SOMEWHAT OF A KEYBOARD EXPERT MYSELF 🤔💅, let’s look… First, this is most likely NOT a direct measure of network latency. This machine was physically located in Arizona. DPRK started off with shipping corp laptops overseas, but the network latency was a dead giveaway. So they started colocating them in the USA and remotely controlling them. First with remote control software, which is easy to identify if the company has security software on the machine. And then with hardware like IP-KVMs. There are sometimes a few tells that an IP-KVM is in use, but a well tuned one will identify exactly like a normal external keyboard/mouse/monitor. Unless… This is where you have to start looking beyond device identity and instead look at input anomalies. Keyboard/mouse input being sent halfway across the world via network packets to an IP-KVM can look… weird. Think bursts of input. This looks very weird with mouse data that is normally smooth. But even keystrokes start to stand out when you have a big enough dataset to compare against. So, of course, you could improve the IP-KVM to smooth out and “humanize” the inputs before relaying them to the host. But… You can also present some real time control surfaces. I don’t want to blow anyone’s defense tradecraft here. So let’s just imagine the employee needs to play a 5sec game of flappybird each day. Or maybe it’s an overt “DPRK Detector” step during login. The visual input has to travel halfway across the globe, then the input has to come all the way back. That’s a massive delay for response to visual stimulus. Certainly anomalous enough to warrant investigation. How do you beat that? Maybe an AI process running on the IP-KVM that plays DPRK Detector for you? The arms race will continue. And it’s mostly because HR and Hiring Managers don’t want to do deeper background checks needed to identify fake/stolen identities. 🤷‍♂️ And for anyone not familiar with these hunts, the detection techniques are NOT definitive proof of wrong doing. They are simply turning a mountainous hay stack into a fistful of hay that a human can quickly sift through to look for other indicators. Note: there are environment-specific detections as well. But I tried to stay in territory that’s applicable to everyone who has this risk in their threat model.

The urlscan Threat Research Team identified the first large-scale consumer phishing campaigns powered by WebAssembly (WASM) targeting US gov & financial brands with stronger obfuscation and evasion. urlscan Pro has the full report and what this means for the phishing ecosystem.

Claude has the sad

AI is learning all the wrong lessons. From some code generated to help test misconfigured settings.

@vxunderground I’ve got a 14 and 17 year old. The problem has never gone away. Although my sleep is a little better now I guess.

Parents, I need your opinion Ever since my son was born my house has been a disaster. It's not filled with trash, there isn't bugs, or anything like that. But, we have INSANE clutter and disorganization. We have mountains of boxes from Amazon we have to recycle, we go through TONS of trash bags now from dirty diapers and stuff. We are always behind on laundry. On top of all of this, we made the mistake of buying him tons of stuff my baby boy has already outgrown. We have mountains of clothing that already don't fit him. My wife and I have also been moving stuff around a lot. We have a bassinet in my office, his "bedroom" (nursery), which means other furniture is literally just pushed anywhere we can fit it. It's dizzying how much is changing and so fast. Did any of you have this problem? Was your house also a mess? My son is 8 months old and everything is happening so quickly I don't even know what's going on anymore. My sleep has been ATROCIOUS since he's been born which makes doing anything else difficult as well. We're first time parents, we planned for the baby, read the books, took the classes, prepared financially, did everything how you're "supposed" to do it and it's still been a whirling wind of chaos

Just an absolute mess. Probably why this extension was pulled. At _best_ it was someone who thought roll-your-own encryption was a valid development path. Nothing like shipping private keys in your javascript. Extension id: mboheboacomfkpknfbiknphlkbapided

God I love encountering this stuff when I'm trying to build tools to prevent abuse and malicious activity. Once again, AI safety is amongst the stupidest of pursuits and only hampers defenders.

The correct number of unapproved browser extensions that companies should allow is zero.

@NDJayG Click this

@awstar11 How can you tell where people are located on this app?

UK, Japan, Canada, and New South Wales are very upset that I questioned Mark Kelly's motives in his statement.

@DataPhysicist Unfortunately the truth of what they’re doing doesn’t garner the same level of attention that people lying about (or, if I’m being generous, misunderstanding) what they’re doing. Google scrapes the internet, it doesn’t need emails and DMs to train anything.

They claim your data here is NOT used to train AI models. "Your data stays in Workspace. We do not use your Workspace data to train or improve the underlying generative AI and large language models that power Bard, Search, and other systems outside of Workspace without permission."

IMPORTANT message for everyone using Gmail. You have been automatically OPTED IN to allow Gmail to access all your private messages & attachments to train AI models. You have to manually turn off Smart Features in the Setting menu in TWO locations. Retweet so every is aware.