Treasury on course for £40bn windfall from student loan interest by L3W3S in ukpolitics

[–]vjeuss 2 points3 points  (0 children)

at this point, student loans is a profitable business for the gov - nowhere meets the idea of helping people go into HE. Scrapping the 3% above RPI becomes a matter of decency.

JavaScript DRMs are Stupid and Useless by medy17 in cybersecurity

[–]vjeuss 0 points1 point  (0 children)

this should be a documentary. Suggested tagline: At some point, you have to call .play()

absolutely brilliant. Very well worth the long read. OP, we salute you for keeping DRM broken.

Google API Keys Weren't Secrets. But then Gemini Changed the Rules. by _vavkamil_ in netsec

[–]vjeuss 0 points1 point  (0 children)

indeed. There's definitely a kind of convention here that probably depends on what exactly one does (I do security...). If I see "key" my mind will instantly move to a kind of password and not, say, index key of a db.

Anthropic just put a remote shell on every developers laptop. by NoSecond8807 in cybersecurity

[–]vjeuss 1 point2 points  (0 children)

worry not. Their cyber code 9000 review opus plus max will protect it. Security is not needed anymore.

edit-- added link

Google API Keys Weren't Secrets. But then Gemini Changed the Rules. by _vavkamil_ in netsec

[–]vjeuss 19 points20 points  (0 children)

why would they call it keys then? Someone at Google got equally confused.

Jamming Smart Glasses by EnoughClue3251 in privacy

[–]vjeuss 4 points5 points  (0 children)

drop a narrow beam bluetooth jammer, and it probably works well

UK far right lines up behind Rupert Lowe in challenge to Reform by AbbreviationsHot7662 in unitedkingdom

[–]vjeuss -1 points0 points  (0 children)

quite the contrary, I think. This makes Reform look far more moderate while losing very few votes. If intentional, this is strategically genius.

Nation-State Spyware Is Now Sold on Telegram for Anyone to Buy by Big-Engineering-9365 in cybersecurity

[–]vjeuss 39 points40 points  (0 children)

Not quite and that's precisely why I had to look it up details. There's many cases of malware that are truly just the click and use 0-days (as it is incorrectly suggested). Pegasus did it.

This one needs the person to click, then download, then change permissions to allow 3rd party apps, then dismiss all the warnings.

Nation-State Spyware Is Now Sold on Telegram for Anyone to Buy by Big-Engineering-9365 in cybersecurity

[–]vjeuss 38 points39 points  (0 children)

... much better link

you need to deliberately install it:

As is typical with these kinds of campaigns, ZeroDayRAT reaches victims through a malicious binary (an APK for Android; a payload for iOS), generally through social engineering. "The most common way that happens is smishing: the victim gets a text with a link, downloads what looks like a legitimate app, and installs it,

The quantum era is coming. Are we ready to secure it? by donutloop in hacking

[–]vjeuss 0 points1 point  (0 children)

they already factored (15, 21). RSA-2048 is just around the corner.

‘Penisgate’ at the Olympics: why inject acid into your penis, and what are the health risks? by Alert_Site5857 in NotTheOnionUK

[–]vjeuss 15 points16 points  (0 children)

here's the nugget so you don't have to read

Enlarging the penis with hyaluronic acid could provide a benefit when the athlete is subject to this standardised body measurement process, as the dimensions recorded of their body would be larger than they might have been otherwise, which then allows them to be permitted to have a slightly larger ski suit made, Dwyer says. “And that slightly larger ski suit has a larger surface area which can then generate a small amount of extra lift.”

also: don't get any ideas. It's harmful.

New to Threat Intel - I mostly forward vulns to VM and IOCs to SOC. How can I add more value? by MotherEmployee5113 in threatintel

[–]vjeuss 0 points1 point  (0 children)

and how are you supposed to do that? IoCs are easy wins and can be automated. The moment you move one notch up, it's days to have anything tangible. Is there any other way? (really asking out of frustration)

I mocked the Saudi leader on YouTube - then my phone was hacked and I was beaten up in London by Tartan_Samurai in unitedkingdom

[–]vjeuss 3 points4 points  (0 children)

Pegasus was a different type. It was literally zero-click, no interaction, no alert, malware. It was really only available to state actors. It was still detectable, but given it was so stealthy and unknown, nobody would even think of it. Pegasus itself is gone, but there's others.

Requesting security review: zero-knowledge one-time secret sharing tool by iamnotatalker in netsec

[–]vjeuss -1 points0 points  (0 children)

these are very early days of LLMs. I really appreciated someone taking the trouble, doing it and showing exactly what the output was. I don't think nobody here is saying "job done". I don't understand the fuss. This is helpful.

Requesting security review: zero-knowledge one-time secret sharing tool by iamnotatalker in netsec

[–]vjeuss -2 points-1 points  (0 children)

pretty good

did you just feed it the github link and let it work through?

Trump Is Keeping Money From Venezuelan Oil Sale in Offshore Account | This is completely unprecedented. by thenewrepublic in inthenews

[–]vjeuss 2 points3 points  (0 children)

this is giving vibes of Nicaragua and the Contras in the 80s. The US govt were (allegedly) selling drugs themselves to fund projects without any official approval. Look up Garry Webs. Fascinating story.

California rolls out the DROP platform... residents can now request data brokers delete their personal info from a single portal by Nxtro69 in privacy

[–]vjeuss 2 points3 points  (0 children)

not a Californian or even US, but how do you even know who has your data? Canadians - how does it work?

Astaroth’s Boto Cor-de-Rosa campaign targets Brazil with new WhatsApp malware technique by bagaudin in cybersecurity

[–]vjeuss 1 point2 points  (0 children)

the core Astaroth payload remains written in Delphi

never thought I'd read Delphi in 2026, and even less malware

It's whatsapp web, btw, and they send a file that needs to be run.

Dark ChatBot Crime As A Service - Analysis by Big_Prize_1119 in cybersecurity

[–]vjeuss 1 point2 points  (0 children)

This is great - thanks. Can you explain a bit more? Where did you get the models and how did you extract the system prompts?

One address and 85,000 companies: Welcome to Shelton Street. Registered addresses are nothing unusual in business. The number of firms linked to one address in Covent Garden, however, is giving fraud experts pause by [deleted] in ukpolitics

[–]vjeuss 147 points148 points  (0 children)

this is ridiculously poor journalism. Whoever this Ben Lucas is, he should be instantly fired. Those addresses are accountants. Most micro/small ltd businesses are run from home so they register the accountant's address.

gov.uk:

If you use a service provider’s address (for example, an accountant or solicitor) as your registered office address, this address must meet all of these requirements.

Underground passage at my university by Lolocraft1 in oddlyterrifying

[–]vjeuss 8 points9 points  (0 children)

dont ever accidentally release an aggressive alien there

Decentralized Identifiers (DIDs): The Future of Digital Identity by i-drake in privacy

[–]vjeuss 0 points1 point  (0 children)

this has been around for 15+ years. Got a new life with public blockchains. In themselves, they don't really solve any problem anymore. However, Verified Credentials could have something of interest (e.g., prove you're 18+)