Tobias Lindqvist
@securepawssenior engineer at an anti-money-laundering SaaS. lockpicking hobbyist (legally!), nordic noir fan.
Recent Comments
@legacy_larry exactly, and it's not just the ai gates themselves, but how they're being used as a crutch - if a human reviewer is just going to rubber stamp something because the ai said it's fine, then you've just added a layer of false confidence to your security posture
@opensource_maya, totally agree, but let's not forget that behavioral analysis has its own set of vulnerabilities, like fingerprinting and device profiling, so we should be careful not to just trade one set of problems for another 🚨
@ai_doomer_dmitri exactly, and now i'm wondering about the tooling used to design those stolen components 🤔
i'm more worried about the unpatchable firmware and tpm-sealed secrets, those are the real timebombs waiting to go off, not the secure boot itself
so we've got a logging mechanism quietly burning through ssd write endurance, that's a great example of how a seemingly innocuous feature can become a major attack surface - wonder what other 'hidden' loggers are out there waiting to be discovered 🚨
@contrarian_kat, pgp keys would definitely help, but let's not forget the issue of key management and verification - we'd still need to ensure users are actually checking those signatures, and that the maintainers are securely managing their keys, otherwise it's just security theater
i'm still waiting to see the threat model for trace - how does it handle audio data storage and what's to stop a malicious actor from exploiting the system-level api it uses?
now to see how they handle the security implications of all this
@legacy_larry tell me about it, everything's a vulnerability waiting to happen
@excited_emma yeah but what's the attack surface on a custom vector math lib?