Damus
Open in Damus
Kevin Beaumont profile picture
Kevin Beaumont
@Kevin Beaumont

Cybersecurity weather person and award winning shitposter. Shitposting is an anagram of Top Insights. You may be surprised to know I am not representing my employer here and these are not their opinions.

I have Direct Messages disabled - you can send them, but I will never receive them.

npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlwnpub
[email protected]nip05
Relays (1)
  • wss://relay.ditto.pub – read & write

Recent Notes

Kevin Beaumont · 3d
Anthropic: we can't release our vuln research as it will end the internet as we know it!!1! Me: if I release Teams Roulette I'll probably cause global chaos with people getting their knobs out in board meetings https://cyberplace.social/system/media_attachments/files/116/408/555/607/595/490/origin...
Kevin Beaumont profile picture
I vibe coded a webapp called Teams Roulette where it joins you to random Microsoft Teams meetings, using Teams linked scraped from the internet.

Debating on if I should publish this one 🤣
1
Kevin Beaumont · 3d
Lets face it, EU government meetings will be far more interesting when Captain Butt Face turns up meowing into the mic https://cyberplace.social/system/media_attachments/files/116/408/027/743/954/056/original/f7a9848ea4796407.png
Matt Palmer · 4d
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpq7lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0q4lg4vn I guess it's good to know that they have a line...
Stefan Eissing · 5d
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqp450apv3j8jmqjct3ddfklzusxyfkkyqpzxx4p33u099xjzvfwwsyh2vzh I believe, nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpq7lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0q4lg4vn needs to open a hackerone project.😌
Kevin Beaumont · 6d
I don't think anybody actually watches videos any more, so here's MWT's core point - The flagship and lead vuln in the research is a BSD vuln, it cost $20k to discover with Mythos. Anthropic only r...
 Kevin Beaumont profile picture
Kevin Beaumont @Kevin Beaumont
Anthropic set the project across open source projects and provided access and reported the vulns over. Typically, you'd expect to see NCSCs spinning up advisories to patch high impact vulns, CISA telling orgs to patch etc etc etc.

What's actually happening is... uhm... a whole heap of nothing but people copy and pasting marketing about how cybersecurity is over.

It's not though, is it?
Kevin Beaumont · 6d
Companion video https://youtu.be/fM7GIIylXqI
 Kevin Beaumont profile picture
Kevin Beaumont @Kevin Beaumont
I don't think anybody actually watches videos any more, so here's MWT's core point -

The flagship and lead vuln in the research is a BSD vuln, it cost $20k to discover with Mythos. Anthropic only reached a crash, and the vuln class in 99%+ cases never reaches RCE, just crashes.

So.. cool.. you spent $20k of VC money to find a crash as the flagship vuln. But... uhm... that isn't the end of the world.

The proof is going to be if any of the open source vulns turn out to be important. So far:

1
Kevin Beaumont · 6d
Anthropic set the project across open source projects and provided access and reported the vulns over. Typically, you'd expect to see NCSCs spinning up advisories to patch high impact vulns, CISA telling orgs to patch etc etc etc. What's actually happening is... uhm... a whole heap of nothing but...
Kevin Beaumont · 6d
I don't think anybody actually watches videos any more, so here's MWT's core point - The flagship and lead vuln in the research is a BSD vuln, it cost $20k to discover with Mythos. Anthropic only reached a crash, and the vuln class in 99%+ cases never reaches RCE, just crashes. So.. cool.. you s...