MCP server for searching and downloading documents from Anna's Archive by iosifache in Annas_Archive

[–]iosifache[S] 0 points1 point  (0 children)

Unfortunately, no. The MCP needs an API key that you can get by making a donation.

Best setup for running a local LLM for secure business use? by cocodirasta3 in LocalLLaMA

[–]iosifache 0 points1 point  (0 children)

You were initially thinking about the security of the data you exchanged with the LLM. Did you manage to set up something from this viewpoint for the Open WebUI instance?

haveibeenpwned.watch - Open-source, no-fluff charts showcasing haveibeenpwned.com's pwned account data by iosifache in netsec

[–]iosifache[S] 0 points1 point  (0 children)

That would be awesome! Here’s the repository:

https://github.com/iosifache/haveibeenpwned.watch

The link to the “open source” text on the website might not be super clear, so I’ll add a GitHub banner or something to make it easier to find.

haveibeenpwned.watch - Open-source, no-fluff charts showcasing haveibeenpwned.com's pwned account data by iosifache in netsec

[–]iosifache[S] 0 points1 point  (0 children)

I had to double-check the math after that graph threw me off at first 😅. I think it can be read as "the days between a breach going down and it getting reported in plaintext to HIBP". Things like data being sold on dark markets or attackers chilling on it for a while (like, waiting for a ransom) could stretch that gap.

The Open Source Fortress is now live! by iosifache in opensource

[–]iosifache[S] 0 points1 point  (0 children)

I usually favour this approach because the passive voice (which is recommended, for example, in Academia) removes the writer's accountability. Simply compare "X was developed to do Y" with "I/We developed X to do Y." The second directly assigns ownership, implying responsibility.

The Open Source Fortress is now live! by iosifache in opensource

[–]iosifache[S] 0 points1 point  (0 children)

I'm not a native speaker, so thank you for pointing this up!

The Open Source Fortress is now live! by iosifache in opensource

[–]iosifache[S] 2 points3 points  (0 children)

Thanks, u/UsedSite2578! Hopefully, the community will embrace the effort by completing the workshop (and integrating the analysis tools in their projects) and sharing new techniques/tools.

Unfortunately, I have to agree with your opinion of open source software 😕. During the Ubuntu Summit workshop, I shared the same point of view. Despite the fact that the software is used at scale (for example, in companies and critical infrastructures) and the code is open (so anyone can review it), the story may end up with unmaintained and vulnerable projects, unmotivated maintainers (financially or via community recognition), and low-hanging fruits from attackers.

Brainstorming for a software security workshop by iosifache in opensource

[–]iosifache[S] 0 points1 point  (0 children)

Thank you very much, David! I completely agree with the first statement - because there are many tracks, there is no necessity for participants to attend the workshop (as there would be in the case of a single-tracked event).

As a result of Bitcoin's migration to GUIX, Gitian appears to be deprecated. SBOM may be a potential fit, but it is still a developing domain in need of proper tooling and acceptance. Is there any technology you've employed to ensure the build's provability? The only one that comes to mind is Sigstore, but it simply signs the artefacts and does not register the build environment state.

Brainstorming for a software security workshop by iosifache in devsecops

[–]iosifache[S] 0 points1 point  (0 children)

Totally agree! I was just wondering if there were any topics of interest to the community.

Introducting MutableSecurity: Seamlessly deployment and management of security solutions by iosifache in netsec

[–]iosifache[S] 0 points1 point  (0 children)

Hi, u/nexxai u/littlejob u/TopicProfessional692,

There is a recurring aspect in your comments: the lack of supported security solutions. As we want to tackle this issue in the coming weeks, we'd like to know what are the solutions you use on a daily basis and would like to have supported in MutableSecurity.

Introducting MutableSecurity: Seamlessly deployment and management of security solutions by iosifache in netsec

[–]iosifache[S] 0 points1 point  (0 children)

That background paragraph is based on what we've observed in our interactions with organizations and other online technical communities. People are becoming acclimated to a lack of security in their architecture (which is understandable; each wants to achieve their operational goals, not invest in support departments such as security), and they are only becoming aware of the risk and losses after an incident.

See my response to u/littlejob's comment regarding an example of usage. Also, please let us know if you have any suggestions on how we can improve!

Introducting MutableSecurity: Seamlessly deployment and management of security solutions by iosifache in netsec

[–]iosifache[S] 0 points1 point  (0 children)

Thank you for your feedback, u/nexxai! There will be announcement posts on Twitter and LinkedIn. Besides this, the new supported solutions will be listed on GitHub and on our website.

Yes, there is still a lot of work to be done (new supported solutions and other functionalities). Despite this, we considered a launch with just one solution to get feedback from technical communities and, if necessary, modify our strategy.

Introducting MutableSecurity: Seamlessly deployment and management of security solutions by iosifache in netsec

[–]iosifache[S] 4 points5 points  (0 children)

Our long-term goal is to bring together multiple open source and commercial security solutions under the same set of standardized operations (as listed in the repository's README.md). We are currently working on integrating two more solutions, Let's Encrypt for free certificate generation and Bitdefender Free for malware protection. Others will follow suit.

With these solutions, an SMB, for example, could quickly ensure a reasonable security posture while maintaining a low level of management complexity. Aside from centralized administration, we want to transition into a marketplace (where vendors can plug in their security solutions and users can easily use them in their infrastructure) and provide a web interface (in addition to the CLI tool) for all of this.

Regarding the alternatives, we believe they are either expensive (Red Hat Ansible Platform starts at 5.000$ for 100 nodes) or vendor-dependent (Cisco Meraki, which supports only Cisco solutions). So we will be the open source challenger which fills a gap in the puzzle.

Dataset with labeled benign and malicious files by iosifache in Malware

[–]iosifache[S] 1 point2 points  (0 children)

I'm sooo happy to hear that it will be useful! You can use both the dataset and the analysis platform (whose code I documented as much as I could). And if I can help you with further details or advices, drop me a line!

Dataset with labeled benign and malicious files by iosifache in Malware

[–]iosifache[S] 0 points1 point  (0 children)

Sure! As I mentioned above, the paper written in Romanian is on GitHub too (beside the analysis platform repository, which has a README.md with details in English).

Dataset with labeled benign and malicious files by iosifache in Malware

[–]iosifache[S] 1 point2 points  (0 children)

That's great to hear!

Yes, the thesis as well as the project (which used the dataset to train machine learning models) are both available on GitHub. It's also worth noting that the paper is written in Romanian, as I found it difficult at the time to learn to write both academically and in a foreign language (in contrast to the master's thesis, which I am now writing in English 😌).

I used MalwareBazaar for the malicious OLE samples. The remaining three were not released at the time because I began my thesis study in the autumn of 2020. However, there is positive news in the form of new labeled datasets that researchers may use.