On the one hand, this is a fascinating read about good old fashioned investigative work. On the other hand, it is a dire illustration of the #privacy implications of our digital exhaust, and the vast troves of data about us that is already out there and that we generate each day.
https://www.wired.com/story/find-my-iphone-arson-case/
Nishant Kaushik
Identity, Security & Privacy Maven | Solver of Problems | Mentalic, First Class | Family Man | CTO at Uniken.com | Recommended by 4 out of 5 Identirati
JPMorganChase CISO Patrick Opet’s open letter at #RSAC2025 called out the security debt in SaaS + cloud. The message: we’re trading foundational security for speed, and it’s catching up to us.
My take: It's not a standards problem. It’s a will problem.
#identity #Infosec #SaaS #ZeroTrust #Security
https://blog.talkingidentity.com/2025/05/the-innovation-we-need-is-strategic-not-technical.html
This feels like the first (of probably many) truly meaningful AI-powered solutions I've seen. Importantly, the article highlights something inclusion advocates say all the time: great ideas emerge when you make sure you have a diverse team. #AI #Inclusion #Accessibility #ForAllByAll
https://www.wired.com/story/silence-speaks-deaf-ai-signing/
@thorsheim There are definitely signs of adoption, and success stories at scale. They’re just too few and far between. But there could be a snowball effect if folks pay attention.
My #RSAC2025 headline: #AI is everywhere, but trust & control haven’t caught up.
- Agent memory is a new attack surface.
- #Identity is fragmenting.
- #Security budgets aren't ready for AI costs.
We’re not securing users anymore - we’re securing decisions.
Check out my full thoughts below.
https://blog.talkingidentity.com/2025/05/rsac-2025-ai-is-everywhere-trust-not-so-much.html
As RSA Conference kicks off, it’s cool to see #identity management get highlighted in this CSO Online article as a topic that will “dominate” the agenda, as well as a callout that the #passwordless (re)evolution is finally here. Attendees should definitely check out the talks in the Identity track because there’s a little bit of everything in there: from best practices, technical solutions, and top concerns for those tackling today’s problems, to interesting developments that could shape tomorrow’s digital experiences.
#IAM #RSAC2025
https://www.csoonline.com/article/3965415/10-key-questions-security-leaders-must-ask-at-rsa-2025.html
@wendynather The ambiguity of this message is …
Nishant Kaushik boosted:
I think that @theverge is underselling it - the gold here isn’t the chrome browser, it’s chrome’s automatic background update system. It’s root on billions of machines.
https://www.theverge.com/chrome/656613/google-chrome-buyers-openai-yahoo-perplexity
Default password strikes again!
https://www.theregister.com/2025/04/19/us_crosswalk_button_hacking/
I have it on reasonable authority from folks I know that this is indeed how things work, autistic or not.
“Self-employed” autistic woman actually works for cat https://thedailytism.com/self-employed-autistic-woman-actually-works-for-cat/
And they didn't even have to use AI to do this!
Seriously though, the ability to discern authentic from fraud is going to hit everyone, no matter where they are on the digital literacy scale. #Fraud
https://the420.in/monk-duped-digital-arrest-scam-gwalior-2-5-crore/?mid=1#cid=2779736
Chatbots powered by AI are being groomed through disinfo ops that do LLM poisoning attacks at scale. How #AI systems get gamed or manipulated is critical to understand as more #identity and #security ops begin to rely on them.
https://www.washingtonpost.com/technology/2025/04/17/llm-poisoning-grooming-chatbots-russia/
We have a new term for a software supply chain vulnerability: slopsquatting.
Theat actors observe that LLM-generated code frequently tries to incorporate code from online software packages that don’t exist. So they set up malware under that name, infecting the generated code. #Security #AI
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
As I’ve tried to understand MCP, I am struck by something, and I am wondering if I’m somehow not finding crucial literature (or it's not prominently featured enough). The majority of what I read talks about orgs standing up a local MCP server in front of their various services. What I am barely seeing is guidance on how those MCP servers should be designed/deployed to securely protect the access credentials (API Keys, SSH Keys, or long-lived tokens) the MCP server will need to accomplish this. Am I missing something, or are we speedrunning towards a new #security nightmare?
#NHI #API #Honeypots
(On a related note, I highly encourage everyone to read Aaron Parecki's post about OAuth and MCP: https://aaronparecki.com/2025/04/03/15/oauth-for-model-context-protocol)
Default passwords (in this case voicemail PIN) strike again! There are many #AuthN systems around that support sending OTPs by a phone call as an alternative/fallback to SMS (and is an accessibility requirement). Unfortunately, they can't account for this attack vector.
(Oh, and use Signal, not Telegram)
#Identity #Security
https://gbhackers.com/hackers-hijack-telegram-accounts/
@sphcow Fitting, since I always look up to you. 😛
The insatiable hunger to feed #LLMs and #AI is parasitically draining the commons and public internet. Bandwidth costs are spiking as crawlers take data for training and information. For Wikipedia, the lack of attribution means no visitors, no donors, just cost. The #ethics of AI are failing here.
I saw Tim Karr on bluesky suggest that AIs should pay fees or a tax (should that be tariffs?) into a fund that supports public content. Services like Cloudflare and Fastly that defend against bots are evolving for crawlers. In #identity, the implications for #AgenticAI, #AI, and #NHI are vast.
https://diff.wikimedia.org/2025/04/01/how-crawlers-impact-the-operations-of-the-wikimedia-projects/
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst