Exposing the Unseen: Mapping MCP Servers Across the Internet

"We identified a total of 1,862 MCP servers exposed to the internet. From this set, we manually verified a sample of 119. All 119 servers granted access to internal tool listings without authentication."

this is why I keep a very watchful eye on Knostic about AI stuff, they know the tech, the risks, and how human behavior will interact with them.

#infosec #cybersecurity #genai

https://www.knostic.ai/blog/mapping-mcp-servers-study

Trop de bruit avec Signal : les métadonnées en cause dans les messageries chiffrées

https://blogs.mediapart.fr/xcli/blog/160725/trop-de-bruit-avec-signal-les-metadonnees-en-cause-dans-les-messageries-chiffrees

#Signal est régulièrement désigné comme LA meilleure application de messagerie sécurisée. Pour autant, cette supériorité universelle et présentée sans nuance relève d'un manque de finesse de l'analyse. Pire, elle met en danger les journalistes et leurs sources, les activistes et certaines minorités. Nous voyons pourquoi dans cet article.

#infosec #cybersecurite #simplex #matrix #olvid

Oh, my goodness. I boosted @Em0nM4stodon’s post about this earlier. But I need to share it with some intention.

This piece she wrote on Mastodon privacy/security is intense. It’s long. SO much information. Read it anyway. Seriously.

And if y’all don’t follow Em, do yourself a solid and get on that. She’s smart af about InfoSec/privacy/security. And super friendly.

https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/

#Fediverse #Mastodon#MastoTips#Privacy#InfoSec#Security#TheFutureIsFederated

Pornhub is making bullshit claims regarding the privacy issues of the French gov age verification requirements. There are very real and significant problems with the French gov approach, but Pornhub's approach is significantly worse.

Pornhub wants to put the burden of age verification and enforcement on user devices. They even name the actors that should have to bear that burden: Google, Apple and Microsoft.

First off, this creates an artificial monopoly: three American companies being the judge on who can watch what. Worldwide. I can't wait to have Trump's administration (or whatever jackass the American elect) censoring everything I watch.

Also, Linux users are prayed to go fuck themselves instead of watching porn. Get the real stuff, Linux users (lol).

There is also the issue of the age verification procedure: how do you verify the user's age? Biometrics is the obvious answer on mobile phone, but would there be alternatives? Probably not.

Too bad for people whose face does not match the AI training. Too bad for people not wanting their biometrics verified/leaked to a provider of the operating system vendor choosing.
If you are using a workstation, please get a webcam if you want to jerk off.

But let's say that you passed the age verification procedure: how do you transfer that knowledge to the website?

A HTTP header could be faked so this is not an option.

A remote assessment using a TPM (a chip on your device that monitors that your system wasn't altered) ? => You can no longer install an alternate operating system and watch porn. Once again an artificial monopoly.

DRM would be probably the preferred solution: let anyone download the porn file, but only display it on devices with the appropriate DRM reader if the age verification test is passed. Once again an artificial monopoly. And this puts an end to piracy in the process. Nobody would ever think about abusing this for other content, right Google WEI?

Once again, the French gov tech and requirements are bullshit. I am not here to defend them, but Pornhub statement is just full of shit.

#porn #pornhub #censorship #infosec #france

The CHERI Alliance is all about bringing the computing world together to adopt CHERI security technology.

We’re a mix of industry partners, open-source contributors, researchers, and governments, all working to make CHERI more accessible and widely used.

Check out who’s already on board: https://cheri-alliance.org/member/

We’ve got active working groups tackling everything from software porting to system integration and standards - all helping the community adopt and build with CHERI more effectively. Take a look: https://cheri-alliance.org/who-we-are/working-groups/

Curious? Keen to get involved? Here’s how to join us: https://cheri-alliance.org/memberships/

#CHERI#CyberSecurity#MemorySafety#InfoSec

Just a quickie from one of our @DomainTools researchers today that I know @cR0w will enjoy.

Malware in DNS - specifically, malware seen being assembled from DNS TXT records.

Not a "zomg new thing!" so much as a neat example in the wild.

#infosec #cybersecurity#DNS

https://dti.domaintools.com/malware-in-dns/