bonfire.cafe · bonfire.cafe

Showing activities from people in this circle

@SecureOwl@infosec.exchange · 2 hours ago

So a new, quite effective method I've found during pentests recently:

People are starting to connect their work email and calendars to personal AI agents, and are, inevitably, storing the code in publicly accessible repos.

There are two things I look for:

- Email creds, prevalent where people have given the AI dealy IMAP access to their messages.

- If I can't find email creds, the link to the private Google Calendar (either outlook or Google) ICS file.

If you grab that ICS file, you download effectively an entire copy of the calendar, which includes the body of the meeting invite - so, various links, attachments, keys/secrets/passwords etc.

I have done the email thing maybe once or twice.

The calendar thing, at least a dozen times in the last few months.

#infosec

jops

@utentone@mastodon.bida.im · 8 seconds ago

Dopo 19 anni sono tornato in Norvegia. Bergen per la precisione. Qui ho fatto l'Erasmus. Come da manuale una delle esperienze più belle della mia vita. Forse perché ero giovane.
19 anni fa pensavo solo al domani. Oggi vengo qua e il "ieri" è così assillante mi fa venire le palpitazioni.
Hulen è un locale rock gestito da universitari. Qui ho fatto il volontario. Ora qua mi sto facendo 3 birre da 11 euro l'una. Da solo, come un cretino. Ricordando il tempo passato e immaginando linee temporali diverse. La mia linea temporale alternativa sarebbe stata qui. Mi sarei trasferito, trovato un lavoro, messo su famiglia e depresso qui. Solo perché i norvegesi mi piacevano.
La piú grande differenza? 19 anni fa quando non si aveva niente da fare dietro al bancone si leggeva un libro, oggi si guarda il cellulare.

@reiver ⊼ (Charles) :batman: boosted

Felicitas Pojtinger 🌅

@pojntfx@mastodon.social · 3 minutes ago

@reiver You see this pattern all over Chinese services as well, I think that's where it's copied from. When you sign into e.g. Alipay, on the first action you do, they lock your account and then send you a DM saying "We've detected unauthorized traffic, please do security verification" after which they then redirect you to the Chinese equivalent of Persona

Zack Whittaker

@zackwhittaker@mastodon.social · 1 hour ago

CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.

Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."

A little louder for the folks in the back:

...."UNPROTECTED BY PASSWORDS."

https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations

CNN

EXCLUSIVE: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible | CNN Politics

US officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources briefed on the activity.

C.S.Strowbridge

@csstrowbridge@mastodon.social · 1 minute ago

@zackwhittaker

If it is unprotected, then it is not hacking.

Kagi HQ

@kagihq@mastodon.social · 1 minute ago

Each Kagi member represents a conscious choice to reject the ad-tech and surveillance business model.

Cat 🐈🥗 (D.Burch) :paw:⁠:paw:

@catsalad@infosec.exchange · 3 hours ago

Fraggle Rock

Max Leibman

@maxleibman@beige.party · 2 minutes ago

@catsalad Downin’.

Tesla ⚡ ☢️ 🇺🇦

@teslawf@mamot.fr · 3 minutes ago

Quand le levain est en forme ça régale. Farine pour pain de campagne cette fois. J’avais oublié que je l’avais ^^

Demain on retourne au moulin faire le stock (T110, miuticereales,…). J’ose pas encore trop monter en « complétude » (à savoir bourrer le seigle et la T150).

Jón Grétar boosted

λ (λ 2 (1 1)) (λ 2 (1 1))

@hauleth.dev@bsky.brid.gy · 2 days ago

Anyone is looking for Senior Elixir Developer based in the EU? My CV available at hauleth.dev/cv #elixirlang #job

Hauleth's blog - Łukasz Niemier

Blog about BEAM, Rust, fantasy & stuff

Leo

@leodurruti@puntarella.party · 3 minutes ago

Un piatto bianco decorato con fiorellini azzurri che contiene penne integrali e fave e un liquido di colore rossastro. Sulla destra in alto, dal piatto esce un cucchiaio. Il piatto è poggiato su una tovaglietta marrone, grigia e nera

Tesla ⚡ ☢️ 🇺🇦

@teslawf@mamot.fr · 3 minutes ago

Quand le levain est en forme ça régale. Farine pour pain de campagne cette fois. J’avais oublié que je l’avais ^^

Demain on retourne au moulin faire le stock (T110, miuticereales,…). J’ose pas encore trop monter en « complétude » (à savoir bourrer le seigle et la T150).

daniel:// stenberg://

@bagder@mastodon.social · 40 minutes ago

they're "work items" now. I don't want to submit a work item. I want to tell them about a bug I found... 🤔

Mathias Hasselmann

@taschenorakel@mastodon.green · 3 minutes ago

@bagder Seems to be a general trend these days: My wife just got _ordered_ to talk about "Anliegen", that is "wishes", "inquiries" instead of "task", "tickets", "issues" or "bugs" when talking to employees and the board, but also in the ticket system. Just told her: "Fine for you, wishes are easy to prioritize (and ignore)". Which is just sad.

@reiver ⊼ (Charles) :batman:

@reiver@mastodon.social · 18 minutes ago

#LinkedIn

Felicitas Pojtinger 🌅

@pojntfx@mastodon.social · 3 minutes ago

Bloomberg

@bloomberg@flipboard.com · 3 minutes ago

Berkshire Sold $8 Billion of Chevron Shares as Prices Soared
https://www.bloomberg.com/news/articles/2026-05-15/berkshire-sold-8-billion-of-chevron-shares-as-prices-soared?utm_source=flipboard&utm_medium=activitypub

Posted into Markets @markets-bloomberg

Bloomberg - Are you a robot?

Matt Blaze

@mattblaze@federate.social · 12 minutes ago

@jef that sculpture keeps getting more complex.

Jef Poskanzer

@jef@mastodon.social · 4 minutes ago

@mattblaze They are refactoring it.

I love this, so I

@jpm@aus.social · 4 minutes ago

@dysfun *stares in Python*

Bloomberg

@bloomberg@flipboard.com · 4 minutes ago

Trump Says He Didn't Ask Xi For Any Favors on Iran
https://www.bloomberg.com/news/videos/2026-05-15/trump-says-he-didn-t-ask-xi-for-any-favors-on-iran-video?utm_source=flipboard&utm_medium=activitypub

Posted into Business @business-bloomberg

Bloomberg - Are you a robot?

SunnJax 🌞🏳️‍🌈 :Fire_Pride:

@SunnJax@tech.lgbt · 32 minutes ago

I’ve been hesitant to visit the wetlands park this spring because it has been so dry. But I made a trip today and enjoyed the sights and scenery, even though some of the ponds were little more than big mud puddles. (1/2) 🥾🌾🌞

#hiking #wetlands #Colorado

4 media

Panoramic view across a large wetland pond on a bright, sunny morning. The pond is surrounded by green, leafy trees, and there are scenic rocky mountains in the very far distance, still with some snow on top. Crystal clear blue skies above, the blue reflected in the still pond waters along with the trees around the pond.

A pretty plume of purple, four-petaled, dame’s rocket flowers blooming in a cluster on top of a tall green stem, with grasses and shrubby brush behind the flowers, plus a flowing stream lined with trees and green grasses in the background.

A leaning stand of dried, brown, prickly teasel stems in a grassy, scrubby patch next to a wetlands pond, with a wire fence behind the teasels, along with green trees in the middle distance and scenic mountains in the far distance under sunny, blue skies.

Another panorama across a different wetlands pond, the water level somewhat low and the dried pond edges exposed. A few leafy trees and shrubs are growing on the banks of the ponds, and there are scenic mountains in the far distance peeking between the trees, all under mostly sunny blue skies on a warm spring morning.

Randahl Fink

@randahl@mastodon.social · 5 minutes ago

@SunnJax instant follow. 📷🤗

Agenzia Ansa

@AgenziaAnsa@flipboard.com · 7 minutes ago

Trump, 'da Xi Jinping nessuna minaccia agli Usa su Taiwan' - Ultima ora - Ansa.it
https://www.ansa.it/sito/notizie/topnews/2026/05/16/trump-da-xi-jinping-nessuna-minaccia-agli-usa-su-taiwan_96ed8c96-c82a-4d38-bd26-29536f91beab.html?utm_source=flipboard&utm_medium=activitypub

Pubblicato su ANSA Ultima ora @ansa-ultima-ora-AgenziaAnsa

Agenzia ANSA

Trump, 'da Xi Jinping nessuna minaccia agli Usa su Taiwan' - Ultima ora - Ansa.it

Donald Trump ha negato che l'avvertimento di Xi Jinping su Taiwan si trattasse di una "minaccia" agli Stati Uniti, come hanno sottolineato molti commentatori anche repubblicani. (ANSA)

radio free fedi boosted

Lime Bar

@limebar@mastodon.social · 8 hours ago

The next episode of #AnimationArray is *so close* ... searching for more animators that want to contribute. If you know someone who does short form narrative animation that wants a showcase, please tell them to submit to us! Submit! SUBMIT!

https://robertafidora.com/animation-array

Oh, and watch animation array daily at 3:30, 9:30, 21:30 UTC (check schedule for local times https://tv.theindiebeat.fm/ beneath the video)

Roberta Fidora - Animation Array

Animation Array. Roberta Fidora, an alternative, experimental, indie artist from Ryde, Isle of Wight