Data leeks are a major problem in #infosec

Hey, Max, look how cute my human is!

Risk from defunding #cybersecurity advice agencies (I’m not talking about the surveillance ones) is a threat to nearly everyone on the planet because global security #supplychain is volatile, at best @NCSC @ACSC @ASDGovAu @cybercentre_ca @ownyouronline @ncsc_nz @CISACyber #finalcyberstand

How I imagine @CISAgov @CISACyber for the past year

This tip for sending messages securely, I caveat, is for some of the truly, most paranoid people… Spy shit. This sounds like the same trope we all know (nothing is safe), but here’s the “intel agency real pro tip”: The reason steganography has been so popular for hundreds of years is that “hiding in plain sight” is sometimes better than looking like an outlier to an algorithm or to a human. I pose a paranoid challenge: Who do you think the police or AI are going to investigate harder from CCTV: 1) the person with the anti-surveillance mask, a hat with an LED, and anti-night vision reflective clothing? Or 2) the soccer mom with a stroller (which is actually full of ordinance and messages)? Not everything needs to be AES-900000 encrypted. Consider the dreidel and other low tech devices for communication and sharing secrets and ideas This likely does not apply to you or anyone you know today, but it’s worth noting for the record: Outliers get attention And I looove me some @ProtonPrivacy - I know exactly what encryption means for individuals and society. I believe in you! #Privacy is like, my whole thing. I’m just sayin’. “Spy shit” exists because nothing is infallible When you can’t trust *gestures vaguely at the entire world* anymore, we do what we have to do to communicate

You can use one of these services to share a secret separate from an encrypted string with someone How it works (either order) Send encrypted message via email or whatev Send the secret via a pastebin-like link The encrypted text and secret aren’t connected, unless you or your recipient’s end nodes is compromised onetimesecret.com Privnote.com privatebin.info If you will be sharing secrets regularly with this entity, use a password manager. They can basically all do this now. Pro tips (for the truly paranoid): Send the message and pastebin-like link with the secret more than a few minutes apart. This helps potentially limit correlation via an ISP compromise or similar (AI could otherwise easily think “this person send a link and an encrypted string immediately after, so they’re probably related!”) Use different VPNs / separate no-log VPN IPs to send both messages What NOT to do: Do not send a photo of the written secret (AI can read handwriting) Do not allow the pastebin link to be accessed by an end user more than once

It’s been 14 years and I STILL want to get off Mr Bones Wild Ride. But the ride never ends, does it… C’est la rollercoaster of life

Today we continue our #eli5AI series by explaining AI "slop" vs "AI art" What's the difference? Isn't all Ai output the same? In summary: No. architectsecurity.org/2026/0… (ELi5ai= explain it like i am 5: AI)

I spend like 30% of most days trying to actually make AI hallucinate on purpose Important and wonderful, but deeply weird work Sometimes it’s fun:

Even I don’t want to scan a QR code with a 2nd device to login But let’s say I have Yubikey permanently inserted into USB (many ppl do), and my cat walks across the keyboard? Paw hits the port during a login prompt? The cat he has authenticated. This is a problem for security