• More cloud woes

    From Don Y@blockedofcourse@foo.invalid to sci.electronics.design on Thu Jul 2 09:21:45 2026
    From Newsgroup: sci.electronics.design

    <https://www.nytimes.com/2026/07/02/opinion/hacking-ai-leaks-shame.html>

    Yet another reason to keep on-site control of EVERYTHING.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Edward Rawde@invalid@invalid.invalid to sci.electronics.design on Thu Jul 2 13:10:54 2026
    From Newsgroup: sci.electronics.design

    "Don Y" <blockedofcourse@foo.invalid> wrote in message news:112636p$2o0kb$1@dont-email.me...
    <https://www.nytimes.com/2026/07/02/opinion/hacking-ai-leaks-shame.html>

    Yet another reason to keep on-site control of EVERYTHING.

    Fire the assistant who didn't know how to check whether the message origin was red flagged a database like this one.
    https://www.abuseipdb.com/check/35.195.155.221

    Even if it's clear I'd still check the associated /24 https://www.abuseipdb.com/check-block/35.195.155.0/24

    Most of the Internet is blocked inbound to my own email servers.
    Exceptions are added to a whitelist as necessary.
    This doesn't eliminate unwanted messages but it considerably reduces them.

    Trying to educate people to do any of the above is, of course, a waste of time.


    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Don Y@blockedofcourse@foo.invalid to sci.electronics.design on Thu Jul 2 10:40:46 2026
    From Newsgroup: sci.electronics.design

    On 7/2/2026 10:10 AM, Edward Rawde wrote:
    "Don Y" <blockedofcourse@foo.invalid> wrote in message news:112636p$2o0kb$1@dont-email.me...
    <https://www.nytimes.com/2026/07/02/opinion/hacking-ai-leaks-shame.html>

    Yet another reason to keep on-site control of EVERYTHING.

    Fire the assistant who didn't know how to check whether the message origin was
    red flagged a database like this one. https://www.abuseipdb.com/check/35.195.155.221

    Even if it's clear I'd still check the associated /24 https://www.abuseipdb.com/check-block/35.195.155.0/24

    The Internet was designed for a benevolent exchange of information
    and communication. So, dealing with hostile actors is a bolt-on
    ("bag") approach to the problem.

    [This is true of many such technologies -- CID, swatting, etc.]

    Most of the Internet is blocked inbound to my own email servers.
    Exceptions are added to a whitelist as necessary.
    This doesn't eliminate unwanted messages but it considerably reduces them.

    I let someone who has skill and staff handle my email. I see *no*
    spam. And, the only "suspicious" messages we've received have been the
    result of friends being hacked (and their address books exposed; delete
    the email account that was exposed and give the hacked friend access
    to another account that is equally easy to track usage (and delete, if required).

    [Most recent hack was a "friend" (name mispelled -- red flag!) claiming to need $400 to buy a gift for his niece (red flag). But, he was "away from
    his phone" (red flag) so wanted me to buy some gift cards (red flag) and
    "send him the codes off the cards". The guy on the other end of the line
    was dismayed when I offered to "drop by... "NO! Don't do that!" Of course,
    I phoned him to alert him to the scam -- but not before his ex-wife
    got screwed. (I wonder if he saw that as a good or bad thing? :> ]

    [[Before that, one of SWMBO's friends sent her a phishing email -- so,
    a quick phone call to her informing her that her email had been hacked
    and/or taken over so she could alert HER friends, by phone...]]

    Trying to educate people to do any of the above is, of course, a waste of time.
    This is the problem. In a world where people can't sort out how
    to set the time on a VCR, trying to explain anything more involved
    than "right for gas, left for brake" is a fool's errand.

    And, people keep designing products and protocols with the same
    flawed concepts, rationalizing that "no one would hack a pace maker..."
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Lasse Langwadt@llc@fonz.dk to sci.electronics.design on Thu Jul 2 21:25:43 2026
    From Newsgroup: sci.electronics.design

    On 7/2/26 18:21, Don Y wrote:
    <https://www.nytimes.com/2026/07/02/opinion/hacking-ai-leaks-shame.html>

    Yet another reason to keep on-site control of EVERYTHING.

    only if you are naive enough to think you or someone else with access
    can't be tricked and that you are better at security than those who
    spend 24/7 fighting hackers
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From =?UTF-8?B?Q8OzaWzDrW4=?= =?UTF-8?B?IE5pb2Nsw6Fzw61u?= =?UTF-8?B?IEdsb3N0w6lpcg==?=@thanks-to@Taf.com to sci.electronics.design on Thu Jul 2 19:50:51 2026
    From Newsgroup: sci.electronics.design

    Don Y <blockedofcourse@foo.invalid> wrote: |----------------------------------------------------------------------------------|
    |"> Trying to educate people to do any of the above is, of course, a waste of time.|
    |This is the problem. In a world where people can't sort out how |
    |to set the time on a VCR, trying to explain anything more involved |
    |than "right for gas, left for brake" is a fool's errand. |
    | |
    |And, people keep designing products and protocols with the same" |
    |----------------------------------------------------------------------------------|

    Deliberate persistent undeperformers insist on using Cloudflare
    despite Cloudflare messing up on them. So I complained to them but
    they use the lame excuse that Cloudflare affected many clients so they
    pretend that they are not at faults for choosing faulty Cloudflare! Cf. HTTP://Gloucester.Insomnia247.NL/media/Theip_ar_Ch_na_M_agus_CPL_agus_Rezoomo_agus_Cloudflare_Nior_theip_ar_shuiomh_liom_greasain.HTM
    and HTTP://Gloucester.Insomnia247.NL/media/2025-11-18u_Cloudflare_and_CnaM_and_Rezoomo_errors_reported_on_USENET.mbox.txt

    |-------------------------------------------------------------------------| |"flawed concepts, rationalizing that "no one would hack a pace maker...""| |-------------------------------------------------------------------------|

    Alastair McKinstry and John Murphy interviewed me for a job
    (completely unrelated to the pacemakers) in 2005. Alastair McKinstry
    asked me about a way to design software. I said that I was sorry that
    I did not know what he attempted to get at via this question. He
    elaborated - inter alia - that he heard that pacemakers frequently
    crash (and reboot rapidly to a recoverable good state). I said that he
    shocked me via the revelation that pacemakers crash. He said that he
    also became shocked when an embedded worker informed him so.
    (S. HTTP://Gloucester.Insomnia247.NL/ fuer Kontaktdaten!)
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Don Y@blockedofcourse@foo.invalid to sci.electronics.design on Thu Jul 2 13:02:42 2026
    From Newsgroup: sci.electronics.design

    On 7/2/2026 12:25 PM, Lasse Langwadt wrote:
    On 7/2/26 18:21, Don Y wrote:
    <https://www.nytimes.com/2026/07/02/opinion/hacking-ai-leaks-shame.html>

    Yet another reason to keep on-site control of EVERYTHING.

    only if you are naive enough to think you or someone else with access can't be
    tricked and that you are better at security than those who spend 24/7 fighting
    hackers

    If there is no route outside of your building from the resource
    (i.e., no route *into* the building to access it), then your
    security is likely 10 fold better than someone who has to defend
    such a pathway to YOUR resources.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Don Y@blockedofcourse@foo.invalid to sci.electronics.design on Thu Jul 2 13:13:36 2026
    From Newsgroup: sci.electronics.design

    On 7/2/2026 12:50 PM, C||il|!n Niocl|is|!n Glost|-ir wrote:
    |-------------------------------------------------------------------------| |"flawed concepts, rationalizing that "no one would hack a pace maker...""| |-------------------------------------------------------------------------|

    Alastair McKinstry and John Murphy interviewed me for a job
    (completely unrelated to the pacemakers) in 2005. Alastair McKinstry
    asked me about a way to design software. I said that I was sorry that
    I did not know what he attempted to get at via this question. He
    elaborated - inter alia - that he heard that pacemakers frequently
    crash (and reboot rapidly to a recoverable good state). I said that he shocked me via the revelation that pacemakers crash. He said that he
    also became shocked when an embedded worker informed him so.
    Virtually everything is hackable so rationalizing that there would
    be "no interest" in hacking YOUR device is just silly talk.

    Let me infect YOUR device with a bot, INSIDE your customer's
    firewalled network and have it talk to me for CnC outside
    the network. Now I can poke around AS IF I was inside
    your customer's facility as he likely trusts every box on
    his internal network.

    Let some guy i n to service your printer, photocopier, etc.
    and are you sure he hasn't left anything behind?

    <https://arstechnica.com/information-technology/2012/03/the-pwn-plug-is-a-little-white-box-that-can-hack-your-network/>

    Are you sure EVERY device on your network takes security seriously?
    Does your IDS notice outbound connections from unexpected
    devices? Are you sure none of those devices can *spoof* a
    legitimate device on the network by eavesdropping on traffic?
    Wired *and* wireless??

    <https://hackmag.com/security/pwn-plug-r2>

    Of course, if one of your "legitimate devices" can be hacked, then
    the "plug" looks like a device that you've already accepted into
    your organization: "Move along; nothing to see here"

    <https://www.extremetech.com/cars/headlight-hackers-are-stealing-cars-via-can-interference>

    Designers are just SO naive about what they "expect" in their
    universes.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From =?UTF-8?B?Q8OzaWzDrW4=?= =?UTF-8?B?IE5pb2Nsw6Fzw61u?= =?UTF-8?B?IEdsb3N0w6lpcg==?=@thanks-to@Taf.com to sci.electronics.design on Thu Jul 2 21:03:23 2026
    From Newsgroup: sci.electronics.design

    However, if everything you own is in one site - instead of being
    replicated at other sites - then you are vulnerable. E.g. an uncle's
    home recently was on fire (because an installer insisted on delaying
    installing a new boiler so an old boiler exploded, thereby destroying
    his new (waiting-to-become-installed) boiler and much else). Bad :(
    (S. HTTP://Gloucester.Insomnia247.NL/ fuer Kontaktdaten!)
    --- Synchronet 3.22a-Linux NewsLink 1.2