Our new show opens tonight!

https://www.yourconroenews.com/neighborhood/moco/events/article/murder-mystery-clue-conroe-crighton-theatre-18429155.php

Volunteering day 2 at HOU.SEC.CON . Hosting Track 4 in ballroom salon F, now with the juice table outside our door!.

#houseccon2023 #cybersecurity #securityawareness #ethicalhackers #ics #ciso #houseccon #community #criticalinfrastructure #cyberwarriors

@houseccon

Time for some identity projection.

"Theres nothing illegal about any of this!"

I'm on stage this time in a stage play based on the iconic 1985 movie. Tickets are through Ovation (first link), with info on the production at the historic Crighton Theatre's site (link 2) and soon on the Stage-Right of Texas production company site (link 3)

https://ci.ovationtix.com/36076/production/1158156

https://www.crightontheatre.org/

https://www.stage-right.org/

#theatre #stageactor #dualcareer #clue

My takeaways here are:
1) This is an example of a campaign trying to influence people's opinions. They create accounts, pages, and groups, then build up (self-)promotion to try to get individual posts to go viral.
2) The social networks are working to remove these.
3) Luckily in this case, the group did not seem to get outside its own set of bot accounts.

#socialengineering #securityawareness #socialnetworks #disinformation

https://techcrunch.com/2023/08/29/meta-shut-down-a-disinformation-campaign-tied-to-chinese-law-enforcement/

Right after LinkedIn reported a piece on fake LinkedIn profiles, I received an invitation from a person who might have been one. The company he was offering a job for certainly was fake. See the clues here and get some history on the situation.

http://bobgalley.blog/2023/08/28/fake-offer-via-linkedin-invite/

Something I'm not seeing in a lot of these news articles about events in the news is "how does it affect me?" and "How can they use that information".

So, I explored exactly that. Is this useful? Please let me know.

http://bobgalley.blog/2023/08/24/news-duolingo-user-data-available/

Help for Non-Consent Images

After seeing several posts about a new tool for removing non-consentual intimate images, I looked into it. The charity and tool are real, and I have looked further into what it can (and can't) do to help. I also give my understanding of how hashing works, aiming for a non-technical crowd. I'd really appreciate feedback on how well that part worked, please.

http://bobgalley.blog/2023/08/11/help-for-non-consent-images/

I dissect a pair of "fake renewal" scams: an email for credit card fraud, and a web ad for phishing, credit card, or downloaded malware.

http://bobgalley.blog/2023/08/08/more-fake-renewals/

Security folks with behavior-based alerts: How do you approach the subject of vacations? Presuming you allow your employees to log in from vacation, the employee actually doing so would trigger an abnormal login.

In your company, is the onus on the security admin to call the employee and confirm, or is there some arrangement with HR or Payroll? Though to me, the latter feels like too much personal info - we DON'T need to know someone's on vacation UNLESS there is an out-of-state or out-of-country login.

Thoughts please:

As a cybersecurity professional as well as an actor I try to be careful about protecting my identity while projecting my identity.

So, the recent explosion of my acting peers using Prisma Labs' Lensa (and the free app Prisma before it) have me and others worried. Particularly the User Content (5) area of the Terms of Service, and whether that license applies to Prisma Labs using your face to profit (examples: as an AI generated extra in a movie crowd scene, or a deep fake to defeat a "who you are" MFA)

Below are links to the Terms of Use and the Privacy Agreement. (#CiteYourSources) The paragraphs before and after look like they are protecting themselves against lawsuits from photographers. The terms of use identifies your user content as part of your personal data. The privacy agreement confirms that should you request personal data removal, they will ask to confirm why but also comply. The PA also confirms all original media is wiped of Metadata (geotags, etc) before saving and the media itself removed after 24 hours.

The action of the app - asking an AI to draw a new picture based on that input - needs the consent to manipulate, etc.

Now, "perpetual" is scary, and could lead into deep fakes where Prisma Labs, Inc profits from our countenance without asking us. But to me it feels more protecting them from someone sending in a clip from say Ghostbusters and getting the AI to insert their face.

I'll copy this out now that I've written it, and crosspost to my LinkedIn and my @infosec.exchange Mastadon to see what my cybersec peers say.

https://lensa-ai.com/terms-nov-16-2022#:~:text=USER%20CONTENT,as%20between%20you%20and%20us.

https://lensa-ai.com/privacy#:~:text=If%20you%20share%20your%20Personal,inquiries%20in%20relation%20to%20Lensa.

@valorin And it's not like it was only 4-5 people, but nearly 200 votes.

@valorin @jerry @ramsey Thanks for posting this question! The responses, particularly for "both" are quite interesting to me. I'm a CISSP who is slowly carving out an infosec role for myself at my company.

But I'm also a working stage and Renaissance faire actor - I know, "protect my identity" vs "project my identity".

I'm still very much in intake mode for social media and Mastadon in particular, but being able to target "work" and "hobby" and "personal" is very encouraging.