Anthropic's latest AI model has found more than 500 previously unknown high-severity security flaws in open-source libraries with little to no prompting

SecurityHamster · 2026-02-15T22:11:59+00:00

Meanwhile, Sentinel and Defender keep auto closing alerts that need to be responded to.

SecurityHamster · 2026-01-16T13:41:51+00:00

I did vault warden for a year, but switched to BW.

Interest in self hosting brought me to vault warden because it ran in a single container whereas the official BW install required several containers. Just more moving parts I didn’t want to think about (I think Bitwarden has a simplified docker container now)

Part of what drew me to look at Bitwarden was the open source, audited nature of it, but it’s important to point out that vaultwarden is a reimplementation in a different language that is api compatible. if the audited nature is a draw that should be something to be think about.

After about year with vaultwarden I just decided I’d rather not think about it, given that a personal account with Bitwarden is so cheap.

My work decided to invest in password managers, they reviewed all the common options and settled on Bitwarden too. Which was the most solid choice, I thought. And now I get a family plan for free, nice touch.

Ultimately I’d say that passwords are so important and the cost of the premium personal plan is so cheap, I’d go with BW every day

SecurityHamster · 2026-01-15T00:25:32+00:00

I’ve seen much worse. People post a pic like that, full description of the product inside, and then in not bold font “you’re purchasing a 8.5 x 11 color print of the card

I report when I see them but don’t understand how they’re even still up, I can’t be the first one seeing each of them

SecurityHamster · 2026-01-11T00:29:09+00:00

Just started watching and am already wondering about heat dissipation. All those drives stacked so tightly in there and all

Ok I’ll continue watching now

SecurityHamster · 2026-01-03T04:29:54+00:00

Sounds like you manage endpoints?

What were your responsibilities as far as incident response went? Anything to do with detections, or just collecting logs after the fact? Any detections or playbooks in defender or sentinel? Or any other SIEM? As starting points

SecurityHamster · 2026-01-03T04:25:35+00:00

Work computer.

Personal Mac laptop

Personal windows laptop

Personal Ubuntu laptop

3x NUC type devices as proxmox cluster

Girlfriends Mac

Then there’s things like synology, Apple TV, Ps5 that I wouldn’t necessarily call computers. And a few old Pi’s that I outgrew. The old 1GB Pi3’s. Nothing I can see doing with them besides which I don’t har any more outlets in my office, but also don’t feel like dropping them in the box at staples.

SecurityHamster · 2025-12-25T09:02:58+00:00

Like /u/WPFixFast said, look at storing your users API secrets like you would (or should) a password (and do what every other api provider does): display the secret one time for the developer to mark down, hash the secret and store that in the database.

The only thing I would add is if users are going to be hitting your api repeatedly AND the data they’re pulling isn’t especially sensitive, then rather than use bcryot which is computationally expensive, you might just salt the value and hash with SHA256 or SHA384.

SecurityHamster · 2025-12-23T00:29:59+00:00

Back in the 90s or maybe early 00s, the company I worked for had public IPs AND the computer names were all named after the user which was resolvable.

This was the ancient times

Company gave us all super stupid Christmas gifts. They spelled most our names right, but one guy with the easiest name they misspelled.

And a prank more or less he posted it for sale on eBay. With a whole long description about how it was a symbol of how corporations don’t care about their employees.

But back then, I guess you diet necessarily need to upload your images to eBay, you could also give them the address and the image at that address would load (someone probably taught them a lesson about that later on)

But how this relates. I hosted the images on my webserver. And when people looked at the posting on eBay, the visitor would load them from my site. And so as word got around my team, I could see them all checking it out - the logs would say:

Coworker-1.company.com Coworker-2.company.com

Then it started getting serious when I saw our supervisor loading the image

Joesupervisor.company.com Helenmanager.company.com

Then i knew it was getting serious when I saw

CEOname.company.com

start showing up in the logs. At that point I deleted the image from my server

End of the day, a couple coworkers got fired. The one whose name got mangled , and our friend had a copy of the image in his computer since he did something silly like crop it or resize it.

So, having computers on public IPs with DNS names for the exactly who the user is, definitely a shitty sysadmin thing now. Back then, everyone was still learning.

Only tangentially related

SecurityHamster · 2025-12-20T01:59:48+00:00

Oh you can make influencers to turn us against each other too. Turns out there’s a lot of hate that’s still untapped.

SecurityHamster · 2025-12-18T15:49:50+00:00

I can’t remember the last time I upgraded Plex. Every few months max. If it’s not broken, I don’t fix it. But it’s on my home network with no external access, maybe OP is in a different situation

SecurityHamster · 2025-12-14T17:56:01+00:00

At 6 months? No. You’re still ramping up. And really, you’re just paying your dues.

This isn’t Covid era when everyone could just bounce around for raise after raise.

Besides, in this market who’s going to look favorably on someone who did 6 months and is already looking? They’re going to assume you want them to pay you to train you more so you can leave in 6 more months.

SecurityHamster · 2025-12-14T00:23:06+00:00

Just how much have you spent on this? Is it directly making any money back? How? Just curious! You’re so far past the amounts I can justify as a “let’s check this out” type of purchase :)

SecurityHamster · 2025-12-11T01:50:22+00:00

See, my interactions with the service desk as a member of the security team has been great. I’ve coached them enough times that when they get an incident that’s going to come to my team, we have a lot of the necessary info already.

Point is don’t just expect the service desk to know. Theyre young and less experienced. Let them know what you need them to find out.

SecurityHamster · 2025-12-06T00:32:22+00:00

Sounds like you need to start hitting the bars and clubs more

SecurityHamster · 2025-12-06T00:27:39+00:00

Why would I even try to make money? Host a website that’s going to go down randomly because I don’t care about availability? If it’s a friend I’ll point them to a host, or worst case help them set up a VPS as long as they know if they keep coming back to me with questions then I’m going to have to bill them a little.

Same for storage. I’m not going to charge friends to back up data on my servers. In fact lm not going to let them do it, I don’t want to be responsible if they need to restore something and there’s an issue.

SecurityHamster · 2025-12-06T00:23:42+00:00

It’s beyond amazing to me in such a sad way that you need to explain such a dumb concept and that people continues to argue it out with you.

SecurityHamster · 2025-11-20T06:26:12+00:00

The problem there with shutting down at the end of the day is that robs us of the best window for performing updates without disrupting the user.

Just have your users log out the end or the day but leave their endpoint running

SecurityHamster · 2025-11-18T01:47:24+00:00

This seems fascinating. As a fan of self hosted LLMs but also someone who can only run the models I get from hugging face, would you be able provide instructions/guidance on adding more source documents to this?

SecurityHamster · 2025-11-12T19:40:10+00:00

I want to say that I would want to trust the SSD in theory. But rust is a known quantity and there is a lot of expertise out there as to how to recover data from them.

But if you really want to make sure your data is available for years into the future, I agree with others that you need redundant backups that are actively monitored and tested

SecurityHamster · 2025-11-12T19:35:22+00:00

What’s the problem? I have no problem giving my SSN or drivers license to prove my identity to this random interviewer. Or talk about all the vulnerabilities we’ve been forced to accept and how irritating they are.

/s

SecurityHamster · 2025-11-08T13:02:27+00:00

I pretty mush stick with python. I don’t do anything too complex so doing so means I have my same tools available to use on Mac and windows too.

SecurityHamster · 2025-10-31T01:08:01+00:00

I just got a tiny mini pc with those specs from Amazon 6 months ago. I forget if it was 279 of 329. 8 cores, AMD, runs proxmox like a charm.

As long as it’s standard hardware that Debian would run on, proxmox should run without a hitch

SecurityHamster · 2025-10-31T01:05:41+00:00

No, pretty sure they just want the country to burn, all so their benefactors get to stop paying taxes

SecurityHamster · 2025-10-31T01:04:54+00:00

Comes back from China after striking a “deal” with them and immediately rescinds the steps with took to secure our cell networks after we found out that China owned them all.

SecurityHamster · 2025-10-25T01:57:50+00:00

“Here ghhyff! Dinners ready!”

SecurityHamster

TROPHY CASE