g7 | Reading

Стресс от отдыха — болезнь трудоголиков и опасный симптом эпохи достигаторства

«Стресслаксация» — это термин, обозначающий тревогу, вызванную расслаблением (relaxation-induced anxiety, или RIA), и это явление изучается уже много лет. Данный термин попал даже в Urban Dictionary с такой формулировкой: «Быть настолько напряженным, что расслабление вызывает еще больший стресс от того, что вы не занимаетесь тем, что вызывает у вас стресс». Согласно журналу Journal of Consulting and Clinical Psychology, примерно 30-50% людей испытывают чувство тревоги, когда пытаются заняться расслабляющими вещами. Это, в свою очередь, создает еще больше стресса, так как попытки избавиться от него не срабатывают. И этот парадоксальный цикл может продолжаться бесконечно.

RIA — это болезненная неспособность расслабиться во время обычно расслабляющих занятий (например, медитации, общения с друзьями или просмотра телевизора), что в конечном итоге приводит к усилению тревоги и нервного возбуждения. Для людей, испытывающих RIA, физические и психологические индикаторы расслабления (например, снижение сердечного ритма и напряжения мышц) противоречиво вызывают еще большее чувство тревоги.

Чтобы понять причину такого странного явления, сначала необходимо разобраться в отношении к достижениям. Зачем мы хотим чего-то достигать и что нас мотивирует? Эксперты утверждают, что большинством людей движут следующие мотиваторы:
* Они хотят что-то изменить и создать что-то значимое, чтобы помочь другим.
* Они хотят получить похвалу и признание за успешно выполненную работу и/или за что-то крутое, что они создали.
* Их миссия — сделать мир лучше.
* Они хотят испытать радость от достижения.

Любая комбинация вышеперечисленных факторов может заставить нас потенциально уменьшить важность расслабления. Мы будем бояться «быть неэффективными» в течение времени, предназначенного для восстановления.

Кроме того, сейчас важно быть готовыми к стрессу. Когда мы отрицаем, что испытываем стресс и сопротивляемся этим чувствам, мы сами учим наше тело оставаться в таком режиме. Это приводит к увеличению сердечного ритма, перевозбуждении в нашем теле и мозге, а также к избыточному выделению адреналина. Подобные реакции на физическом уровне приводят к тому, что мы уже не представляем, как можно отвлечься и расслабиться.

https://habr.com/ru/articles/770396/

Tags:

malwarebyets_feed

https://www.malwarebytes.com/blog/news/2025/09/a-week-in-security-september-15-september-21

Last week on Malwarebytes Labs:

Stay safe!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://www.malwarebytes.com/blog/news/2025/09/a-week-in-security-september-15-september-21

aka_human

Gandhi окончательно оскотинился. Причём сам же признался, что выступления Кирка не слышал, как он выразился "в сортах говна не разбираюсь". У него оценка по единственному критерию - помогаешь Украине или нет, а если нет, то тебя вполне желательно убить. Почему-то он не выдвигает таких претензий к индусам и китайцам, которым на Украину плевать.
Наверное не замечает каким белопольтовым идиотом выглядит со стороны. И все его больные TDS комментаторы такие же.

juan_gandhi, 2025-09-18:

Ну я радуюсь. Можно показывать пальцем. Теоретически я не одобряю убийств, и сам никого не убью, если на меня не напали - но считаю необходимым порадоваться убийству Чарли Кирка, хотя бы чисто из принципа свободы воли.

juan_gandhi, 2025-09-18:

В данном случае убил не оппонент, а, кажется, скорее практически попутчик.

stas

Для нашего же блага

1. Resolution honoring Charlie Kirk, condemning political violence passes House—58 Dems vote 'no,' 38 vote 'present'
Не следует говорить, что все демократы - бесноватые. Только где-то половина. Остальная половина вполне норм быть в одной партии с бесноватыми.

2. California faces a self-created oil and gas crisis
Как и положено при построении социализма.

3. Minneapolis’ Mayor is now making commercials in Somalian

4. Michigan GOP Bill Proposes Adult Content Ban, VPN Ban, and Restrictions on Transgender Depictions
У них там в Мичигане что-то не то с водой, точно...

5. Meta CEO Mark Zuckerberg has now admitted publicly that moderators at Facebook and Instagram faced vast pressure from the federal government to take down contrarian COVID-19 content, election-related content—including jokes and satire—as well as the New York Post's Hunter Biden laptop story.
Если кто-то из "защитников свободы слова" слева подзабыл немного.

Бесы

6. Antifa smashing doors and windows at UC Davis entrance where Charlie Kirk is speaking
They didn't just "became" violent, they have been violent for years. This time their violence found its target. But it started a long time ago.

7. Powerful public figures spread false info about Charlie Kirk assassination, beliefs, invent quotes

8. Complete text exchange between Tyler Robinson and Lance Twiggs after Charlie Kirk killing

9. ABC News reporter swoons over romance between Charlie Kirk assassin and trans roommate: 'very touching'
That's the same guy who intimidated witnesses in Trayvon Martin case when they didn't support his narrative:

10.
11. First Man Arrested in Charlie Kirk's Murder Hit With Child Porn Charges

12. CBS News: We May Never Know Motives in Kirk and Annunciation Shootings

13. Elliot Forhan, Democrat candidate for Ohio Attorney General, responded to Charlie Kirk’s assassination with “Fuck Charlie Kirk.”
You can imagine how he would perform his duties if elected.

14. Armed Queers group trains radical Marxists to shoot just miles from where Charlie Kirk was murdered

15. Professors Targeted by Charlie Kirk's 'Watch List' Relieved That He's Dead

16. How the Left Programmed Young People to Hate

17. Higher ed has normalized political violence
От храма знаний до индоктринационно-тренировочного лагеря террористов - траектория падения американской академии. Нет повести печальнее на свете.

18. UMich professor mocks Kirk’s death as ‘prudent’ and ‘rational’

19. Can teachers be fired for celebrating murder?
Should be. You can't be allowed to teach children if you think murdering people for saying what you don't like is fine. Go work at sewage treatment plant, nobody would care.

20. Very Liberal People 8x More Likely to Support Political Violence Than Very Conservative
We are not the same.

21. This perfectly sums up how Candace Owens and her grifter network operate
Big disappointment, she's full dark side now.

22. State Department & UN ties to Armed Queers SLC leader now confirmed
This is literally state-sponsored terrorist organization.

23. The 2025 May Day trip of SLC Armed Queers to Cuba: "Well, if we're terrorists, we're proud to be terrorists"

24. The Antifa subreddit on Reddit has made a post saying why Charlie Kirk and those like him deserve to be killed. To smear him, they reference a Media Matters hit piece and tell their comrades to arm themselves with weapons. The post echoes the Antifa belief that if you speak with a "Nazi," you are also one and should be subject to death.
They aren't going to stop.

25. Ken White wants you dead.
ТДС беспощаден.

26. Antifa is backed by a massive nonprofit network who bail them out of jail after they commit domestic terrorism, with a number connected to George Soros groups.

27. On the day of his funeral, Jasmine Crockett goes on CNN to smear Charlie Kirk.
Crockett: I shouldn't be expected to condemn the death of someone "talking negatively about me."
How more clear can you be? If you disagree with the Democrats, they want you dead. Maybe they won't kill you personally, but they'd be happy if someone they propagandized and enabled did.

Dozens of swastikas

28. Man who attacked Jews in NYC becomes cause célèbre for anti-Israel activists

29. The “it’s the Jews who did it!” folks didn’t waste any time
Говно привычно воняет.

30. Attack on New Hampshire Country Club, Shooter Reportedly Shouted 'Free Palestine'
Левые террористические атаки становятся всё чаще. Так всегда происходит, когда они чувствуют, что их власти что-то угрожает.

Нас бережёт

31. Biden DOJ's Operation Arctic Frost targeted TPUSA for 'political investigation': Sen Chuck Grassley
Plan A didn't work, they moved on to plan B.

32. The leftist who SHOT UP a local ABC station over their suspension of Jimmy Kimmel has just been RELEASED on bail
The Leftist violence is supported and enabled by partisan judges and DAs. They wouldn't feel to bold if they didn't know the party has their backs.

33. It's now confirmed. The suspect being charged with firing shots at an ABC affiliate office is a gun control supporter.
Of course. He will have the firearms and the backing of the Democrats in power, but you should not have it.

34. NYC judge releases 'Burberry Bandit' charged with robbing 5 banks despite rap sheet with 34 priors

Trans-Qaeda

35. The man who attempted to kill Supreme Court Justice Brett Kavanaugh identifies as a transgender woman and was deeply mentally ill and suicidal
How many is finally enough?

COVID-1984

36. Here’s Tim Walz deploying the National Guard to prevent families from leaving their homes during the COVID lockdowns.
It's only fascism when it's used against criminals. When it's used against citizens to put them under house arrest for no crime at all, then it's fine.

Culture war

37. Every Democrat that opens their mouth and says a single thing about free speech needs to watch a video montage of themselves being complete and total hypocrites.
Они всегда врут. Особенно врут, когда они говорят о каких-либо свободах. Просто всегда.

38. In 2023, it was revealed that Adam Schiff leveraged the power of his office in an attempt to kick journalist Paul Sperry off Twitter.

39. Did PayPal cancel Jimmy Kimmel’s personal account?
Бесстыдство, с которым те самые люди, которые вот ещё совсем недавно, меньше года назад, публично рассказывали нам, что "первая поправка не абсолютна", "надо бороться с дезинформацией", "мы не позволим под видом свободы слова подрывать нашу демократию", "гласность это не вседозволенность" и всё такоэ - теперь орут о том, что режим Трампа покусился на священные свободы и они грудью станут на защиту... Нет, уже не удивляет, конечно, просто неприятно впечатляет, до какой всё-таки степени мерзости можно дойти.

40. CTO of Microsoft Azure: "USA is Fascist Regime"
That's not some random janitor. That's a very high position. People using Azure should give it a lot of thought. You know what these people do to those they consider "fascists".

41. Note: there's not one prominent Leftist anywhere in the West doing what Charlie Kirk did, i.e. issuing an open debate challenge to all comers and saying "Here's my view, I invite you to try and prove me wrong".
Is this true? Does anybody know any leftist like that?

42. The official black lives matter account has posted a video stating that black people “have a right to violence” amid mass outrage over the slaying of Iryna Zarutska at the hands of a black male in Charlotte, North Carolina.

Civility and decency

43. Rutgers: 55% of Americans on the Left believe assassinating Trump would be “at least somewhat justified”
That's what they see as "civility" - when they are "somewhat" OK with murdering you for disagreeing with them.

Лучшие люди города

44. Julian Assange went to the dark side too, now propagandizes for Hamas.

45. Greta Thunberg was quietly removed from the Global Sumud Flotilla’s leadership
Выгнали из борделя за блядство, ага. Представляете, каким говном надо быть, чтобы говнофлотилия тебя выгнала? Грета может.

Беспристрастная пресса

46. Anchor leaves Illinois ABC affiliate after suspension for airing segment in honor of her mentor Charlie Kirk
No mourning for deplorables is allowed on ABC. Not a freedom of speech issue, because deplorables don't deserve that, it's in the constitution somewhere, I'm sure.

47. Leftist Nation mag lies about Soros-funding after JD Vance blasts them for false claims about Charlie Kirk
Нет, Сорос нас не финансирует. У нас есть фонд, который мы контролируем и используем, и вот его Сорос финансирует, но это же совсем другое дело! Как можно нас так оклеветать!

Международная панорама

48. Певец и автор песен Идан Райхель рассказал в интервью, что ребёнок, которого он помог спасти, спустя 17 лет стал террористом-смертником в секторе Газы.

49. Two police officers visit a family home to seize a child's phone for *viewing a social media post*.
Britain is a shithole now.

50. Yair Golan, Leader of Israel’s Opposition Democratic Party, Calls for Global Social Media Restrictions
Леваки всегда и везде за цензуру.

51. US Condemns Prosecution of Finnish Lawmaker Over Bible Verse Tweet

Технология

52. Mercedes: Oops, Our Bad—We're Bringing Buttons Back
Not smart enough to not do the mistake, but at least smart enough to recognize one.

Наука

53. Replication of Quantum Factorisation Records with an 8-bit Home Computer, an Abacus, and a Dog

Старомыслы не нутрят ангсоц

54. Netflix casts Alexander Abdallah to play the King of Sweden Gustav III in their new historical series.
Непорядок - Абдалла не чёрный! И даже не транс, кажется.

55. Mazie Hirono Is Suddenly Concerned About the Differences Between Men and Women.
Of course. There's no difference, or there's a huge difference, depending on what the Party needs.

История

56. For our "freedom of speech" friends on the left: Democratic National Committee Demands Facebook Permanently Ban Trump

Обыкновенный рашизм

57. Russia Sends Three Fighters Into NATO Airspace Setting the Stage for a Larger Confrontation
Россия явно разминается на вторжение в Балтию - и, возможно, Польшу. И европейцы с этим ни хрена не делают - очевидно, заняты своей исторической виной перед мусульманами.

Tags:

chasovschik

Последние несколько громких убийств с политической окраской привели к очередному раунду споров о том, кто больше склонен к политическому насилию. В частности, слева популярны построения ADL, согласно которым политическое насилие - на 80% дело рук правых. Или исследование от Cato Institute. Мне эти построения крайне сомнительны, так что захотелось посчитать самому.

Попросил Perplexity сделать список убийств и покушений на убийство, где была бы политическая мотивация. Только в США, за последние 25 лет. На самом деле надо бы, конечно, за последние 75. Perplexity, впрочем, и за 25 не справился даже близко. То есть вообще совсем. Список оказался очень коротким. Там были Гиффордс, Хортон, Кирк, Пелоси, два раза Трамп и три массовых расстрела - церковь в Чарльстоне, Уолмарт в Эль Пасо и синагога в Питтсбурге. Трансы в школах, разные фрипалестинцы (сегодня, кстати, еще один фрипалестинец отстрелялся в каком-то кантри-клубе, один убитый) и прочие подобные события в поле зрения Perplexity не попали. Это уж не говоря про погромы им.Флойда, где погибло тридцать пять, что ли, человек, или деятельность Антифы - нету их.

Грок выдал гораздо более длинный список, но трансов в школах тоже не вспомнил. Или, скажем, крайне правый заговор на предмет похитить Уитмер там есть, а заговор анархистов времен Occupy Wall Street на предмет взорвать мост с траффиком - отсутствует. (Я это дело вспомнил, потому что оба заговора были явно организованы ФБР). Или стрельба антиваксера (назначенного крайне правым) в CDC есть, а Манджоне нет. Шестое января есть, BLM нет. Ну и так далее.

Понравилось описание политических убеждений типа с молотком, напавшего на Пелоси: "Mixed far-right/far-left conspiracism". Тип с голосами в голове, убивавший демократов в Миннесоте, без затей отнесен к крайне правым.

Все это, понятно, по имеющимся материалам прессы, где десятилетиями врут как не в себя.

Говоря короче, вся статистика на этот счет носит крайне предвзятый характер и никакого доверия не заслуживает. Считать, если приперло, надо самому, причем понадобится много времени, и AI тут помощник хреновый.

Tags:

us politics

mikerrr

В Канаде пенсионеры Мarge и Боб Уилсон обнаружили, что их старый пылесос из 80-х издает мелодичные звуки, если менять насадки и регулировать мощность. Они записали видео, где "сыграли" на пылесосе популярную мелодию, и выложили его в соцсети. Ролик стал вирусным в узких кругах, но не попал в крупные СМИ. Теперь супруги устраивают "концерты" для соседей, используя пылесос как музыкальный инструмент.

Одни считают это забавным и креативным подходом к старой технике, другие уверены, что это просто шум, недостойный называться музыкой. История заставляет улыбнуться и переосмыслить, как повседневные предметы могут обрести новую жизнь. Она также вызывает споры о том, что считать творчеством, и вдохновляет искать радость в мелочах.

Tags:

интересное

chasovschik

Трамп пытается выполнить еще одно предвыборное обещание, убив H1B. Сейчас начнутся многочисленные иски, утверждающие, что президент и на это права не имеет, очередной федеральный судья вынесет очередной TRO и так далее; это все понятно. Интересно мне тут вот что: что думает на этот счет широкая американская публика. Не дискурсмонгеры-трампофобы, я имею в виду, не иммигрантские группы, не индийская общественность (из которой обладатели H1B состоят более чем на 70%) и не менеджмент IT-корпораций, а именно американский избиратель.

Основной, главный и единственный аргумент в пользу массового импорта беловоротничковых пролетариев - "своих не хватает". Не готовят американские вузы таких специалистов в нужном количестве. Поэтому запрет импорта приведет к развалу, краху, потере конкурентоспособности и дальнейшему скрежету зубовному во тьме. Потому что подготовить специалистов в нужном количестве университеты так никогда и не смогут. Или пока смогут, поезд уйдет. Стало быть, трогать ничего нельзя, пусть все идет как идет. IT пусть индийцы занимаются, а университеты пусть продолжают готовить кого-нибудь другого, более нужного.

Как этот аргумент воспринимается американским электоратом? Придется сейчас демократам вляпаться в очередной вопрос типа "80/20", опять защищая кого попало вместо своих избирателей, или в данном случае соотношение для них более перспективно? С другой стороны, поддержка IT-баронов сыграла очень важную роль в победе Трампа, не побегут ли они сейчас обратно к демократам? Администрация утверждает, что с ними договорились.

Lutnick said on Friday that "all the big companies are on board" with $100,000 a year for H-1B visas.
"We've spoken to them," he said.

Поллов вроде пока нет, так что все просто трындят кто во что горазд в соответствии с источниками финансирования и прочими внутренними убеждениями. Как мягко формулирует Perplexity, "сurrently, news reports provide insightful but qualitative impressions rather than poll numbers." Это не значит, разумеется, что у администрации нет своих цифр на этот счет. Любопытно, в общем, что из этого выйдет.

Tags:

bruce_schneier_feed

Posted by Bruce Schneier

https://www.schneier.com/blog/archives/2025/09/friday-squid-blogging-giant-squid-vs-blue-whale.html

https://www.schneier.com/?p=70848

A comparison aimed at kids.

https://www.schneier.com/blog/archives/2025/09/friday-squid-blogging-giant-squid-vs-blue-whale.html

https://www.schneier.com/?p=70848

mikerrr

Tags:

разное

malwarebyets_feed

https://www.malwarebytes.com/blog/news/2025/09/chatgpt-deep-research-zero-click-vulnerability-fixed-by-openai

OpenAI has moved quickly to patch a vulnerability known as “ShadowLeak” before anyone detected real-world abuse. Revealed by researchers yesterday, ShadowLeak was an issue in OpenAI’s Deep Research project that attackers could exploit by simply sending an email to the target.

Deep Research was launched in ChatGPT in early 2025 to enable users to delegate time-intensive, multi-step research tasks to an autonomous agent operating as an agentic AI (Artificial Intelligence). Agentic AI is a term that refers to AI systems that can act autonomously to achieve objectives by planning, deciding, and executing tasks with minimal human intervention. Deep Research users can primarily be found in finance, science, policy, engineering, and similar fields.

Users are able to select a “deep research” mode, input a query—optionally providing the agent with files and spreadsheets—and receive a detailed report after the agent browses, analyzes, and processes information from dozens of sources.

The researchers found a zero-click vulnerability in the Deep Research agent, that worked when the agent was connected to Gmail and browsing. By sending the target a specially crafted email, the agent leaked sensitive inbox information to the attacker, without the target needing to do anything and without any visible signs.

The attack relies on prompt injection, which is a well-known weak spot for AI agents. The poisoned prompts can be hidden in email by using tricks like tiny fonts, white-on-white text, and layout tricks. The target will not see them, but the agent still reads and obeys them.

And the data leak is impossible to pick up by internal defenses, since the leak occurs server-side, directly from OpenAI’s cloud infrastructure.

The researchers say it wasn’t easy to craft an effective email due to existing protection (guardrails) which recognized straight-out and obvious attempts to send information to an external address. For example, when the researchers tried to get the agent to interact with a malicious URL, it didn’t just refuse. It flagged the URL as suspicious and attempted to search for it online instead of opening it.

The key to success was to get the agent to encode the extracted PII with a simple method (base64) before appending it to the URL.

“This worked because the encoding was performed by the model before the request was passed on to the execution layer. In other words, it was relatively easy to convince the model to perform the encoding, and by the time the lower layer received the request, it only saw a harmless encoded string rather than raw PII.”

In the example, the researchers used Gmail as a connector, but there are many other sources that present structured text which can be used as a potential prompt injection vector.

Safe use of agentic agents

While it’s always tempting to use the latest technology, this comes with a certain amount of risk. To limit those risks when using agentic agents you should:

Be cautious with permissions: Only grant access to sensitive information or system controls when absolutely necessary. Review what data or accounts the agentic browser can access and limit permissions where possible.
Verify sources before trusting links or commands: Avoid letting the browser automatically interact with unfamiliar websites or content. Check URLs carefully and be wary of sudden redirects, additional parameters, or unexpected input requests.
Keep software updated: Ensure the agentic browser and related AI tools are always running the latest versions to benefit from security patches and improvements against prompt injection exploits.
Use strong authentication and monitoring: Protect accounts connected to agentic browsers with multi-factor authentication and review activity logs regularly to spot unusual behavior early.
Educate yourself about prompt injection risks: Stay informed on the latest threats and best practices for safe AI interactions. Being aware is the first step to preventing exploitation.
Limit sensitive operations automation: Avoid fully automating high-stakes transactions or actions without manual review. Agentic agents should assist, but critical decisions deserve human oversight.
Report suspicious behavior: If an agentic agent acts unpredictably or asks for strange permissions, report it to the developers or security teams immediately for investigation.

We don’t just report on data privacy—we help you remove your personal information

Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.

https://www.malwarebytes.com/blog/news/2025/09/chatgpt-deep-research-zero-click-vulnerability-fixed-by-openai

bruce_schneier_feed

Posted by Bruce Schneier

https://www.schneier.com/blog/archives/2025/09/surveying-the-global-spyware-market.html

https://www.schneier.com/?p=70837

The Atlantic Council has published its second annual report: “Mythical Beasts: Diving into the depths of the global spyware market.”

Too much good detail to summarize, but here are two items:

First, the authors found that the number of US-based investors in spyware has notably increased in the past year, when compared with the sample size of the spyware market captured in the first Mythical Beasts project. In the first edition, the United States was the second-largest investor in the spyware market, following Israel. In that edition, twelve investors were observed to be domiciled within the United States—whereas in this second edition, twenty new US-based investors were observed investing in the spyware industry in 2024. This indicates a significant increase of US-based investments in spyware in 2024, catapulting the United States to being the largest investor in this sample of the spyware market. This is significant in scale, as US-based investment from 2023 to 2024 largely outpaced that of other major investing countries observed in the first dataset, including Italy, Israel, and the United Kingdom. It is also significant in the disparity it points to the visible enforcement gap between the flow of US dollars and US policy initiatives. Despite numerous US policy actions, such as the addition of spyware vendors on the Entity List, and the broader global leadership role that the United States has played through imposing sanctions and diplomatic engagement, US investments continue to fund the very entities that US policymakers are making an effort to combat.

Second, the authors elaborated on the central role that resellers and brokers play in the spyware market, while being a notably under-researched set of actors. These entities act as intermediaries, obscuring the connections between vendors, suppliers, and buyers. Oftentimes, intermediaries connect vendors to new regional markets. Their presence in the dataset is almost assuredly underrepresented given the opaque nature of brokers and resellers, making corporate structures and jurisdictional arbitrage more complex and challenging to disentangle. While their uptick in the second edition of the Mythical Beasts project may be the result of a wider, more extensive data-collection effort, there is less reporting on resellers and brokers, and these entities are not systematically understood. As observed in the first report, the activities of these suppliers and brokers represent a critical information gap for advocates of a more effective policy rooted in national security and human rights. These discoveries help bring into sharper focus the state of the spyware market and the wider cyber-proliferation space, and reaffirm the need to research and surface these actors that otherwise undermine the transparency and accountability efforts by state and non-state actors as they relate to the spyware market.

Really good work. Read the whole thing.

https://www.schneier.com/blog/archives/2025/09/surveying-the-global-spyware-market.html

https://www.schneier.com/?p=70837

mikerrr

Назовите мне причину по которой вы не верите во всех других богов, и я вам назову причину по которой я не верю в вашего бога.

(с) Рики Джервейс

Tags:

brumka

Тут у avva пролетала цитата какого-то подкастера про 10% текста, которые читают и 90% воды. Я попробую развить эту тему, но применив её к опыту общения с сотнями IT компаний - мне приходится часто участвовать в процессе продаж (как техническому специалисту) и так-же общаться со стартапами, которые пытаются продать себя нашей конторе.

Подавляющее большинство прекрасных инженеров не умеют объяснять в чём суть их продукта и, главное, почему он мне нужен. Идут рассказы о том какая офигенная это система, или о том как элегантно они решили проблему, или о том какие у них крутые клиенты, и тому подобная фигня, aka "the product pitch" как они себе его представляют. К сожалению, они не понимают главного: это всё сработает только если они решают мою проблему. С разговора об этом и нужно начинать общение. Обсуждение продажи или сотрудничества это не о том насколько крут их продукт, а насколько это необходимо и/или выгодно мне.

Конечно, есть очень важная категория добровольцев, которые тратят кучу свободного времени на поддержание, например, какого-то open source проекта. Это замечательно, очень важно и похвально. Я полагаю, что подавляющее большинство их них занимается этим после того, как проводит кучу времени на основной работе, ведь должен же кто-то кормить семью, платить ипотеку, откладывать на отпуск/пенсию и т.п. А там, на основной работе, кому-то приходится продавать результаты их труда.

Инженеры, которые умеют просто объяснять зачем их работа нужна другим преуспевают финансово, продавая свои идеи. Очевидно, это немного кому дано - тут, главное, засунуть эго куда поглубже и найти опытного переговорщика и/или продавца. Ведь очень жаль если хорошая идея и куча вложенного в неё труда и таланта так и останутся никем не замеченным усилием.

mikerrr

В Японии 15-летний школьник Акира Танака разработал приложение "Step for Good", которое превращает шаги пользователя в виртуальные "монетки", идущие на благотворительность. Пройденные километры конвертируются в баллы, которые спонсоры (местные магазины) переводят в реальные деньги для нуждающихся. Акира придумал это, чтобы мотивировать людей больше двигаться, не требуя от них финансовых вложений.

Tags:

интересное

malwarebyets_feed

https://www.malwarebytes.com/blog/news/2025/09/disrupted-phishing-service-was-after-microsoft-365-credentials

Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation, known as RaccoonO365.

The primary goal of RaccoonO365 (or Storm-2246 as Microsoft calls it) was to rent out a phishing toolkit that specialized in stealing Microsoft 365 credentials. They were successful in at least 5,000 cases, spanning 94 countries since July 2024.

The operation provided the cybercriminals’ customers with stolen credentials, cookies, and data which they in turn could use to plunder OneDrive, SharePoint, and Outlook accounts for information to use in financial fraud, extortion, or to serve as initial access for larger attacks.

Roughly an attack would look like this:

Emails were sent to victims with an attachment containing a link or QR code.
The malicious link led to a page with a simple CAPTCHA. This and other anti-bot techniques were implemented to evade analysis without raising suspicion from the victim.
After solving the CAPTCHA, the victim was redirected to a fake Microsoft O365 login page designed to harvest the entered credentials.

RaccoonO365 built its operation on top of legitimate infrastructure in an attempt to avoid detection. Leveraging free accounts, they strategically deployed Cloudflare workers to act as an intermediary layer, shielding their backend phishing servers from direct public exposure.

Reacting to this abuse of its services, Cloudflare teamed up with Microsoft’s Digital Crimes Unit (DCU). Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with RaccoonO365.

The danger of phishing kits like these is clear. Even non-technical criminals can lease a 30-day plan for $355 (to be paid in cryptocurrency) and get their hands on valid Microsoft O365 credentials. With the latest new feature of the phishing kit, users of the kit can even receive codes for certain multi-factor authentication (MFA) methods.

From there they can move forward to data theft, financial fraud, or even use the credentials to infiltrate an organization to deploy ransomware. And to give you an idea, RaccoonO365 customers were able to send emails to 9,000 targets per day. The suspected leaders of the operation had over 850 members on Telegram and have received at least US$100,000 in cryptocurrency payments.

The takedown of the websites and the attribution to a Nigerian suspect cut off the cybercriminals’ revenue streams, and significantly increased RaccoonO365’s operational costs. Besides that, the main suspect is believed to be the main coder behind the project and his apprehension by international law enforcement is likely to be a major blow to the operation.

Now, RaccoonO365 phishing kit customers can start worrying about how much of their information could be revealed in the aftermath of this disruption.

We’ll keep you posted.

Don’t fall for phishing attempts

In the operations run by RaccoonO365 two simple rules could have saved you from lots of trouble.

Don’t click on links in unsolicited attachments
Check if the website address in the browser matches the domain you expect to be on (eg. Microsoft.com).

Other important tips to stay safe from phishing in general:

Verify the sender: Always check if the sender’s email address matches what you would expect it to be. It’s not always conclusive but it can help you spot some attempts.
Check through an independent channel if the sender actually sent you an attachment or a link.
Use up-to-date security software, preferably with a web protection component.
Keep your device and all its software updated.
Use multi-factor authentication for every account you can.
Use a password manager. Password managers will not auto-fill a password to a fake site, even if it looks like the real deal to you.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

https://www.malwarebytes.com/blog/news/2025/09/disrupted-phishing-service-was-after-microsoft-365-credentials

bruce_schneier_feed

Posted by Bruce Schneier

https://www.schneier.com/blog/archives/2025/09/time-of-check-time-of-use-attacks-against-llms.html

https://www.schneier.com/?p=70832

This is a nice piece of research: “Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents“.:

Abstract: Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection) and data-oriented threats (e.g., data exfiltration), time-of-check to time-of-use (TOCTOU) remain largely unexplored in this context. TOCTOU arises when an agent validates external state (e.g., a file or API response) that is later modified before use, enabling practical attacks such as malicious configuration swaps or payload injection. In this work, we present the first study of TOCTOU vulnerabilities in LLM-enabled agents. We introduce TOCTOU-Bench, a benchmark with 66 realistic user tasks designed to evaluate this class of vulnerabilities. As countermeasures, we adapt detection and mitigation techniques from systems security to this setting and propose prompt rewriting, state integrity monitoring, and tool-fusing. Our study highlights challenges unique to agentic workflows, where we achieve up to 25% detection accuracy using automated detection methods, a 3% decrease in vulnerable plan generation, and a 95% reduction in the attack window. When combining all three approaches, we reduce the TOCTOU vulnerabilities from an executed trajectory from 12% to 8%. Our findings open a new research direction at the intersection of AI safety and systems security.

https://www.schneier.com/blog/archives/2025/09/time-of-check-time-of-use-attacks-against-llms.html

https://www.schneier.com/?p=70832

malwarebyets_feed

https://www.malwarebytes.com/blog/news/2025/09/update-your-chrome-today-google-patches-4-vulnerabilities-including-one-zero-day

Google has released an update for its Chrome browser to patch four security vulnerabilities, including one zero-day. A zero-day vulnerability refers to a bug that has been found and exploited by cybercriminals before the vendor even knew about it (they have “zero days” to fix it).

This update is crucial since it addresses one vulnerability which is already being actively exploited and, reportedly, can be abused when the user visits a malicious website. It probably doesn’t require any further user interaction, which means the user doesn’t need to click on anything in order for their system to be compromised.

The Chrome update brings the version number to 140.0.7339.185/.186 for Windows, Mac and 140.0.7339.185 for Linux.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click the more menu (three stacked dots), then choose Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is reload Chrome in order for the update to complete, and for you to be safe from the vulnerabilities.

You can find more elaborate update instructions and how to read the version number in our article on how to update Chrome on every operating system.

Technical details on the zero-day vulnerability

Google describes the zero-day vulnerability tracked as CVE-2025-10585 as a type confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16.

Despite the short statement—Google never reveals a lot of details until everyone has had a chance to update—there are a few conclusions we can draw.

It helps to know that V8 is Google’s open-source Javascript engine.

A “type confusion” vulnerability happens when code doesn’t verify the object type passed to it and then uses the object without type-checking. So, a program mistakenly treats one type of data as if it were another, like confusing a list for a single value or interpreting a number as text. This mix-up can cause the software to behave unpredictably, creating opportunities for attackers to break in, steal data, crash programs, or even run malicious code.

Google’s Threat Analysis Group (TAG) focuses on spyware and nation-state attackers who abuse zero days for espionage purposes.

So, it stands to reason that an attacker used Javascript to create a malicious site that exploited this vulnerability and lured targeted victims to that website.

TAG reported the bug on September 16, and Google issued the patch one day later. That implies that the bug was urgent, or very easy to fix, and probably that both of those statements are true to some extent.

Usually, as more details become known or a patch gets reverse engineered, cybercriminals will start using the vulnerability in less targeted attacks.

Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to keep an eye out for updates and install them when they become available.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://www.malwarebytes.com/blog/news/2025/09/update-your-chrome-today-google-patches-4-vulnerabilities-including-one-zero-day

malwarebyets_feed

https://www.malwarebytes.com/blog/news/2025/09/age-verification-and-parental-controls-coming-to-chatgpt-to-protect-teens

OpenAI is going to try and predict the ages of its users to protect them better, as stories of AI-induced harms in children mount.

The company, which runs the popular ChatGPT AI, is working on what it calls a long-term system to determine whether users are over 18. If it can’t verify that a user is an adult, they will eventually get a different chat experience, CEO Sam Altman warned.

“The way ChatGPT responds to a 15-year-old should look different than the way it responds to an adult,” Altman said in a blog post on the issue.

Citing “principles in conflict,” Altman talked in a supporting blog post about how the company is struggling with competing values: allowing people the freedom to use the product as they wish, while also protecting teens (the system isn’t supposed to be used by those under 13). Privacy is another concept it holds dear, Altman said.

OpenAI is prioritizing teen safety over its other values. Two things that it shouldn’t do with teens, but can do with adults, are flirting and discussing suicide, even as a theoretical creative writing endeavor.

Altman commented:

“The model by default should not provide instructions about how to commit suicide, but if an adult user is asking for help writing a fictional story that depicts a suicide, the model should help with that request.”

It will also try to contact a teen user’s parents if it looks like the child is considering taking their own life, and possibly even the authorities if the child seems likely to harm themselves imminently.

The move comes as lawsuits mount against the company from parents of teens who took their own lives after using the system. Late last month, the parents of 16-year-old Adam Raine sued the company after ChatGPT allegedly advised him on suicide techniques and offered to write the first draft of his suicide note.

The company hasn’t gone into detail about how it will try and predict user age, other than looking at “how people use ChatGPT.” You can be sure some wily teens will do their best to game the system. Altman says that if the system can’t predict with confidence that a user is an adult, it will drop them into teen-oriented chat sessions.

Altman also signaled that ID authentication might be coming to some ChatGPT users. “In some cases or countries we may also ask for an ID; we know this is a privacy compromise for adults but believe it is a worthy tradeoff,” he said.

While OpenAI works on the age prediction system, Altman recommends parental controls for families with teen users. Available by the month’s end, it will allow parents to link their teens’ accounts with their own, guide how ChatGPT responds to them, and disable certain features including memory and chat history. It will also allow blackout hours, and will alert parents if their teen seems in distress.

This is a laudable step, but the problems are bigger than the effects on teens alone. As Altman says, this is a “new and powerful technology”, and it’s affecting adults in unexpected ways too. This summer, the New York Times reported that a Toronto man, Allen Brooks, fell into a delusional spiral after beginning a simple conversation with ChatGPT.

There are plenty more such stories. How, exactly, does the company plan to protect those people?

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://www.malwarebytes.com/blog/news/2025/09/age-verification-and-parental-controls-coming-to-chatgpt-to-protect-teens

mikerrr

Tags:

разное

xaxam_lj_feed

https://xaxam.livejournal.com/1972997.html

Недоил меняет галс?

Что-то в последнее время недоил

daniel_grishin выдаёт рулады в непривычной тональности. Меньше про пендосов, больше про тупых гейропцев и бессмысленных ООНанистов, и уж совсем неожиданные нотки похвалы в адрес сионистов.

Предположу невозможное: недоил сматывает удочки из негостеприимной Гермашки, но лыжи мылит не столько к родным питерским ~~берёзкам~~ болотам, сколько к исторически родным средиземноморским пальмам.

Но ядерную аудиторию недоила от такого крутого разворота почему-то тошнит. Когнитивный диссонанс, наверное: говноед-недоил их приручил к определённой диете, а теперь вдруг сменавех...

Последам

Надо же... хатка моя ему не нужна. Я даже обиделся немного. Интересно, а свою спортивную тушку яхтсмена недоил от пола отжать сможет? Это ведь не три ствола от "макаровых" одновременно сосать в интернете.

https://xaxam.livejournal.com/1972997.html

Profile

September 2025

S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Page Summary

mikerrr - Стресс от отдыха
malwarebyets_feed - A week in security (September 15 – September 21)
aka_human - Идиот
stas - линки недели - 553
chasovschik - Статистическое
mikerrr - Пылесос, который "поет"
chasovschik - Сто тысяч
bruce_schneier_feed - Friday Squid Blogging: Giant Squid vs. Blue Whale
mikerrr - (no subject)
malwarebyets_feed - ChatGPT Deep Research zero-click vulnerability fixed by OpenAI
bruce_schneier_feed - Surveying the Global Spyware Market
mikerrr - (no subject)
brumka - (no subject)
mikerrr - Школьник и шаги для благотворительности
malwarebyets_feed - Disrupted phishing service was after Microsoft 365 credentials
bruce_schneier_feed - Time-of-Check Time-of-Use Attacks Against LLMs
malwarebyets_feed - Update your Chrome today: Google patches 4 vulnerabilities including one zero-day
malwarebyets_feed - Age verification and parental controls coming to ChatGPT to protect teens
mikerrr - (no subject)
xaxam_lj_feed - Три румба на йух

Style Credit

Style: Radiant Aqua for Venture by onlyembers

Expand Cut Tags

No cut tags

Page generated Sep. 22nd, 2025 10:01 am