Remember when even the rich and famous could get in trouble for inciting violence? 2015 was a great year.

Automation cannot work in a vacuum.

We (Cisco Talos Intelligence Group, Jaeson Schultz and I) found a new form of HTML smuggling that uses SVG to sneak <script> tags in the image (since SVG is XML). This is my first Talos first-author blog post. blog.talosintelligence.com/html-smugglers…

Clearly, he favors Russia. Ukrainians🇺🇦 should use either an Authenticator app or else a Security key. They're significantly more secure, so *everybody* should do this.

Merry Christmas. Here's an old #dalle of what Santa shops for.

The CEO of Box replied a facepalm emoji when he is informed that an unsolicited sales cold call email form his domain includes an “unsubscribe” link that forces the victim to provide their email address in order to unsubscribe.

The new #DnD #OGL prohibits “hateful content or conduct” despite the fact that Rangers specialize in hunting by species (including humanoids). Killing evil is a core tenet in the game even though “evil” is subjective. polygon.com/23562874/dnd-d…

50% of Customers Conclude that Smart Appliances Aren't Worth the Security Risk arstechnica.com/gadgets/2023/0…

Also the The Jerusalem Post wrote an important article about my article. Lots of disturbing images but the reality is, this is what’s circulating. In general I agree with the JP: don’t let it hide in the darkness, expose it to the light…and then crush it m.jpost.com/diaspora/antis…

You'd think Netflix has heard of a VPN.

So there's a great Thai restaurant in my neighborhood called Kiin. Yesterday, I searched for their website to order some takeout. Here's the Google result.

THREAD: How to verify images online? Social media is awash with false or misleading images, some of which get millions of engagements. So, here's a simple guide on ways you can quickly check the veracity of an image you see on your social media feeds.

Wikipedia, despite being volunteer-driven, has a solid handle on free speech. Jimmy's responses to criticisms in this thread are priceless.

Fun with #DNS: we registered a domain we shouldn't have been able to get and were inundated with automated & erroneous connections and emails (My second Cisco Talos Intelligence Group blog post!)

A Cisco Talos Intelligence Group teammate and I wrote a quick overview of the Microsoft #DirectSend issue that bypasses email authentication and anti-spoofing defenses: cs.co/6012Aflsn