Shecky (((Mike))) - Third Wheel
@siliconshecky.siliconshecky.com
N9HAK, Dad, CyberSecurity, National Anthem Singer, Ninja Warrior, Trainiac, "Life is like an Oreo cookie, Pass the beer nuts", Theatre person
Blog: siliconshecky.com
Blog: siliconshecky.com
Reposted by Shecky (((Mike))) - Third Wheel
This new study demonstrates that using LLMs to learn about a new topic produces less retention/understanding than traditional web search, and that learners spend less effort in giving advice based on their research when using LLMs.
doi.org/10.1093/pnas...
doi.org/10.1093/pnas...
November 19, 2025 at 1:59 PM
This new study demonstrates that using LLMs to learn about a new topic produces less retention/understanding than traditional web search, and that learners spend less effort in giving advice based on their research when using LLMs.
doi.org/10.1093/pnas...
doi.org/10.1093/pnas...
Wait, you mean those of us who were saying that firing all those CISA employees would be an issue were right?
Bets on Madu getting released before the end of the week or month?
buff.ly/biGtFna
Bets on Madu getting released before the end of the week or month?
buff.ly/biGtFna
US Cyber Defense Agency Admits to Major Staffing Crisis
The Cybersecurity and Infrastructure Security Agency is reeling from an apparent 40% vacancy rate in several key divisions following White House-driven cuts and a
www.databreachtoday.com
November 19, 2025 at 2:04 PM
Wait, you mean those of us who were saying that firing all those CISA employees would be an issue were right?
Bets on Madu getting released before the end of the week or month?
buff.ly/biGtFna
Bets on Madu getting released before the end of the week or month?
buff.ly/biGtFna
I got loke 5 different things I want to learn but can't seem to focus or figure out the best way to attack it so I guess I will just band my head against the desk and wall.
November 16, 2025 at 11:53 PM
I got loke 5 different things I want to learn but can't seem to focus or figure out the best way to attack it so I guess I will just band my head against the desk and wall.
Reposted by Shecky (((Mike))) - Third Wheel
The enemy of my enemy is my *friend.
* Unless that person drove conspiracy theorists to violence, threatened democracy, and made repeated antisemitic remarks, all of which they're pretending never happened as they hope to whitewash their reputation today.
* Unless that person drove conspiracy theorists to violence, threatened democracy, and made repeated antisemitic remarks, all of which they're pretending never happened as they hope to whitewash their reputation today.
November 15, 2025 at 8:30 PM
The enemy of my enemy is my *friend.
* Unless that person drove conspiracy theorists to violence, threatened democracy, and made repeated antisemitic remarks, all of which they're pretending never happened as they hope to whitewash their reputation today.
* Unless that person drove conspiracy theorists to violence, threatened democracy, and made repeated antisemitic remarks, all of which they're pretending never happened as they hope to whitewash their reputation today.
Reposted by Shecky (((Mike))) - Third Wheel
Read this thread. It's spot on.
This shit about agentic AI executing a cyber attack with "thousands of requests, often multiple per second—an attack speed that would have been, for human hackers, simply impossible to match" coming out of Anthropic is such marketing bullshit.
November 16, 2025 at 1:18 PM
Read this thread. It's spot on.
Reposted by Shecky (((Mike))) - Third Wheel
Tom is probably right, we should probably just focus on authoritarianism or illiberalism.
Also, the audience is too dumb, they don't know anything more about "fascism" other than it's an insult.
But for the educated, there are important parallels.
Also, the audience is too dumb, they don't know anything more about "fascism" other than it's an insult.
But for the educated, there are important parallels.
Why do people ask me this as if "a form of authoritarianism that isn't fascism" is impossible?
*Most* forms of authoritarianism are not fascism; fascism is, and was, a tiny number of states in the universe of repressive regimes.
*Most* forms of authoritarianism are not fascism; fascism is, and was, a tiny number of states in the universe of repressive regimes.
So itsa “road map” to a form of authoritarianism…that’s not fascism?
November 16, 2025 at 2:21 AM
Tom is probably right, we should probably just focus on authoritarianism or illiberalism.
Also, the audience is too dumb, they don't know anything more about "fascism" other than it's an insult.
But for the educated, there are important parallels.
Also, the audience is too dumb, they don't know anything more about "fascism" other than it's an insult.
But for the educated, there are important parallels.
Reposted by Shecky (((Mike))) - Third Wheel
Some in cybersec were debating how much VPNs protect your privacy while on public WiFi hotspots. I wrote some technical notes.
cybersect.substack.com/p/experts-vs...
cybersect.substack.com/p/experts-vs...
Experts vs. WiFi privacy vs. VPNs
Recently on the socials there was a discussion whether VPNs are needed to protect your privacy while on WiFi.
cybersect.substack.com
November 16, 2025 at 2:09 AM
Some in cybersec were debating how much VPNs protect your privacy while on public WiFi hotspots. I wrote some technical notes.
cybersect.substack.com/p/experts-vs...
cybersect.substack.com/p/experts-vs...
Sat night and it is Hockey night. The @Chicago_Wolves take on the Cleveland Monsters. Former Wolves goalie who made friends with my kid when he was here and now plays for Cleveland tossed him a special warmup pick.
November 16, 2025 at 12:54 AM
Sat night and it is Hockey night. The @Chicago_Wolves take on the Cleveland Monsters. Former Wolves goalie who made friends with my kid when he was here and now plays for Cleveland tossed him a special warmup pick.
Reposted by Shecky (((Mike))) - Third Wheel
The countdown to the weekend begins with 5-4-Friday! 🪩 💃 🕺
Read 5 #InfoSec and #DataPrivacy news items from this past week that you may have missed! Curated by Sherpa Intelligence: Your Guide Up a Mountain of Information! ⛰️
Five for Friday for November 14, 2025
open.substack.com/pub/sherpain...
Read 5 #InfoSec and #DataPrivacy news items from this past week that you may have missed! Curated by Sherpa Intelligence: Your Guide Up a Mountain of Information! ⛰️
Five for Friday for November 14, 2025
open.substack.com/pub/sherpain...
November 14, 2025 at 6:43 PM
The countdown to the weekend begins with 5-4-Friday! 🪩 💃 🕺
Read 5 #InfoSec and #DataPrivacy news items from this past week that you may have missed! Curated by Sherpa Intelligence: Your Guide Up a Mountain of Information! ⛰️
Five for Friday for November 14, 2025
open.substack.com/pub/sherpain...
Read 5 #InfoSec and #DataPrivacy news items from this past week that you may have missed! Curated by Sherpa Intelligence: Your Guide Up a Mountain of Information! ⛰️
Five for Friday for November 14, 2025
open.substack.com/pub/sherpain...
Execs are treating AI as the new "Blinky Box that fixes everything"
This is why we are screwed.
Ai is a tool, but needs humans to truly make it effective. Once that lesson is learned maybe we can progress forward on things again. Until then, welcome to the bubble that is/about to burst.
This is why we are screwed.
Ai is a tool, but needs humans to truly make it effective. Once that lesson is learned maybe we can progress forward on things again. Until then, welcome to the bubble that is/about to burst.
November 14, 2025 at 6:46 PM
Execs are treating AI as the new "Blinky Box that fixes everything"
This is why we are screwed.
Ai is a tool, but needs humans to truly make it effective. Once that lesson is learned maybe we can progress forward on things again. Until then, welcome to the bubble that is/about to burst.
This is why we are screwed.
Ai is a tool, but needs humans to truly make it effective. Once that lesson is learned maybe we can progress forward on things again. Until then, welcome to the bubble that is/about to burst.
Reposted by Shecky (((Mike))) - Third Wheel
Playing with and poking at the recent Atomic Red Team MCP server to connect it to Claude! Sample execution of threat actor TTPs from ye ol' MITRE ATT&CK framework, in a virtual environment for a cheesy clickbait video title "haha claude hacked me lol" 😜 youtu.be/cFdOvrwxAwQ
November 14, 2025 at 2:00 PM
Playing with and poking at the recent Atomic Red Team MCP server to connect it to Claude! Sample execution of threat actor TTPs from ye ol' MITRE ATT&CK framework, in a virtual environment for a cheesy clickbait video title "haha claude hacked me lol" 😜 youtu.be/cFdOvrwxAwQ
Reposted by Shecky (((Mike))) - Third Wheel
It would be a huge mistake to keep thinking of China as the same cyber threat actor we were dealing with ten years ago. Let's talk about it.
See you on Thursday for a more in-depth discussion.
events.zoom.us/ev/AhsoFeh2O...
See you on Thursday for a more in-depth discussion.
events.zoom.us/ev/AhsoFeh2O...
November 11, 2025 at 6:03 PM
It would be a huge mistake to keep thinking of China as the same cyber threat actor we were dealing with ten years ago. Let's talk about it.
See you on Thursday for a more in-depth discussion.
events.zoom.us/ev/AhsoFeh2O...
See you on Thursday for a more in-depth discussion.
events.zoom.us/ev/AhsoFeh2O...
Reposted by Shecky (((Mike))) - Third Wheel
Good analysis from @veracode.bsky.social on this typosquat GitHub actions package.
www.veracode.com/blog/malicio...
www.veracode.com/blog/malicio...
Malicious NPM Package Found Targeting GitHub By Typosquatting on GitHub Action Packages | Veracode
Application Security for the AI Era | Veracode
www.veracode.com
November 11, 2025 at 2:49 PM
Good analysis from @veracode.bsky.social on this typosquat GitHub actions package.
www.veracode.com/blog/malicio...
www.veracode.com/blog/malicio...
Reposted by Shecky (((Mike))) - Third Wheel
And as you put together your talks for next year, keep in mind that a lot of events (especially BSides and other local conferences) have tons of people who are new to the field. There's a need for talks about fundamentals. Explaining the CIS Top Controls will often do more good than l33t tool drops.
November 10, 2025 at 7:29 PM
And as you put together your talks for next year, keep in mind that a lot of events (especially BSides and other local conferences) have tons of people who are new to the field. There's a need for talks about fundamentals. Explaining the CIS Top Controls will often do more good than l33t tool drops.
Reposted by Shecky (((Mike))) - Third Wheel
Great people, great times!
Great news! We're thrilled to announce that @zscalerinc.bsky.social has generously volunteered to sponsor our upcoming #burbsecsouth meetup.
Join us this Thursday November 13th, at Prime-Time Restaurant, 95th St., #HickoryhillsIL Start time is 6pm so join us.
Join us this Thursday November 13th, at Prime-Time Restaurant, 95th St., #HickoryhillsIL Start time is 6pm so join us.
a man is making a funny face with the words it 's gonna hit so hard
ALT: a man is making a funny face with the words it 's gonna hit so hard
media.tenor.com
November 9, 2025 at 10:00 PM
Great people, great times!
Reposted by Shecky (((Mike))) - Third Wheel
After gutting various cybersecurity offices and firing experienced employees, Dear Leader restarted the programs from scratch, staffed with his usual level of competence.
As evidenced by the CBO getting hacked by foreign agents today.
As evidenced by the CBO getting hacked by foreign agents today.
November 6, 2025 at 10:42 PM
After gutting various cybersecurity offices and firing experienced employees, Dear Leader restarted the programs from scratch, staffed with his usual level of competence.
As evidenced by the CBO getting hacked by foreign agents today.
As evidenced by the CBO getting hacked by foreign agents today.
ChatGPT has new security issues found by a couple researchers. This includes one that bypasses the url_safe feature using Bing tracking links.
hackread.com/chatgpt-vuln...
hackread.com/chatgpt-vuln...
New ChatGPT Vulnerabilities Let Hackers Steal Data, Hijack Memory
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
November 6, 2025 at 10:29 PM
ChatGPT has new security issues found by a couple researchers. This includes one that bypasses the url_safe feature using Bing tracking links.
hackread.com/chatgpt-vuln...
hackread.com/chatgpt-vuln...
Reposted by Shecky (((Mike))) - Third Wheel
Russia-linked 'Curly COMrades' turn to malicious virtual machines for digital spy campaigns #cybersecurity #hacking #news #infosec #security #technology #privacy
Russia-linked 'Curly COMrades' turn to malicious virtual machines for digital spy campaigns
A cyber-espionage operation installed lightweight virtual machines to evade detection, researchers said, in the latest sign of Russia-linked hackers adapting their tactics.
therecord.media
November 6, 2025 at 10:01 PM
Russia-linked 'Curly COMrades' turn to malicious virtual machines for digital spy campaigns #cybersecurity #hacking #news #infosec #security #technology #privacy
Reposted by Shecky (((Mike))) - Third Wheel
New full container breakouts in runc just dropped. Three of them! High severity! Patch 'em while they're hot!
oss-sec: runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881
seclists.org
November 6, 2025 at 7:38 PM
New full container breakouts in runc just dropped. Three of them! High severity! Patch 'em while they're hot!
Reposted by Shecky (((Mike))) - Third Wheel
I paid attention to the #InfoSec & #DataPrivacy news from over the weekend so you wouldn't have to!
Read, "What'd I Miss? InfoSec Weekend News Roundup for October 24-26, 2025"
sherpaintelligence.substack.com/p/whatd-i-mi...
Curated by Sherpa Intelligence: Your Guide Up a Mountain of Information!
Read, "What'd I Miss? InfoSec Weekend News Roundup for October 24-26, 2025"
sherpaintelligence.substack.com/p/whatd-i-mi...
Curated by Sherpa Intelligence: Your Guide Up a Mountain of Information!
What'd I Miss? InfoSec Weekend News Roundup for October 24-26, 2025
I paid attention to the Information Security and Data Privacy news from over the weekend so you wouldn't have to! Curated for you by Sherpa Intelligence: Your Guide Up a Mountain of Information!
sherpaintelligence.substack.com
October 27, 2025 at 5:52 PM
I paid attention to the #InfoSec & #DataPrivacy news from over the weekend so you wouldn't have to!
Read, "What'd I Miss? InfoSec Weekend News Roundup for October 24-26, 2025"
sherpaintelligence.substack.com/p/whatd-i-mi...
Curated by Sherpa Intelligence: Your Guide Up a Mountain of Information!
Read, "What'd I Miss? InfoSec Weekend News Roundup for October 24-26, 2025"
sherpaintelligence.substack.com/p/whatd-i-mi...
Curated by Sherpa Intelligence: Your Guide Up a Mountain of Information!
Reposted by Shecky (((Mike))) - Third Wheel
So about the WSUS vuln.
Looking at the stack trace in this writeup: is the structure of `Microsoft.UpdateServices.Internal.SoapUtilities.DeserializeObject` unique to WSUS? Or could other DeserializeObject functions in MS web services have a similar issue?
Looking at the stack trace in this writeup: is the structure of `Microsoft.UpdateServices.Internal.SoapUtilities.DeserializeObject` unique to WSUS? Or could other DeserializeObject functions in MS web services have a similar issue?
WSUS Deserialization Exploit in the Wild (CVE‑2025‑59287)
First reported by Eye Security, this WSUS CVE exposes a major weakness in Microsoft’s update mechanism. Read our full analysis to understand the discovery, proof-of-concept, and recommended defenses.
research.eye.security
October 25, 2025 at 9:27 PM
So about the WSUS vuln.
Looking at the stack trace in this writeup: is the structure of `Microsoft.UpdateServices.Internal.SoapUtilities.DeserializeObject` unique to WSUS? Or could other DeserializeObject functions in MS web services have a similar issue?
Looking at the stack trace in this writeup: is the structure of `Microsoft.UpdateServices.Internal.SoapUtilities.DeserializeObject` unique to WSUS? Or could other DeserializeObject functions in MS web services have a similar issue?
Reposted by Shecky (((Mike))) - Third Wheel
There are only two possibilities here:
1. Our military is now being paid by private anonymous donors instead of the government.
2. Trump is lying about this fact (to what end I cannot imagine).
Both are really bad for democracy.
1. Our military is now being paid by private anonymous donors instead of the government.
2. Trump is lying about this fact (to what end I cannot imagine).
Both are really bad for democracy.
If members of the United States military are truly being paid their salaries by a private individual, the American people should know who that individual is. Now.
October 25, 2025 at 3:44 PM
There are only two possibilities here:
1. Our military is now being paid by private anonymous donors instead of the government.
2. Trump is lying about this fact (to what end I cannot imagine).
Both are really bad for democracy.
1. Our military is now being paid by private anonymous donors instead of the government.
2. Trump is lying about this fact (to what end I cannot imagine).
Both are really bad for democracy.