Hacker News with Generative AI: Information Security

Ex-NSA chief warns AI devs: Don't repeat infosec's early-day screwups (theregister.com)
AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after the fact, according to former NSA boss Mike Rogers.
OCC Notifies Congress of Incident Involving Email System (occ.gov)
WASHINGTON—The Office of the Comptroller of the Currency (OCC) today notified Congress of a major information security incident, as required by the Federal Information Security Modernization Act.
SciOp torrents: download, seed erased US Gov sites and datasets (sciop.net)
A project emerging from a loose collaboration within Safeguarding Research and Culture
Security Teams Fail (lcamtuf.substack.com)
I spent 25 years working in information security. I published research, authored books, and led large security teams for publicly-traded companies. That said, when I kicked off this Substack in 2022, I wanted to try something different — so with few exceptions, I shied away from infosec punditry.
Agencies with investigations into Musk's companies with staffing cuts (infosec.exchange)
Deep Fake Detector Extension by Mozilla Firefox (mozilla.org)
The Fakespot Deepfake Detector extension will help you sort out text written by humans from text that has been created using AI tools.
Brian Krebs with some background on the story about Edward Coristine (infosec.exchange)
Investigating an “evil” RJ45 dongle (lcamtuf.substack.com)
When it comes to information security headlines, a good rule of thumb is that claims about about widespread supply-chain sabotage are usually false.
Help me find a blogpost I saw here once (ycombinator.com)
Within the past 2 years. It was specifically about correlating information obtained from dumps of breached websites to identify users and take advantage of password reuse to hack accounts.
Deception for Information Security Blog (bluepillsecurity.com)
Definitions of important terms in deception-for-security
CMMC 2.0: A Well-Intentioned Misstep in Cybersecurity (nationaldefensemagazine.org)
5 Years of InfoSec Focused Homelabbing (archcloudlabs.com)
The Cryptographic Doom Principle (2011) (moxie.org)
Mastering Osint: How to Find Information on Anyone (osintteam.blog)
Simple ways to find exposed sensitive information (trickster.dev)
Information Security: "We Can Do It, We Just Choose Not To" (hezmatt.org)
Scooping the Loop Snooper (2000) (ed.ac.uk)
How to avoid accidentally sharing proprietary information of a former employer? (stackexchange.com)