Steve Turner
@beingageek.com
Cybersecurity geek. Into Legos and adding games to my steam library I’ll never play. Posts are my own.
Reposted by Steve Turner
It's Friday and you've probably had enough cyber... but I'm re-upping my story on this.weekinsecurity.com about how AI browsers are shipping with security bugs that put your private data (saved passwords, credit cards, browsing history) at risk.
Here's why AI browsers aren't safe for general use.
Here's why AI browsers aren't safe for general use.
AI browsers are a hot mess of security risks
AI-enabled web browsers are putting their users' data, security, and privacy at risk from rudimentary prompt injection attacks.
this.weekinsecurity.com
October 31, 2025 at 8:37 PM
It's Friday and you've probably had enough cyber... but I'm re-upping my story on this.weekinsecurity.com about how AI browsers are shipping with security bugs that put your private data (saved passwords, credit cards, browsing history) at risk.
Here's why AI browsers aren't safe for general use.
Here's why AI browsers aren't safe for general use.
Reposted by Steve Turner
Discord said late on Friday that hackers stole users' government-issued IDs (passports and driver's licenses) from one of its customer support databases.
I wrote a few words about the risks of age verification laws, and why collecting people's government IDs is bad for security and privacy.
I wrote a few words about the risks of age verification laws, and why collecting people's government IDs is bad for security and privacy.
Discord says users' government IDs used for age checks stolen by hackers
Thanks to age verification laws, expect more data breaches of users' government-issued passports and driver's licenses.
this.weekinsecurity.com
October 4, 2025 at 2:05 PM
Discord said late on Friday that hackers stole users' government-issued IDs (passports and driver's licenses) from one of its customer support databases.
I wrote a few words about the risks of age verification laws, and why collecting people's government IDs is bad for security and privacy.
I wrote a few words about the risks of age verification laws, and why collecting people's government IDs is bad for security and privacy.
Reposted by Steve Turner
Wild to me that a CEO sets goals about outcomes that have nothing to do with the business (are customers more satisfied? Is the product more reliable? Etc.)
Setting the goal of what % of code should be AI-generated is as useful as setting the goal of how many lines of code devs should write per day
Setting the goal of what % of code should be AI-generated is as useful as setting the goal of how many lines of code devs should write per day
September 4, 2025 at 6:40 AM
Wild to me that a CEO sets goals about outcomes that have nothing to do with the business (are customers more satisfied? Is the product more reliable? Etc.)
Setting the goal of what % of code should be AI-generated is as useful as setting the goal of how many lines of code devs should write per day
Setting the goal of what % of code should be AI-generated is as useful as setting the goal of how many lines of code devs should write per day
Reposted by Steve Turner
A big round of applause to Ars.
I really want to see what the submission was to Defcon that got accepted, because this was bad.
I really want to see what the submission was to Defcon that got accepted, because this was bad.
Don’t believe everything you read—especially when it’s part of a marketing pitch designed to sell security services.
Unpacking Passkeys Pwned: Possibly the most specious research in decades
Researchers take note: When the endpoint is compromised, all bets are off.
arstechnica.com
September 1, 2025 at 1:38 AM
A big round of applause to Ars.
I really want to see what the submission was to Defcon that got accepted, because this was bad.
I really want to see what the submission was to Defcon that got accepted, because this was bad.
Reposted by Steve Turner
Companies forcing five days in-office for Zoom calls while still doing remote interviews is peak unseriousness.
In an era of ChatGPT and North Korean hackers slipping through hiring processes, it shows a clueless grasp of where the real threats are.
In an era of ChatGPT and North Korean hackers slipping through hiring processes, it shows a clueless grasp of where the real threats are.
AI Is Forcing the Return of the In-Person Job Interview
More companies are returning to the old-school, face-to-face meeting to combat cheating by candidates and more ominous digital threats
www.wsj.com
August 16, 2025 at 9:56 PM
Companies forcing five days in-office for Zoom calls while still doing remote interviews is peak unseriousness.
In an era of ChatGPT and North Korean hackers slipping through hiring processes, it shows a clueless grasp of where the real threats are.
In an era of ChatGPT and North Korean hackers slipping through hiring processes, it shows a clueless grasp of where the real threats are.
Reposted by Steve Turner
Le sigh... (at the article)
This isn't bypassing FIDO auth (it's called passkeys now btw). It's just asking the user to use a weaker method that they were allowed to use.
The solution is to randomize the password so nobody knows it, and if you can't, use auth strengths to prevent weaker methods
This isn't bypassing FIDO auth (it's called passkeys now btw). It's just asking the user to use a weaker method that they were allowed to use.
The solution is to randomize the password so nobody knows it, and if you can't, use auth strengths to prevent weaker methods
Phishlets are a thing now....
Lock down unwanted fallback auth methods!
@nathanmcnulty.com do you have any great recommendations for CAP that can mitigate these on M365?
www.bleepingcomputer.com/news/securit...
Lock down unwanted fallback auth methods!
@nathanmcnulty.com do you have any great recommendations for CAP that can mitigate these on M365?
www.bleepingcomputer.com/news/securit...
New downgrade attack can bypass FIDO auth in Microsoft Entra ID
Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and sessio...
www.bleepingcomputer.com
August 14, 2025 at 11:44 PM
Le sigh... (at the article)
This isn't bypassing FIDO auth (it's called passkeys now btw). It's just asking the user to use a weaker method that they were allowed to use.
The solution is to randomize the password so nobody knows it, and if you can't, use auth strengths to prevent weaker methods
This isn't bypassing FIDO auth (it's called passkeys now btw). It's just asking the user to use a weaker method that they were allowed to use.
The solution is to randomize the password so nobody knows it, and if you can't, use auth strengths to prevent weaker methods
Reposted by Steve Turner
I suspect the major negative fallout of vibe coding isn’t going to be taking jobs from software developers but instead an epidemic of insecure apps that get hacked with ease
July 25, 2025 at 7:25 PM
I suspect the major negative fallout of vibe coding isn’t going to be taking jobs from software developers but instead an epidemic of insecure apps that get hacked with ease
Did I go a little crazy? Yes. Am I proud of it? Absolutely!
June 4, 2025 at 12:13 AM
Did I go a little crazy? Yes. Am I proud of it? Absolutely!
I'll be at Identiverse on June 3-6th, come say hello at the Microsoft Security booth (Booth # 613)!!!
June 3, 2025 at 2:33 AM
I'll be at Identiverse on June 3-6th, come say hello at the Microsoft Security booth (Booth # 613)!!!
Reposted by Steve Turner
A piece of career advice I give people I mentor is to go where you are valued. It means it’s important to be in a role where you are respected, recognized and rewarded.
Sometimes despite tenure, it’s better to leave and accelerate your career trajectory versus staying where you’ve been written off.
Sometimes despite tenure, it’s better to leave and accelerate your career trajectory versus staying where you’ve been written off.
May 26, 2025 at 9:41 PM
A piece of career advice I give people I mentor is to go where you are valued. It means it’s important to be in a role where you are respected, recognized and rewarded.
Sometimes despite tenure, it’s better to leave and accelerate your career trajectory versus staying where you’ve been written off.
Sometimes despite tenure, it’s better to leave and accelerate your career trajectory versus staying where you’ve been written off.
Reposted by Steve Turner
Dear young gen-x/elder millennials
We should just buy back the brand rights to all the things that were good and remake them
Like Pizza Hut and Blockbuster and Think Geek and Toys R Us
We should just buy back the brand rights to all the things that were good and remake them
Like Pizza Hut and Blockbuster and Think Geek and Toys R Us
March 1, 2025 at 4:50 AM
Dear young gen-x/elder millennials
We should just buy back the brand rights to all the things that were good and remake them
Like Pizza Hut and Blockbuster and Think Geek and Toys R Us
We should just buy back the brand rights to all the things that were good and remake them
Like Pizza Hut and Blockbuster and Think Geek and Toys R Us
Reposted by Steve Turner
It still irks me that #Bluesky still doesn't have proper MFA and their version is just Email. I would really love to use my #Yubikey! Threads is using OATH TOTP at least as is my crossposting tools, but my #Mastodon is using FIDO/WebAuthn. #Infosec #Cybersecurity #Security
October 21, 2024 at 6:52 PM
Random weekend adventures make you find the most awesome things in the most unlikely of places #gottacatchemall
September 10, 2023 at 8:13 PM
Random weekend adventures make you find the most awesome things in the most unlikely of places #gottacatchemall
Want to start my time here on a paw-sitive note #doggos #pawsitive
July 25, 2023 at 7:10 PM
Want to start my time here on a paw-sitive note #doggos #pawsitive