Alfonso Muñoz, Phd

Acabo de publicar mi nuevo libro "Criptografía Ofensiva 2. Atacando y defendiendo organizaciones: Criptografía aplicada para programadores, analistas, cripto-agilistas y hackers éticos". 400 páginas y más de 1.100 referencias. Lo tenéis disponible en el siguiente enlace. Se agradece difusión - amazon.es/Criptograf%C3%…

Me recuerda tanto a lo que pasó con la criptografía fuerte... Y todos sabemos cuál fue el resultado :). Buena suerte con esa estrategia, a veces pienso que EEUU lo gobiernan espías rusos o chinos 😅

@YJesus Cuál es el modelo sin restricciones más "gordo" que has podido ejecutar? el gemma-4-31B-it-uncensored-heretic:q4_k_m no va mal de token/segundo (sin ser algo excepcional)

@mindcrypt el tema es que ollama tarda mil años en actualizar llama ... pierdes Turboquant (no muy necesario para esta máquina de momento) y el nuevo juguetico de esta semana 'Dflash' (este aún no lo he probado yo ...)

For those who couldn't get a Mac Studio M3 Ultra. Strix Halo gfx1151, 128GB UMA, ~3K€, in stock. Qwen3.6-35B-A3B and Coder-Next fly. MiniMax-M2.7 still broken. Use lemonade-sdk builds github.com/lemonade-sdk/l…, skip vanilla AMD releases.

‼️🚨 NEW RESEARCH: Fiber-optic cables can be turned into a hidden microphone and used for eavesdropping. Researchers from Hong Kong's PolyU and CUHK just proved it works in real conditions. The paper was presented at NDSS 2026, one of the top cybersecurity conferences in the world. When someone talks in a room, the sound waves cause tiny vibrations in everything around them, including the thin glass fiber that runs into your apartment from your internet provider. Those vibrations slightly disturb the laser light traveling through the cable. If an attacker plugs the other end of that cable into a special device called a Distributed Acoustic Sensing system, they can read those tiny disturbances and turn them back into recognizable speech. The problem for the attacker: a normal fiber lying along your baseboard is not sensitive enough on its own. Sound fades too fast in the air, and the fiber is too thin to pick it up. So the researchers built a small device they call a "Sensory Receptor." It is basically a 65mm plastic cylinder with about 15 meters of fiber wound around it. The cylinder catches and amplifies sound waves enough for the fiber to register them. Crucially, it is small enough to hide inside the same little plastic junction box your internet installer leaves on the wall to manage extra cable. What the attack can actually pick up: 🔴 Daily activities (typing, walking, snoring, washing dishes): 83% recognition accuracy 🔴 Where in the room a sound is coming from: accurate to within about one meter 🔴 Spoken words at meters from the receptor 🔴 In a real office test, with the receptor hidden in a fiber box and the attacker 50+ meters away in another room, around 80% of the conversation was recoverable Why this attack is different from a hidden microphone: 🔴 No electricity, no batteries, no radio signals 🔴 Cannot be found by professional bug sweeps that look for hidden mics or cameras 🔴 Cannot be jammed by ultrasonic jammers (the kind some boardrooms use against phone microphones) 🔴 Looks identical to a normal fiber cable The researchers tested a commercial ultrasonic jammer right next to their device and it had zero effect. The defenses meant to protect sensitive meetings simply do not see this attack coming. What you can do: 🔴 If you run a sensitive office or meeting room, ask your IT team about polished fiber connectors and optical isolators. Both make this attack much harder. 🔴 Do not let your internet installer leave excess fiber coiled up inside the room. Have them coil it inside the wall or in a sealed box outside the room. 🔴 Keep fiber cable runs away from desks and walls that resonate with conversation. 🔴 In high-security spaces, soundproof the walls and ceilings where fiber runs.

@YJesus La verdad estoy probando todavía la máquina... Lo mismo en una semana pienso lo contrario 😂 😂. De momento cosas básicas con ollama van bien y modelos de menos 80gb va bien los tokens/segundos... En unos días te cuento :)

@mindcrypt A mi me ha dejado K.O. varias cosas, que o vas a lemonade o el resto rinde fatal, el vanilla con Vulkan medio va, pero ROCm funcionaba fatal. Eso y el salto en rendimiento del 27b al 35 MoE, es algo que en CUDA no me pasa . Y mi sueño de ver MiniMax en local bye bye

AI Agent Standards Initiative - nist.gov/artificial-int…

Vamos a ver la evolución de esto.... "El Congreso actuará contra los bloqueos masivos de IP por parte de LaLiga" - democrata.es/politica/congr…

Sci-Hub is an evil website that pirated 85M+ research papers and made them freely available And now they've added AI to their database to make Sci-Bot. It answers your questions using latest, full-text articles. But DO NOT use it. We should all try to make billion-dollar academic publishers richer. I'm putting the link below so you know how to avoid it.

Venga... hoy tampoco duermo XD - blender-mcp.com

For over 20 years, I have helped multinationals, governments, and startups secure what matters most through technical audits, original research, and specialised training. If you need my expertise in secure architecture design, cryptographic audits, C-level advisory — including how to manage quantum threats — or how to use AI in cybersecurity without the hype, such as AI SOCs, threat intelligence, malware analysis, and more, just let me know. And if you need advanced research or ad-hoc solutions in offensive or defensive security, I would be happy to help. My Proton Mail and PGP key are open to you. I look forward to hearing more from you and about exciting challenges - criptored.es

A response to recent reporting in Germany, in service of clarity and accountability: First, it’s important to be precise when it comes to critical infrastructure like Signal. Signal was not “hacked” — in that our encryption, infrastructure, and the integrity of the app’s code was not compromised. However, sophisticated attackers have engaged in a harmful phishing campaign, posing as “Signal Support” by changing their profile display name and using social engineering to trick people into handing over their credentials — information that allowed these attackers to take over some targeted Signal accounts. This is something that plagues any mainstream messaging app once it reaches the scale of Signal, but we know how high the stakes are given the trust people place in us. In the coming weeks, you’ll see us rolling out a number of changes to help hinder these kinds of attacks. Because we don’t collect user data, what we know about these attacks comes from the victims of phishing. And from what victims have told us, the attacks followed a broad pattern: after tricking people into revealing their Signal credentials, attackers then used those credentials to take over their account and also frequently changed the associated phone number. Because such a change results in de-registering your Signal accounts, attackers prepared people for this by telling them that being de-registered was intended behavior, and that all they would need to do is “re-register,” or, create a new account. When they moved to create a new Signal account — one that was now decoupled from their hijacked account — the victims thought they were logging back in to their primary account. As a result, many didn't notice the takeover. The compromised accounts were then weaponized to target the victims' contact lists by posing as the owners of the account. We understand the trust that people put in Signal, and how devastating this kind of social engineering can be. While it’s true that all messaging platforms are susceptible to scammers and phishing that betrays people’s trust and convinces them to “unlock the front door” where no backdoor exists, we are looking to do everything we can to help people avoid and detect such scams. For the time being, please stay vigilant against phishing and account takeover attempts. Remember that no one from Signal Support will ever send you a message request or ask for your registration verification code or Signal PIN. For an added layer of protection, you can enable Registration Lock in your Signal Settings (Account -> Registration Lock).

“Lo correcto es correcto, aunque nadie lo haga; lo incorrecto es incorrecto, incluso si todos lo hacen”. Ésa teoría, pero ¿qué dice la práctica? Ése es el análisis más importante. Si todas las órdenes se cumplen, sin cuestionarlas. Malo. __ Paths of Glory

🇫🇷 | Un francés con un secador de pelo ganó $34,000 calentando un termómetro en un aeropuerto de París. La seguridad ahora busca al “genio” que sacó provecho de una apuesta de temperatura en Polymarket. El truco fue que el mercado de clima de Polymarket dependía de datos de un termómetro específico ubicado cerca de un aeropuerto, sin seguridad alrededor. El 15 de abril, la temperatura máxima del día marcaba 18°C, pero alguien apostó todo a 22°C. El apostador anónimo supuestamente se acercó al termómetro, lo calentó con un secador de pelo portátil hasta la temperatura objetivo y huyó para asegurar la ganancia. Tras el incidente, el mercado aparentemente cambió a un termómetro de un aeropuerto diferente — esta vez con guardias de seguridad colocados al lado.

🚀 DeepSeek-V4 Preview is officially live & open-sourced! Welcome to the era of cost-effective 1M context length. 🔹 DeepSeek-V4-Pro: 1.6T total / 49B active params. Performance rivaling the world's top closed-source models. 🔹 DeepSeek-V4-Flash: 284B total / 13B active params. Your fast, efficient, and economical choice. Try it now at chat.deepseek.com via Expert Mode / Instant Mode. API is updated & available today! 📄 Tech Report: huggingface.co/deepseek-ai/De… 🤗 Open Weights: huggingface.co/collections/de… 1/n

@Artaggedon @patowc Recuerda que dios creo el mundo el primer día y el segundo creó a los españoles y los argentinos que se fueron juntos a comer una buena carne y disfrutar de la vida... el resto es hablar por hablar XD

@mindcrypt @patowc Por transitividad, el votante medio de Kirchner es, entonces, un "idiota desencantado"?? Lol... Todos idiotas entonces. Todos los argentinos son idiotas. No lo creo así, pero bueno.

Es evidente que el votante medio de Milei o de Trump es idiota integral. Es el momento de crear una RootedCOIN y sacarles dinero precisamente por eso xD ¡RootedCOIN se une al movimiento SAGA (Steal all Americans magas Gold Again)!

A threat actor could run their very private uncensored Kimi-K2.6 on hardware that costs between 50k and 200k for malware campaigns day any night Just check the benchmarks of Kimi-K2.6 and then tell me that Mythos finding a 27-year-old null pointer dereference that caused a DoS, was very unlikely to be turned into serious RCE, nobody cared about, and apparently cost them $100k to find is more serious than this x.com/UnslothAI/stat…

@Artaggedon @patowc un votante de Trump desencantado? :)

@patowc Qué sería entonces el votante medio de Kirchner?

NEW @citizenlab report We uncover two sophisticated telecom surveillance campaigns. The findings expose how surveillance vendors exploit the global telecom ecosystem to conduct covert location tracking operations that can persist undetected for years. citizenlab.ca/research/uncov…

🚨🇩🇪 Russian intelligence fully compromised the Signal account of Germany's parliament speaker Julia Klöckner by pretending to be Signal support. She is the second-highest state official and shared a CDU executive Signal group with Chancellor Merz. His phone came back clean, hers did not.