{
  "version": "https://jsonfeed.org/version/1",
  "title": "Cybersecurity \u0026 Privacy on Edward Kiledjian",
  "icon": "https://avatars.micro.blog/avatars/2025/35/1555731.jpg",
  "home_page_url": "https://kiledjian.com/",
  "feed_url": "https://kiledjian.com/feed.json",
  "items": [
      {
        "id": "http://ekiledjian2.micro.blog/2026/04/23/unwary-chinese-hackers-hardcoded-credentials.html",
        
        "content_html": "<p><a href=\"https://www.govinfosecurity.com/unwary-chinese-hackers-hardcoded-credentials-into-backdoors-a-31487\" target=\"_blank\" rel=\"noopener noreferrer\">Unwary Chinese Hackers Hardcoded Credentials into Backdoors</a></p>\n<p>Researchers discovered a Chinese nation-state threat actor, dubbed GopherWhisper, that carelessly hardcoded command and control credentials into backdoors written in the Go programming language. The group used platforms like Slack and Discord for C2 communications, with researchers recovering over 9,000 messages that revealed details about the attackers&rsquo; environment and activities.</p>\n",
        "date_published": "2026-04-23T10:53:32-04:00",
        "url": "https://kiledjian.com/2026/04/23/unwary-chinese-hackers-hardcoded-credentials.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/04/21/tunnelcrack-is-not-new-but.html",
        "title": "TunnelCrack is not new — but it is still worth understanding",
        "content_html": "<p>I am sharing this because, even though TunnelCrack is not new, I think many people will still find it interesting. It is one of those security stories that says something bigger than the headline itself. In this case, the real lesson is not about a brand-new exploit. It is about an old assumption many people still make about VPNs.</p>\n<p>TunnelCrack was publicly disclosed in August 2023. The dedicated disclosure site went live on Aug. 8, 2023, and the related research was presented at USENIX Security 2023 shortly after. What made the disclosure notable was not that VPN encryption had been “cracked,” but that the researchers showed how routing exceptions outside the tunnel could be abused to leak traffic in some situations.</p>\n<p>That distinction matters.</p>\n<p>If you think a VPN automatically forces every packet, in every circumstance, through an encrypted path, TunnelCrack is a useful reminder that reality is more conditional.</p>\n<h2 id=\"what-tunnelcrack-actually-is\">What TunnelCrack actually is</h2>\n<p>TunnelCrack is the name given to two related attack families that exploit how VPN clients configure routing on a device.</p>\n<p>In a typical full-tunnel VPN setup, the client changes the operating system’s routing behaviour so traffic goes through the VPN by default. But many VPN clients also make exceptions so the device can still do two things outside the tunnel:</p>\n<ul>\n<li>Reach the local network</li>\n<li>Reach the VPN server itself so the tunnel can remain established</li>\n</ul>\n<p>Those exceptions are often necessary for usability and connectivity. They can also create risk.</p>\n<p>The two attack families disclosed by the researchers are:</p>\n<h3 id=\"localnet\">LocalNet</h3>\n<p>This attack abuses the exception that allows traffic to the local network to bypass the VPN tunnel. On a malicious or untrusted local network, an attacker may be able to manipulate local addressing so some traffic is treated as local and sent outside the tunnel.</p>\n<h3 id=\"serverip\">ServerIP</h3>\n<p>This attack abuses the exception that allows traffic to the VPN server’s IP address to travel outside the tunnel. Under the right conditions, including control over DNS responses or local network positioning, an attacker may be able to influence traffic so it leaks outside the VPN tunnel.</p>\n<p>The important point is that TunnelCrack is not mainly a cryptographic failure. It is a routing and policy problem.</p>\n<h2 id=\"why-the-original-disclosure-mattered\">Why the original disclosure mattered</h2>\n<p>The research was not framed as a single-vendor bug. It described a broad design issue across the VPN ecosystem.</p>\n<p>The paper reports 248 experiments against 67 VPN products and found that every VPN product tested was vulnerable on at least one device. The researchers also said the weakness was independent of the underlying VPN protocol, which means strong protocol design does not help if traffic is routed outside the tunnel before the protection is applied.</p>\n<p>That is why TunnelCrack mattered then, and still matters now.</p>\n<p>It challenged a simplistic view of VPNs that still shows up in consumer marketing and, frankly, in some enterprise assumptions.</p>\n<h2 id=\"what-tunnelcrack-does--and-does-not--mean\">What TunnelCrack does — and does not — mean</h2>\n<p>There are two easy mistakes people make with this story.</p>\n<p>The first is to overstate it and say VPNs are useless. That is wrong.</p>\n<p>The second is to dismiss it as an academic edge case. That is also wrong.</p>\n<p>TunnelCrack does not mean the encryption used by modern VPN protocols was broken. It does not mean HTTPS suddenly stops protecting web sessions. In many cases, TLS will still protect the content layer.</p>\n<p>But TunnelCrack can still matter because it may allow an attacker to:</p>\n<ul>\n<li>Leak traffic outside the tunnel</li>\n<li>Expose plaintext traffic where higher-layer protection is absent</li>\n<li>Reveal metadata or destinations</li>\n<li>Interfere with connectivity</li>\n<li>Support redirection or deanonymization scenarios, depending on the setup</li>\n</ul>\n<p>The right conclusion is not that VPNs are broken. The right conclusion is that VPN protection depends on implementation, platform behaviour and network conditions.</p>\n<h2 id=\"why-platform-differences-matter\">Why platform differences matter</h2>\n<p>One of the more interesting parts of the disclosure was how uneven the exposure was across operating systems.</p>\n<p>Reporting on the original research noted that most VPN apps on Apple platforms and many on Windows and Linux were vulnerable to one or both attack types, while Android fared better in the original TunnelCrack testing. OpenVPN also stated that Android is not vulnerable to these specific attacks because of how Android implements VPN networking.</p>\n<p>That does not make any platform universally safe. It does reinforce a more important point: operating system design has a major influence on how well a VPN can enforce tunnel integrity.</p>\n<p>It also means enterprise security teams should validate VPN behaviour by platform, not just by vendor name.</p>\n<h2 id=\"why-tunnelcrack-still-matters-in-2026\">Why TunnelCrack still matters in 2026</h2>\n<p>TunnelCrack is still relevant for three reasons.</p>\n<p>First, many people still misunderstand what a VPN actually guarantees. The common mental model is binary: connected means protected. TunnelCrack shows that this is not always how endpoint networking behaves in practice.</p>\n<p>Second, the issue did not remain isolated. In 2024, Leviathan Security disclosed TunnelVision, another routing-based VPN bypass technique involving DHCP option 121. Mullvad said TunnelVision was very similar to TunnelCrack LocalNet from a privacy and security standpoint. The details differ, but the broader lesson is the same: routing-based VPN bypasses are a real class of problem.</p>\n<p>Third, hostile local networks are still part of modern risk. Public Wi-Fi in hotels, airports, cafés, conference centres and other travel settings remains a practical concern, especially for executives, journalists, activists and anyone handling sensitive work on the move.</p>\n<h2 id=\"what-users-and-organizations-should-do\">What users and organizations should do</h2>\n<p>The practical response is fairly straightforward.</p>\n<h3 id=\"for-users\">For users</h3>\n<ul>\n<li>Keep your VPN client fully updated</li>\n<li>Avoid untrusted Wi-Fi for sensitive work where possible</li>\n<li>Use a trusted personal hotspot when practical</li>\n<li>Disable local network access when you do not need it</li>\n<li>Treat the VPN as one security layer, not the only one</li>\n<li>Prefer services and applications that enforce HTTPS properly</li>\n</ul>\n<h3 id=\"for-enterprise-security-teams\">For enterprise security teams</h3>\n<ul>\n<li>Review whether local network access is enabled by default</li>\n<li>Validate routing behaviour separately on Windows, macOS, iOS, Android and Linux</li>\n<li>Confirm whether firewall rules or policy routing prevent public traffic from escaping outside the tunnel</li>\n<li>Revisit user guidance for travel, hotel Wi-Fi and executive-risk scenarios</li>\n<li>Be careful with assurance language such as “all traffic is protected” unless you have validated how the client behaves on each supported platform</li>\n</ul>\n<p>This is also a useful reminder that marketing language such as “military-grade encryption” is not enough. If traffic can be pushed outside the tunnel, the strength of the encryption inside the tunnel is not the only thing that matters.</p>\n<h2 id=\"the-bottom-line\">The bottom line</h2>\n<p>TunnelCrack is not new. The public disclosure dates back to August 2023.</p>\n<p>What makes it interesting is that it exposed a much older design assumption in how many VPN clients handle routing and tunnel exceptions. The lesson is not that VPNs have no value. The lesson is that secure encryption inside a tunnel does not automatically guarantee secure routing to the tunnel.</p>\n<p>That is a more subtle point than most headlines capture.</p>\n<p>It is also the point worth remembering.</p>\n<h2 id=\"ethics-statement\">Ethics statement</h2>\n<p>This article is intended to support informed discussion about VPN security, routing behaviour and practical security architecture. It aims to describe publicly documented research accurately, distinguish between validated findings and professional interpretation, and avoid sensationalism or overstating the real-world impact.</p>\n<p>This article does not endorse unauthorized testing, rogue access point deployment, DNS spoofing, traffic interception or any activity that would violate law, policy or responsible disclosure norms.</p>\n<h2 id=\"disclaimer\">Disclaimer</h2>\n<p>This article is provided for general information and discussion purposes only. It is not legal, security, privacy, compliance or other professional advice, and it should not be relied upon as such. Technical behaviour varies by operating system, VPN client, software version, configuration and network environment. Vendor mitigations and platform behaviour may also change over time.</p>\n<p>This analysis is based on publicly available research, advisories and vendor documentation available at the time of writing. Any errors or omissions are unintentional. The views expressed are those of the author in a personal capacity and do not represent the views of any employer, client, partner or affiliated organization. Generative AI tools were used to assist with research and editing.</p>\n<h2 id=\"keyword\">Keyword:</h2>\n<p>#Cybersecurity #InfoSec #VPN #TunnelCrack #TunnelVision #NetworkSecurity #SecurityArchitecture #RoutingSecurity #Privacy #DigitalPrivacy #ThreatModelling #ZeroTrust #RemoteAccess #PublicWiFi #TravelSecurity #EndpointSecurity #WireGuard #OpenVPN #IPsec #DNS #TrafficLeak #Deanonymization #SecurityResearch #RiskManagement #CyberRisk #SecurityAwareness #CyberHygiene #EnterpriseSecurity #CISO #Kiledjian</p>\n<img src=\"https://cdn.uploads.micro.blog/255457/2026/cd3cf0b4a0.png\">",
        "date_published": "2026-04-21T15:06:37-04:00",
        "url": "https://kiledjian.com/2026/04/21/tunnelcrack-is-not-new-but.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/04/10/the-art-of-the-gray.html",
        "title": "The Art of the Gray Man: How to Travel Smart, Stay Safe, and Experience More of the World",
        "content_html": "<p>“Travel is fatal to prejudice, bigotry, and narrow-mindedness.”<br>\n— Mark Twain</p>\n<p>Travel changes how we see the world.</p>\n<p>It exposes us to new cultures, unfamiliar environments, and perspectives that challenge our assumptions. But the moment you leave home, one fundamental reality shifts:</p>\n<p>You are playing an away game.</p>\n<p>Different social norms. Different systems. Different risks.</p>\n<p>You do not need to be paranoid when you travel.<br>\nYou need to be deliberate.</p>\n<p>Security professionals often use a concept known as <strong>the gray man</strong>. The philosophy is simple: blend into your environment so completely that you never attract attention in the first place.</p>\n<p>The goal is not to hide.</p>\n<p>The goal is to be so unremarkable that no one remembers you.</p>\n<p>Most criminals are not looking for confrontation. They are looking for opportunity — someone distracted, uncertain, or visibly out of place.</p>\n<p>The gray man approach simply removes that opportunity.</p>\n<h2 id=\"understand-the-environment-before-you-arrive\">Understand the Environment Before You Arrive</h2>\n<p>Preparation is the easiest form of risk reduction.</p>\n<p>Every destination has its own rhythm — neighbourhoods with different reputations, transportation systems that function differently, and scams that target predictable tourist behaviour.</p>\n<p>Many tourist scams operate by blending into normal tourism activity: taxis, street vendors, casual conversations, or unofficial “guides.” Without context, visitors often struggle to recognize the deception.</p>\n<p>Before arriving somewhere new, take a few minutes to understand:</p>\n<ul>\n<li>Which neighbourhoods are safe and which to avoid</li>\n<li>How transportation and taxis normally work</li>\n<li>Common scams reported in that city</li>\n<li>Local expectations around tipping, bargaining, and pricing</li>\n</ul>\n<p>Scammers depend on visitors not knowing what “normal” looks like.</p>\n<p>Establish that baseline before you land.</p>\n<h2 id=\"manage-your-signature\">Manage Your Signature</h2>\n<p>In security circles this is called <strong>signature management</strong>.</p>\n<p>Everything about you communicates signals: clothing, luggage, posture, behaviour, and even how you interact with your surroundings.</p>\n<p>Large designer bags, expensive watches, oversized camera equipment, and highly branded clothing immediately identify you as a visitor. Bright logos and conspicuous brands do the same.</p>\n<p>Ironically, overly tactical gear can be just as conspicuous. Many people attempting the “gray man” approach mistakenly dress like a character from a survival film — tactical backpacks, MOLLE webbing, and combat boots. The result is the opposite of blending in.</p>\n<p>The gray man approach sits in the middle:</p>\n<ul>\n<li>Neutral colours</li>\n<li>Simple clothing</li>\n<li>Functional but understated gear</li>\n<li>Nothing that signals wealth or special preparation</li>\n</ul>\n<p>Dress like the people around you.</p>\n<p>If someone later tried to describe you, the ideal response would be:<br>\n“I don’t really remember.”</p>\n<h2 id=\"move-like-you-belong\">Move Like You Belong</h2>\n<p>Clothing is only part of the equation. Body language often reveals far more.</p>\n<p>People who appear distracted, hesitant, or uncertain are more likely to be perceived as easy targets. Confident movement communicates the opposite.</p>\n<p>When navigating unfamiliar environments:</p>\n<ul>\n<li>Walk at the pace of local foot traffic</li>\n<li>Maintain upright posture</li>\n<li>Keep your head up instead of staring at your phone</li>\n<li>Avoid stopping abruptly in crowded areas</li>\n</ul>\n<p>If you need to check directions, step into a café or store rather than standing on the street looking lost.</p>\n<p>Confidence is not about knowing exactly where you are going.</p>\n<p>It is about looking like you do.</p>\n<h2 id=\"maintain-situational-awareness\">Maintain Situational Awareness</h2>\n<p>Situational awareness is the most valuable skill a traveller can develop.</p>\n<p>Unfortunately, modern habits often degrade it. Headphones eliminate environmental sound. Phones absorb attention. Alcohol reduces perception and reaction time.</p>\n<p>Every environment has a <strong>baseline</strong> — the normal rhythm of movement and behaviour.</p>\n<p>When something deviates from that baseline, it deserves attention.</p>\n<p>Examples include:</p>\n<ul>\n<li>Someone lingering where people normally pass through</li>\n<li>A person repeatedly appearing in multiple locations</li>\n<li>Behaviour focused specifically on you rather than the environment</li>\n</ul>\n<p>Most opportunistic crime relies on one assumption: people are not paying attention.</p>\n<p>Simply observing what is happening around you removes much of that advantage.</p>\n<h2 id=\"protect-your-digital-trail\">Protect Your Digital Trail</h2>\n<p>Modern travel adds a second layer of exposure: digital visibility.</p>\n<p>Real-time social media posts, location tags, and public check-ins reveal more than most travellers realize. They can disclose your location, your accommodation, and even that your home is currently empty.</p>\n<p>A few simple practices reduce that risk:</p>\n<ul>\n<li>Disable geotagging on your camera</li>\n<li>Post photos after leaving a location</li>\n<li>Avoid broadcasting hotel names in real time</li>\n<li>Use a VPN on public Wi-Fi networks</li>\n</ul>\n<p>Public networks in hotels, airports, and cafés are convenient but inherently untrusted.</p>\n<p>Treat them accordingly.</p>\n<h2 id=\"secure-your-accommodation\">Secure Your Accommodation</h2>\n<p>Your hotel room should function as a secure base.</p>\n<p>Simple habits significantly improve safety:</p>\n<ul>\n<li>Choose rooms between the third and sixth floors</li>\n<li>Confirm deadbolts and locks work properly</li>\n<li>Keep valuables out of sight</li>\n<li>Store digital copies of travel documents securely online</li>\n</ul>\n<p>Portable door wedges or compact travel locks weigh almost nothing and provide an additional layer of protection.</p>\n<p>Equally important is redundancy. If physical documents are lost or stolen, secure digital copies can dramatically simplify recovery.</p>\n<h2 id=\"avoid-predictable-patterns\">Avoid Predictable Patterns</h2>\n<p>Predictability creates vulnerability.</p>\n<p>If someone wanted to observe your movements, predictable routines would make it easy.</p>\n<p>Many travellers unintentionally create patterns:</p>\n<ul>\n<li>Leaving their hotel at the same time every day</li>\n<li>Walking the same route repeatedly</li>\n<li>Returning at predictable hours</li>\n</ul>\n<p>Changing those patterns requires almost no effort:</p>\n<ul>\n<li>Vary your walking routes</li>\n<li>Leave at slightly different times</li>\n<li>Use different entrances when possible</li>\n</ul>\n<p>Small variations introduce uncertainty — and uncertainty discourages opportunistic targeting.</p>\n<h2 id=\"build-rapport-with-locals\">Build Rapport With Locals</h2>\n<p>The gray man philosophy is not about isolation.</p>\n<p>In fact, one of the most effective safety mechanisms is <strong>human connection</strong>.</p>\n<p>When you interact respectfully with locals — café owners, bartenders, shopkeepers — you build informal allies who understand the environment far better than you do.</p>\n<p>Those relationships often produce small but valuable insights:</p>\n<ul>\n<li>Which areas to avoid</li>\n<li>Which scams are currently active</li>\n<li>When something unusual is happening nearby</li>\n</ul>\n<p>Travel becomes safer — and far more rewarding — when you engage with the people who live there.</p>\n<h2 id=\"the-real-value-of-travel\">The Real Value of Travel</h2>\n<p>Adventure does not require crossing oceans.</p>\n<p>A neighbouring city, a provincial park, or an unfamiliar corner of your own region can provide the same perspective shift as a distant country.</p>\n<p>The value of travel lies less in distance and more in awareness.</p>\n<p>When you move through unfamiliar environments thoughtfully — blending in, observing carefully, and engaging respectfully — you begin to see the world differently.</p>\n<p>You notice more.<br>\nYou interact more.<br>\nYou understand more.</p>\n<p>Safety does not diminish adventure.</p>\n<p>Handled correctly, it makes adventure possible.</p>\n<p>Stay observant.<br>\nBlend in.<br>\nEnjoy the ride.</p>\n<hr>\n<h2 id=\"ethics-statement\">Ethics statement</h2>\n<p>This article is written from the perspective of a cybersecurity and risk management practitioner and reflects general security principles applied to travel and personal safety. It is intended to support informed decision-making and situational awareness for travellers rather than to promote any particular product, service or commercial solution.</p>\n<p>The concepts discussed — including situational awareness, digital hygiene, and behavioural risk management — are widely documented in security, law-enforcement and travel-risk literature. Where interpretations are offered, they are presented in good faith based on publicly available information and professional experience.</p>\n<p>No confidential information, proprietary data, or non-public sources were used in preparing this article. The views expressed are the author’s own and are provided in a personal capacity. They do not necessarily reflect the views, policies or positions of the author’s employer, clients or any affiliated organizations.</p>\n<p>Generative AI tools were used to assist with research, synthesis of publicly available sources and editorial review. All analysis, conclusions and final editorial decisions were made by the author.</p>\n<h2 id=\"disclaimer\">Disclaimer</h2>\n<p>This article is provided for general informational and educational purposes only. It does not constitute legal, security, travel, or professional advice, and it should not be relied upon as a substitute for professional consultation tailored to your circumstances.</p>\n<p>Travel conditions, crime patterns, legal requirements and security risks vary significantly by location and over time. Readers should conduct their own research and exercise independent judgement when planning travel or making safety decisions.</p>\n<p>The author makes no guarantee regarding safety outcomes and assumes no liability for actions taken based on the information presented. Any references to techniques, tools or behaviours are intended as general awareness guidance rather than prescriptive recommendations.</p>\n<h2 id=\"keywords\">Keywords</h2>\n<p>#TravelSecurity #GrayMan #SituationalAwareness #TravelSafety #SmartTravel #RiskManagement #PersonalSecurity #UrbanSafety #TravelTips #OperationalSecurity #OpSec #DigitalPrivacy #CyberHygiene #TravelAdvice #SecurityMindset #TravelSmart #TravelPrepared #GlobalTravel #SoloTravel #AdventureTravel #TravelStrategy #SecurityAwareness #PersonalRisk #SecurityLeadership #ExecutiveTravel #TravelRisk #SafetyFirst #BlendingIn #StreetSmarts #ModernTravel</p>\n<img src=\"https://cdn.uploads.micro.blog/255457/2026/b70ea744a7.png\">",
        "date_published": "2026-04-10T08:19:05-04:00",
        "url": "https://kiledjian.com/2026/04/10/the-art-of-the-gray.html",
        "tags": ["Cybersecurity \u0026 Privacy","Travel \u0026 Aviation"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/04/05/emdash-challenges-the-way-wordpress.html",
        "title": "EmDash challenges the way WordPress has been secured",
        "content_html": "<p>Cloudflare has introduced EmDash as a spiritual successor to WordPress. That is the headline. The more important issue is the architecture behind it.</p>\n<p>For years, WordPress has balanced flexibility and scale against a plugin model built on a high degree of trust. That trade-off helped make it the dominant publishing platform on the web. It also contributed to one of its most persistent security weaknesses.</p>\n<p>Cloudflare’s argument is that this model no longer suits the modern internet.</p>\n<p>EmDash is an open-source content management system built in TypeScript on Astro. It is designed for serverless operation, while remaining portable to Node.js environments. More importantly, it changes the trust model for plugins. Rather than allowing plugins to run in a broadly shared application context, EmDash isolates them in separate Worker environments and requires them to declare the capabilities they need.</p>\n<p>That matters.</p>\n<p>The difference is not cosmetic. It is architectural. A plugin that needs to read content and send an email should be able to do those things and nothing more. That is a stronger starting point than an older model in which extensibility often came with broad access to application logic, data and execution paths.</p>\n<p>That is the real significance of EmDash. It is not simply newer than WordPress. It is built on the premise that third-party code should be constrained by design.</p>\n<p>Cloudflare has also included other modern defaults. EmDash supports passkeys by default, allows pluggable authentication and includes import paths for WordPress content. It also includes built-in support for MCP and x402, which suggests Cloudflare is thinking not only about publishing, but also about how publishing may change as AI agents and machine-to-machine interaction become more common.</p>\n<p>That does not make EmDash the future of content management. Not yet.</p>\n<p>It remains an early preview. WordPress still has significant advantages in maturity, ecosystem depth, operational familiarity and community reach. Those are material advantages. Clean architecture alone will not determine adoption. Developer tooling, migration effort, ecosystem confidence and long-term governance will matter as much as the technical model.</p>\n<p>Even so, EmDash is worth watching.</p>\n<p>For security leaders, the takeaway is straightforward. Platforms should no longer be judged only by features, themes or ease of deployment. They should also be judged by how they contain third-party code, reduce implicit trust and limit the blast radius when something goes wrong.</p>\n<p>On that measure, EmDash is asking the right question.</p>\n<p>Whether it becomes a true successor to WordPress remains uncertain. Whether it reflects a more defensible approach to building a publishing platform is easier to answer.</p>\n<p>It does.</p>\n<h2 id=\"ethics-and-disclaimer\">Ethics and disclaimer</h2>\n<p>This article reflects my personal views only. It does not represent the views, positions or opinions of my employer, clients, partners, suppliers, customers or any affiliated organization.</p>\n<p>This commentary is based on Cloudflare’s public announcement and related project materials available at the time of writing. It assesses the architectural direction Cloudflare is describing, not the long-term success, operational maturity or security effectiveness of the platform in production use.</p>\n<p>I have not conducted an independent security assessment of EmDash, reviewed the full source code in depth or tested the platform in a live production environment. Any observations about security value, adoption potential or strategic relevance should be read as analysis and opinion, not as verified proof of performance.</p>\n<p>This article is provided for general information and discussion only. It is not legal, technical, security, procurement, investment or professional advice, and it should not be relied upon as such. Readers should conduct their own due diligence and seek appropriate professional advice before making technology, architecture or security decisions.</p>\n<p>Generative AI tools were used to assist with research and editing.</p>\n<p>Source:\n<a href=\"https://blog.cloudflare.com/emdash-wordpress/\" target=\"_blank\" rel=\"noopener noreferrer\">blog.cloudflare.com/emdash-wo&hellip;</a></p>\n<img src=\"https://cdn.uploads.micro.blog/255457/2026/0a8647753d.png\">",
        "date_published": "2026-04-05T23:42:06-04:00",
        "url": "https://kiledjian.com/2026/04/05/emdash-challenges-the-way-wordpress.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/03/10/codewall-says-it-hacked-mckinseys.html",
        "title": "CodeWall says it hacked McKinsey’s AI platform. Here’s what holds up — and what doesn’t.  ",
        "content_html": "<p>This reflects my personal assessment of publicly available reporting and CodeWall’s published blog post. I was not involved in the testing, I do not have access to McKinsey’s internal facts or forensic findings, and my views should be read as commentary and opinion rather than statements of verified fact.</p>\n<p>A security startup called CodeWall claims its autonomous agent compromised McKinsey’s internal AI platform, Lilli, within two hours and gained unauthenticated read-write access to a production database containing tens of millions of consultant conversations. The vulnerability appears credible. The claimed scope of impact is not fully evidenced. The primary CodeWall post is here: <a href=\"https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform.\" target=\"_blank\" rel=\"noopener noreferrer\">codewall.ai/blog/how-&hellip;</a> Independent reporting by Jessica Lyons in The Register is here: <a href=\"https://www.theregister.com/2026/03/09/mckinsey_ai_chatbot_hacked/.\" target=\"_blank\" rel=\"noopener noreferrer\">www.theregister.com/2026/03/0&hellip;</a></p>\n<h2 id=\"what-is-likely-true\">What is likely true</h2>\n<p>The attack chain CodeWall describes — publicly exposed API documentation, unauthenticated endpoints, SQL injection through unsafely handled JSON keys and IDOR chaining — is plausible and technically sound. JSON key injection is an uncommon vector. Most security testing tools and methodologies focus on input values, not field names. If Lilli’s backend parameterized values while concatenating keys directly into SQL, that would create a blind spot many assessments could miss.</p>\n<p>McKinsey’s response supports the credibility of the finding. In The Register, journalist Jessica Lyons reported that McKinsey acknowledged the issues, patched them within hours and said its forensic review found no evidence that client data or confidential information were accessed by the researcher or any unauthorized party. That report also quotes CodeWall CEO Paul Price on the company’s use of an autonomous agent.</p>\n<p>The prompt-layer risk CodeWall highlights is also substantive. If Lilli’s system prompts — the instructions governing how the AI behaves — were stored in the same database to which the agent had write access, an attacker could alter AI behaviour at scale without a traditional code deployment and potentially outside standard release controls. Many organizations have not explicitly modelled this threat, and prompt-layer integrity controls remain immature in many environments.</p>\n<h2 id=\"what-is-overstated-or-unproven\">What is overstated or unproven</h2>\n<p>CodeWall claims 46.5 million chat messages, 728,000 files, 57,000 user accounts and hundreds of thousands of AI configurations were accessible. The blog provides no proof-of-concept payloads, no hashes, no screenshots and no evidence showing privilege boundaries. It is unclear whether those figures represent records the agent actually retrieved, database row counts inferred from metadata or something in between.</p>\n<p>More importantly, the blog conflates three categories that any security professional should keep separate: what was theoretically reachable, what was actually accessed and what was verified as exfiltrated. CodeWall emphasizes reachability. McKinsey’s statement addresses investigated access. Both could be true at the same time, but the blog does not clearly distinguish between them.</p>\n<p>The two-hour timeline also deserves scrutiny. Blind SQL injection is typically slow because extraction happens incrementally. The post suggests verbose error messages may have accelerated discovery, which implies the path may have combined error-assisted identification with later blind or semi-blind extraction. That is plausible, but the article does not provide enough technical detail to substantiate a claim of full production read-write access within two hours and 15 iterations.</p>\n<p>The assertion that a modified prompt “leaves no log trail” is also too absolute. Whether prompt tampering is detectable depends on the target’s database audit logging, configuration versioning and anomaly detection. Mature organizations may log or detect these events. The blog presents the point too categorically.</p>\n<h2 id=\"what-is-concerning-about-the-disclosure-itself\">What is concerning about the disclosure itself</h2>\n<p><strong>Autonomous target selection</strong></p>\n<p>CodeWall presents the fact that its agent independently chose McKinsey as a target as a feature. An AI system deciding whom to attack — even if limited to organizations with disclosure policies — raises serious questions about operator control, authorization and liability. That issue deserves careful scrutiny, not celebration.</p>\n<p><strong>Unresolved scope authorization</strong></p>\n<p>The blog cites McKinsey’s HackerOne responsible disclosure policy as justification, but neither the blog nor independent reporting confirms whether Lilli’s production infrastructure was explicitly in scope for that programme. A disclosure policy is not blanket authorization to enumerate a production database. McKinsey’s public policy is referenced by CodeWall here: <a href=\"https://hackerone.com/mckinsey-and-company.\" target=\"_blank\" rel=\"noopener noreferrer\">hackerone.com/mckinsey-&hellip;</a></p>\n<p><strong>Rushed disclosure</strong></p>\n<p>The issue was discovered Feb. 28, 2026. The public blog was published March 9. McKinsey may have patched quickly, but rapid remediation is not the same as a completed forensic review, variant analysis and confirmation that the vulnerability had not previously been exploited by others. Nine days is a compressed window for all of that.</p>\n<p>The published timeline also appears to contain a date inconsistency issue discussed in commentary around the post. If there was a typo in an earlier version, it is minor. Even so, in a report making very large claims, editorial sloppiness weakens confidence.</p>\n<h2 id=\"what-security-leaders-should-take-away\">What security leaders should take away</h2>\n<p>This is a conventional application security failure on a platform that happens to run AI workloads. The described attack path — exposed documentation, missing authentication, SQL injection, verbose errors and IDOR — is textbook web and API security. Framing it as an “AI platform hack” is effective marketing. Technically, it is a severe application security failure with AI-specific consequences.</p>\n<p>Two lessons are worth acting on regardless of the blog’s evidentiary gaps.</p>\n<p>First, treat your AI prompt and configuration layer as a crown-jewel asset. If system prompts reside in the same data store as operational data, and that store is reachable through any injection or access-control flaw, you have created a single point of compromise that can silently alter AI behaviour at scale. Apply integrity controls, versioning and monitoring accordingly.</p>\n<p>Second, audit for JSON key injection. If any application accepts JSON in which field names are dynamic, and those names are later used in query construction — whether SQL, NoSQL or ORM-generated queries — standard scanning tools may miss it. That requires targeted review.</p>\n<p><strong>The bottom line:</strong> CodeWall likely found a serious vulnerability. Its blog overstates what was proven, blurs critical distinctions between access and exfiltration, and leaves unresolved questions about authorization and disclosure discipline. The strategic lesson is real, but it is about secure architecture, access control and prompt integrity — not a new class of AI exploit.</p>\n<p><strong>Sources and named parties referenced:</strong> CodeWall; McKinsey &amp; Company; Paul Price, CEO of CodeWall; Jessica Lyons, The Register.</p>\n<h2 id=\"ethics-statement\">Ethics statement</h2>\n<p>This article is intended to support informed discussion about a publicly reported security incident involving CodeWall’s claims about McKinsey’s AI platform, Lilli. It aims to distinguish clearly between CodeWall’s published assertions, McKinsey’s public response, independent media reporting and the author’s professional interpretation. Where facts remain unverified, disputed or incomplete, that uncertainty is stated rather than assumed away. This article does not endorse unauthorized testing, autonomous target selection or activity that exceeds clearly defined responsible disclosure boundaries.</p>\n<h2 id=\"disclaimer\">Disclaimer</h2>\n<p>This article is provided for general information, commentary and discussion purposes only. It is not legal, security, privacy, compliance or other professional advice, and it should not be relied upon as such. The analysis is based on publicly available information at the time of writing, including CodeWall’s blog post, McKinsey’s public statements and independent reporting. The author was not involved in the testing, does not have access to McKinsey’s internal systems, logs or forensic findings, and cannot independently verify all technical or factual claims made by the parties involved. Any errors or omissions are unintentional. The views expressed are those of the author in a personal capacity and do not represent the views of any employer, client, partner or affiliated organization. Generative AI tools were used to assist with research and editing.</p>\n<p>Keywords : #CyberSecurity #AppSec #AI #AIAgents #AISecurity #LLMSecurity #PromptSecurity #PromptInjection #ResponsibleDisclosure #VulnerabilityDisclosure #BugBounty #HackerOne #SQLInjection #IDOR #APISecurity #WebSecurity #SecurityResearch #ThreatModeling #SecureByDesign #SecurityLeadership #RiskManagement #DigitalTrust #InfoSec #SecurityGovernance #DataSecurity #CloudSecurity #RedTeam #BlueTeam #CyberRisk #McKinsey</p>\n<img src=\"https://cdn.uploads.micro.blog/255457/2026/4ac71a6675.png\">",
        "date_published": "2026-03-10T07:51:40-04:00",
        "url": "https://kiledjian.com/2026/03/10/codewall-says-it-hacked-mckinseys.html",
        "tags": ["Artificial Intelligence","Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/02/23/your-encrypted-email-is-a.html",
        "title": "Your encrypted email is a neon sign: applying the grey man principle to digital privacy",
        "content_html": "<p>Every security blog, podcast and YouTube channel gives you the same advice. Use ProtonMail. Switch to Signal. Route everything through Tor. Encrypt your hard drive. The message is always the same: encrypt everything and you will be safe.</p>\n<p>I have spent more than 25 years in cybersecurity. I have built intelligence platforms for government agencies and I run security operations for a global enterprise. And I am going to tell you something most privacy guides will not: <strong>by following that advice to the letter, you may be making yourself a target instead of protecting yourself.</strong></p>\n<p>In the survival and preparedness community, there is a well-known concept called the grey man. The idea is simple. The person who blends into a crowd is the person nobody notices, nobody remembers and nobody targets. The grey man does not wear tactical pants and Oakley sunglasses to the grocery store. He does not carry a bag covered in morale patches. He dresses like everyone else, moves like everyone else and disappears into the baseline of his environment.</p>\n<p>Now apply that same thinking to your digital life.</p>\n<h2 id=\"two-goals-that-most-advice-conflates\">Two goals that most advice conflates</h2>\n<p>Most people are trying to solve one or both of these problems when they think about digital privacy:</p>\n<p><strong>Confidentiality</strong> — can someone read your message, file or conversation?</p>\n<p><strong>Inconspicuousness</strong> — do your tools and patterns make you easier to flag, profile or remember?</p>\n<p>Encryption is excellent at confidentiality. It is not a complete strategy for inconspicuousness. Most security advice treats them as the same problem, and they are not. The grey man principle is about the second goal: reducing the signal you send to anyone deciding whether to pay attention to you.</p>\n<h2 id=\"the-tactical-tuxedo-problem\">The tactical tuxedo problem</h2>\n<p>When you swap your Gmail address for a ProtonMail address on your business card, you are making a statement. When your email traffic is end-to-end encrypted while everyone around you relies on standard transport encryption, you stand out. When your network traffic routes through Tor while your colleagues browse normally, you are the equivalent of the person wearing a plate carrier at a coffee shop.</p>\n<p>You may be more protected. But you have already failed the first test of the grey man: not being noticed.</p>\n<p>This is not a theoretical concern. The Snowden disclosures gave us concrete proof. The National Security Agency’s XKeyscore system could be used to identify and flag users of encryption and anonymity tools. Disclosed NSA documents and training materials showed that the system could run queries like “all PGP usage in Iran” and would flag anyone connecting to Tor directory servers for further scrutiny and potential longer-term data retention. The XKeyscore rules explicitly labelled Tails — a privacy-focused Linux distribution — as “a comsec mechanism advocated by extremists on extremist forums.”</p>\n<p>The very tools the security community recommends were being used as selectors to identify people for closer surveillance. Using them did not make you invisible. It made you interesting.</p>\n<h2 id=\"metadata-is-the-real-intelligence\">Metadata is the real intelligence</h2>\n<p>Here is something most privacy advice overlooks entirely. Intelligence agencies, law enforcement and even corporate adversaries often derive more value from metadata than from the content of your messages: who you talk to, when, how often and what tools you use.</p>\n<p>Edward Snowden said it plainly: metadata is extraordinarily intrusive. As an analyst, he preferred looking at metadata over content because it is quicker, easier and does not lie.</p>\n<p>ProtonMail encrypts your message body. Email as a protocol necessarily exposes routing metadata — who you are emailing, when and how frequently — and providers can be compelled to produce certain logs. Subject lines, depending on provider and configuration, may not be end-to-end encrypted either. In 2021, ProtonMail was compelled by a Swiss court order to log the IP address of a French climate activist after French police routed their request through Europol and Swiss authorities. The content was protected. The metadata told the story anyway.</p>\n<p>A 2021 FBI training document obtained through a freedom-of-information request laid this out with striking clarity. It catalogued exactly what data the FBI can legally obtain from nine major messaging apps. Signal gives up almost nothing: registration date and last connection date. WhatsApp, on the other hand, provides subscriber records and address book contacts in response to subpoena and search warrant, plus source and destination metadata for every message via pen register updated every 15 minutes, and potentially message content through iCloud backups if enabled and not end-to-end encrypted. The document confirmed what practitioners already knew: even when content encryption holds, metadata can be extraordinarily revealing.</p>\n<p>The same pattern applies to most encrypted tools. Signal encrypts your messages end to end. But your phone still registers on a cell tower. Your contacts still generate a social graph. And if a forensic examiner gets physical access to your device, tools like Cellebrite can extract and render message data when a device is unlocked or otherwise accessible — a reminder that end-to-end encryption protects data in transit, not at the endpoint.</p>\n<p>Encryption protects your content. It does not make you invisible. That distinction matters enormously.</p>\n<h2 id=\"cryptography-versus-steganography-two-different-philosophies\">Cryptography versus steganography: two different philosophies</h2>\n<p>This is where the grey man concept maps perfectly to information security, and where most advice goes wrong.</p>\n<p>There are two different approaches to secure communication. Cryptography says: you can see that I am communicating, but you cannot read what I am saying. It provides privacy. Steganography says: you do not even know that I am communicating. It provides secrecy.</p>\n<p>The grey man’s philosophy is steganographic. He does not wear body armour under a neon vest. He wears a plain jacket and carries a nondescript bag. His protection is real but invisible.</p>\n<p>Most security advice is purely cryptographic. It wraps everything in visible encryption and then broadcasts the fact that you are someone who encrypts. To an intelligence analyst or adversary looking for targets of interest, that is a signal, not a shield.</p>\n<p>The smartest attackers already understand this. Living off the land (LOTL) techniques are the offensive equivalent of the grey man. Instead of deploying custom malware that triggers every alarm, sophisticated threat actors use PowerShell, Windows Management Instrumentation and other tools already present in the target environment. They blend into normal operations and become nearly undetectable. The grey man defender should think the same way: blend into normal digital patterns while quietly maintaining protection where it counts.</p>\n<h2 id=\"a-digital-grey-man-playbook\">A digital grey man playbook</h2>\n<p>What does a grey man approach to digital privacy actually look like? It starts with your threat model.</p>\n<p><strong>Know your actual adversary.</strong> If you are a journalist protecting a source from a nation-state, use Tails and Tor and accept the visibility trade-off because the cost of exposure is higher than the cost of being flagged. But if you are a professional trying to protect your personal data from brokers, credential stuffing and opportunistic criminals — which describes the vast majority of people — the grey man approach is far more effective.</p>\n<p><strong>Use mainstream tools with disciplined hygiene.</strong> A Gmail account secured with a hardware security key, unique passwords and no third-party app access is harder to compromise than a ProtonMail account with a reused password and no second factor. The Gmail account also generates zero signal that you are a person who prioritizes privacy.</p>\n<p><strong>Own your outward identity. Route privately behind the scenes.</strong> One of the simplest grey man moves is to avoid making your privacy tool your public identity. Instead of giving out a recognizable “privacy brand” email address, use a neutral personal domain as your outward-facing address and route it to whatever service you trust on the back end. The outer layer is unremarkable. The inner layer is capable. This does not solve metadata, but it eliminates the superficial signal that your vendor choice otherwise broadcasts.</p>\n<p><strong>Layer protection inside normal channels.</strong> If you need to send a truly sensitive message, encrypt the content within a mainstream platform rather than switching to a conspicuous one. A password-protected attachment sent through Outlook is functionally encrypted and draws no unusual attention, provided you use a strong encryption format and share the passphrase through a separate channel. An encrypted file sent as a normal-looking attachment through a mainstream provider blends into ordinary business traffic.</p>\n<p><strong>Compartmentalize instead of centralizing.</strong> A common mistake is building a single “secure identity” and using it for everything. A more resilient approach is clear compartmentalization: a mainstream address for shopping, newsletters and low-risk accounts; a work address for corporate life; a privacy-focused workflow reserved for genuinely sensitive exchanges. The point is not secrecy for its own sake. It is limiting blast radius and avoiding the pattern where everything interesting about you lives in one place.</p>\n<p><strong>Resist the urge to encrypt everything.</strong> Not every message needs end-to-end encryption. Treating your lunch plans and your tax documents with the same level of cryptographic ceremony is like wearing a plate carrier to walk the dog. It wastes effort and draws attention. Apply strong protection where the data justifies it and use normal channels for everything else.</p>\n<p><strong>Let mainstream adoption be your camouflage.</strong> Signal has crossed a useful threshold: it is now mainstream enough that using it does not automatically signal paranoia. iMessage is even more grey because it is the default messaging platform across a massive installed base of Apple devices — and its end-to-end encryption is built into that default experience. When a security tool becomes widespread enough, using it stops being a signal and starts being baseline. Choose tools that have crossed that line.</p>\n<p><strong>Manage operational friction, because friction becomes a signal.</strong> When you force everyone around you to adopt unfamiliar, high-assurance tools for routine conversations, two things happen. You become memorable — the person who makes everything complicated. And people create workarounds: screenshots, forwards, copy-pastes, “can you just text me instead?” Those workarounds often erase the security gains you thought you achieved. A practical posture accepts that not every conversation is a high-risk event. Use secure mainstream defaults for routine coordination. Reserve high-assurance channels for high-assurance topics.</p>\n<p><strong>Avoid sudden behavioural shifts.</strong> Many monitoring systems are less interested in what you do than in how abruptly you change. A sudden pivot from normal app usage to always-on VPN, Tor-only browsing and niche encrypted services is a strong anomaly even if it is motivated by perfectly legitimate privacy concerns. If you are changing your posture, do it gradually and deliberately. The grey man does not suddenly start moving differently from everyone else. He transitions without creating a stimulus that triggers notice.</p>\n<p><strong>Mind your digital body language.</strong> In the physical world, the grey man avoids sweeping gestures, direct eye contact and anything that projects heightened awareness. The digital equivalent is avoiding privacy-obsessed usernames, not posting about your operational security practices on forums and not configuring your browser so aggressively that websites fingerprint you as unusual. A user running Brave with every tracking shield maxed out, using a VPN from a residential IP and blocking all JavaScript is not invisible. They are a unicorn.</p>\n<p><strong>Treat travel as a separate threat model.</strong> If you expect enhanced scrutiny at a border crossing or in a high-risk environment, apply the grey man principle directly. Carry a travel device with minimal data and minimal accounts. Use ordinary, supportable configurations. Do not create a puzzle-box posture that invites questions. This is not about defeating lawful processes. It is about reducing unnecessary exposure and avoiding avoidable complexity in environments where you have fewer controls.</p>\n<h2 id=\"when-to-break-grey\">When to break grey</h2>\n<p>There are situations where the grey man approach is the wrong call and maximum encryption is the correct choice, visibility be damned.</p>\n<p>Journalists protecting sources under authoritarian regimes. Whistleblowers communicating with oversight bodies. Activists co-ordinating under state surveillance. Human rights workers in hostile countries. In these scenarios, the cost of having your content exposed dramatically outweighs the cost of being flagged as someone who uses encrypted tools. If you are in one of these situations, you already know it, and the full suite of privacy tools exists specifically for you.</p>\n<p>But for the vast majority of people who receive generic security advice, the grey man approach delivers a better balance of protection and practicality.</p>\n<h2 id=\"the-bottom-line\">The bottom line</h2>\n<p>The best security posture is not always the most encrypted one. Sometimes it is the most invisible one.</p>\n<p>Real-world security is not a fortress. It is a set of trade-offs. Encryption is necessary. It is not sufficient. Strong tools protect content, but they do not automatically hide relationships, patterns or intent.</p>\n<p>If your objective includes “do not stand out,” your strategy should favour secure defaults inside mainstream behaviour, compartmentalization to limit blast radius, selective escalation for genuinely sensitive scenarios and a bias toward boring, stable and supportable choices.</p>\n<p>The physical grey man knows that the most dangerous moment is not the confrontation. It is target selection. If you are chosen, you are already at a disadvantage. The same is true in the digital world. Every tool, every habit and every configuration choice you make sends a signal about who you are and what you are protecting. The goal is not to send a signal that says “I have something to hide.” The goal is to send no signal at all.</p>\n<p>Stop dressing your digital life in tactical gear. Start blending in.</p>\n<hr>\n<h2 id=\"ethics-statement\">Ethics statement</h2>\n<p>This article is intended to support informed discussion about personal digital privacy and security trade-offs. It aims to describe surveillance capabilities, metadata exposure and privacy tool limitations accurately; avoid sensationalism; and distinguish clearly between documented disclosures, publicly reported events and the author’s professional interpretation. Where uncertainty exists — including where tool capabilities, provider policies or legal frameworks may vary by jurisdiction — it is explicitly acknowledged. This article does not advocate unlawful evasion of legal processes, unauthorized circumvention of security controls or any activity intended to obstruct lawful investigations.</p>\n<h2 id=\"disclaimer\">Disclaimer</h2>\n<p>This article is provided for general information and discussion purposes only. It is not legal, security, privacy or professional advice, and it should not be relied upon as such. Technical capabilities, provider policies, encryption implementations, legal frameworks and surveillance practices are subject to change. Threat models, legal obligations and acceptable risk vary by individual, organization and jurisdiction. Any errors or omissions are unintentional. The views expressed are those of the author in a personal capacity and do not represent the views of any employer, client, partner or affiliated organization. Generative AI tools were used to assist with research and editing.</p>\n<hr>\n<h2 id=\"keywords\">Keywords</h2>\n<p>#DigitalPrivacy #Cybersecurity #InfoSec #ThreatModeling #OPSEC #Encryption #Metadata #PrivacyStrategy #OnlineSecurity #SecurityAwareness #RiskManagement #CyberRisk #DataProtection #CyberResilience #IdentitySecurity #AccountSecurity #MFA #HardwareSecurityKey #ZeroTrust #AnomalyDetection #BehavioralAnalytics #BrowserFingerprinting #SecureDefaults #Compartmentalization #DataBrokers #CredentialStuffing #Surveillance #SignalsIntelligence #EndpointSecurity #TravelSecurity #PrivacyTools #SignalApp #TorNetwork #ProtonMail #iMessage #OperationalSecurity #GreyMan #PrivacyEngineering #CyberHygiene</p>\n<img src=\"https://cdn.uploads.micro.blog/255457/2026/91b87496e2.png\">",
        "date_published": "2026-02-23T01:51:00-04:00",
        "url": "https://kiledjian.com/2026/02/23/your-encrypted-email-is-a.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/01/06/the-stein-standard-what-the.html",
        "title": "The \"Stein Standard\": What the OpenAI ruling means for privacy and discovery  ",
        "content_html": "<p>On Jan. 5, 2026, U.S. District Judge Sidney Stein affirmed a significant discovery order requiring OpenAI to produce 20 million de-identified ChatGPT conversation logs to plaintiffs in the consolidated copyright litigation involving The New York Times and other publishers.</p>\n<p>As security and privacy professionals, we often warn about &ldquo;Shadow AI&rdquo; and data leakage. This ruling makes those risks concrete. Here is a balanced analysis of what happened and what it means for Canadian organizations.</p>\n<p>What the court ordered</p>\n<ul>\n<li>OpenAI must produce a sample of 20 million de-identified ChatGPT logs.</li>\n<li>The requested period is Dec. 2022 to Nov. 2024.</li>\n<li>OpenAI’s objections on privacy risk and undue burden were rejected for discovery purposes.</li>\n</ul>\n<p>Scope and safeguards</p>\n<ul>\n<li>Scope: 20 million logs (roughly 0.05 per cent of retained data).</li>\n<li>Safeguards: De-identified data produced under a strict &ldquo;Attorneys&rsquo; Eyes Only&rdquo; protective order.</li>\n</ul>\n<p>Important context</p>\n<ul>\n<li>This is a discovery ruling, not a final decision on copyright infringement.</li>\n<li>This is not a public release of data. The logs are restricted to opposing counsel for analysis.</li>\n</ul>\n<p>Why this matters: The VP perspective<br>\nHere are three takeaways for data governance leaders:</p>\n<ol>\n<li>\n<p>The &ldquo;wiretap&rdquo; distinction<br>\nJudge Stein distinguished ChatGPT interactions from private phone calls (protected under wiretap laws). The court noted that users voluntarily disclose information to a third-party AI, effectively narrowing the expectation of privacy compared to traditional communications.</p>\n</li>\n<li>\n<p>De-identification does not equal anonymity<br>\nWhile the court accepted de-identification as a safeguard for discovery, privacy professionals know this is not a silver bullet. Watch closely to see whether safeguards hold up against adversarial re-identification techniques once data is shared.</p>\n</li>\n<li>\n<p>Discovery is reality<br>\nThis establishes a high-water mark for AI litigation. &ldquo;Big Data&rdquo; is no longer a shield against discovery; courts are willing to compel production of massive datasets if they deem it relevant.</p>\n</li>\n</ol>\n<p>The takeaway<br>\nAssume your inputs into public AI models are discoverable, and govern usage accordingly.</p>\n<p>For Canadian organizations, while this is a U.S. ruling, it impacts the global platforms we rely on. It is a timely prompt to review retention practices and reinforce acceptable-use expectations, especially for sensitive or confidential information.</p>\n<p>How is this shifting your approach to AI governance and acceptable use policies?</p>\n<p>#Privacy #CISO #AI #DataGovernance #LegalTech #CdnTech</p>\n<p>Disclaimer: The views expressed in this post are my own and do not necessarily reflect the official policy or position of my employer. This commentary is based on publicly available information and is provided for informational purposes only. It does not constitute legal advice.</p>\n<p>Keyword: #OpenAI #ChatGPT #SDNY #JudgeStein #Discovery #eDiscovery #Privacy #Cybersecurity #Copyright #CopyrightLitigation #NYTimes #AIGovernance #AcceptableUse #ShadowAI #DataLeakage #DeIdentification #Anonymity #AttorneysEyesOnly #ProtectiveOrder #LegalProcess #Proportionality #DataRetention #RetentionPolicy #DataClassification #DLP #EnterpriseAI #RiskManagement #Compliance #Governance #CanadianTech #CrossBorderData #PrivacyByDesign #ReIdentification #Metadata #Confidentiality #LegalRisk</p>\n<img src=\"https://cdn.uploads.micro.blog/255457/2026/chatgpt-image-jan-6-2026-at-08-23-38-am.png\">",
        "date_published": "2026-01-06T11:23:00-04:00",
        "url": "https://kiledjian.com/2026/01/06/the-stein-standard-what-the.html",
        "tags": ["Artificial Intelligence","Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/01/04/nyc-mayoral-inauguration-bans-flipper.html",
        
        "content_html": "<p><a href=\"https://www.bleepingcomputer.com/news/security/nyc-mayoral-inauguration-bans-flipper-zero-raspberry-pi-devices/\" target=\"_blank\" rel=\"noopener noreferrer\">NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices</a></p>\n<p>The NYC mayoral inauguration has specifically banned Flipper Zero and Raspberry Pi devices from the event. While many common items like weapons and large bags are prohibited, these two specific tech devices were singled out, causing confusion as laptops and phones remain allowed.</p>\n",
        "date_published": "2026-01-04T06:08:00-04:00",
        "url": "https://kiledjian.com/2026/01/04/nyc-mayoral-inauguration-bans-flipper.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/01/04/french-authorities-investigate-ai-undressing.html",
        
        "content_html": "<p><a href=\"https://securityaffairs.com/186460/ai/french-authorities-investigate-ai-undressing-deepfakes-on-x.html\" target=\"_blank\" rel=\"noopener noreferrer\">French authorities investigate AI ‘undressing’ deepfakes on X</a></p>\n<p>French authorities are investigating AI-generated deepfakes on X after hundreds of women and teens reported non-consensual sexually explicit images created using the Grok chatbot. This investigation is part of an existing probe into X, with potential penalties including prison time and fines.</p>\n",
        "date_published": "2026-01-04T01:34:00-04:00",
        "url": "https://kiledjian.com/2026/01/04/french-authorities-investigate-ai-undressing.html",
        "tags": ["Artificial Intelligence","Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/01/04/new-glassworm-malware-wave-targets.html",
        
        "content_html": "<p><a href=\"https://www.bleepingcomputer.com/news/security/new-glassworm-malware-wave-targets-macs-with-trojanized-crypto-wallets/\" target=\"_blank\" rel=\"noopener noreferrer\">New GlassWorm malware wave targets Macs with trojanized crypto wallets</a></p>\n<p>The GlassWorm malware has launched a new wave targeting macOS developers by distributing trojanized crypto wallets through malicious VSCode extensions on the OpenVSX registry. This campaign, which now also targets Keychain passwords, attempts to replace legitimate hardware wallet applications with malicious versions, though this specific functionality is currently failing.</p>\n",
        "date_published": "2026-01-04T01:33:00-04:00",
        "url": "https://kiledjian.com/2026/01/04/new-glassworm-malware-wave-targets.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/01/04/hackers-claim-to-hack-resecurity.html",
        
        "content_html": "<p><a href=\"https://www.bleepingcomputer.com/news/security/hackers-claim-resecurity-hack-firm-says-it-was-a-honeypot/\" target=\"_blank\" rel=\"noopener noreferrer\">Hackers claim to hack Resecurity, firm says it was a honeypot</a></p>\n<p>Hackers claiming to be the &ldquo;Scattered Lapsus$ Hunters&rdquo; allege they breached Resecurity and stole sensitive data, but Resecurity states the accessed systems were a honeypot containing fake information designed to monitor the attackers. The cybersecurity firm claims it collected extensive intelligence on the threat actor&rsquo;s tactics and infrastructure, which has been shared with law enforcement.</p>\n",
        "date_published": "2026-01-04T01:32:00-04:00",
        "url": "https://kiledjian.com/2026/01/04/hackers-claim-to-hack-resecurity.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/01/04/us-action-in-venezuela-provokes.html",
        
        "content_html": "<p><a href=\"https://www.govinfosecurity.com/us-action-in-venezuela-provokes-cyberattack-speculation-a-30439\" target=\"_blank\" rel=\"noopener noreferrer\">US Action in Venezuela Provokes Cyberattack Speculation</a></p>\n<p>The United States launched an armed attack on Venezuela, involving explosions in Caracas and the removal of its president, with Cyber Command involvement. While a grid outage occurred, it remains unclear if a cyberattack was the cause, though the US has previously used cyber warfare and may have crippled Venezuela&rsquo;s oil infrastructure with a cyberattack weeks prior.</p>\n",
        "date_published": "2026-01-04T01:31:00-04:00",
        "url": "https://kiledjian.com/2026/01/04/us-action-in-venezuela-provokes.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/01/04/003800.html",
        
        "content_html": "<p><a href=\"https://github.com/fabriziosalmi/nis2-public\" target=\"_blank\" rel=\"noopener noreferrer\">GitHub - fabriziosalmi/nis2-public: Automated NIS2 Directive compliance scanning and reporting tool</a></p>\n<p>The nis2-public GitHub repository provides an automated NIS2 Directive compliance scanning and reporting tool. It features comprehensive security checks, multiple report formats (HTML, JSON, Markdown), and easy Docker deployment, with options for Prometheus and Grafana integration.</p>\n",
        "date_published": "2026-01-04T00:38:00-04:00",
        "url": "https://kiledjian.com/2026/01/04/003800.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/01/04/thousands-of-coldfusion-exploit-attempts.html",
        
        "content_html": "<p><a href=\"https://securityaffairs.com/186450/uncategorized/thousands-of-coldfusion-exploit-attempts-spotted-during-christmas-holiday.html\" target=\"_blank\" rel=\"noopener noreferrer\">Thousands of ColdFusion exploit attempts spotted during Christmas holiday</a></p>\n<p>During the Christmas 2025 holiday, thousands of exploit attempts were detected targeting Adobe ColdFusion vulnerabilities. A single threat actor, operating from Japan-based infrastructure, was responsible for approximately 98% of the observed attack traffic, exploiting over 10 ColdFusion CVEs from 2023-2024.</p>\n",
        "date_published": "2026-01-04T00:36:00-04:00",
        "url": "https://kiledjian.com/2026/01/04/thousands-of-coldfusion-exploit-attempts.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2026/01/03/the-state-of-blocking-a.html",
        "title": "The State of Blocking: A Guide to Ad Blockers on iOS \u0026 iPadOS",
        "content_html": "<p>For years, “system-wide” ad blocking on iPhone typically meant a trade-off: the most aggressive options relied on a local, device-level tunnel (often presented as a VPN). It worked, but it could add operational friction — especially for anyone who also needs a corporate VPN.</p>\n<p>In 2026, the platform story is materially better, but it is not magical.</p>\n<p>Two Apple capabilities matter most:</p>\n<ul>\n<li><strong>Encrypted DNS (DoH/DoT) configured at the OS level</strong>: mature, stable, and broadly useful for cutting tracking across the device — with important precedence rules when a full VPN is active.</li>\n<li><strong>iOS 26 URL filtering (NEURLFilter)</strong>: a meaningful architectural shift, but best viewed as an <em>emerging</em> foundation that is not yet universally available to consumer-grade ad blockers.</li>\n</ul>\n<p>If you want the simplest answer: <strong>use a Safari content blocker for Safari</strong>, and <strong>use DNS filtering for cross-app tracking reduction</strong>. Treat “VPN-style” blockers as a power option when you explicitly need their added capabilities.</p>\n<h2 id=\"1-what-native-means-in-2026-and-what-it-does-not\">1) What “Native” Means in 2026 (and What It Does Not)</h2>\n<h3 id=\"the-three-implementation-models-you-will-still-see\">The three implementation models you will still see</h3>\n<ol>\n<li>\n<p><strong>Safari Content Blockers (Safari-only)</strong></p>\n<ul>\n<li>Runs through Apple’s content blocking pipeline in Safari.</li>\n<li>Best for: clean pages, fewer pop-ups, less tracking in Safari.</li>\n<li>Trade-off: does not protect traffic inside most apps.</li>\n</ul>\n</li>\n<li>\n<p><strong>OS-Level Encrypted DNS (device-wide domain filtering)</strong></p>\n<ul>\n<li>You set a DNS provider that supports <strong>DNS-over-HTTPS (DoH)</strong> or <strong>DNS-over-TLS (DoT)</strong>.</li>\n<li>Best for: reducing tracking domains across apps without running a tunnel.</li>\n<li>Trade-off: it is domain-level. It cannot selectively remove first-party, same-domain ads, and it will not “clean up” the visual layout in apps.</li>\n</ul>\n</li>\n<li>\n<p><strong>Local Tunnel / DNS Proxy (“VPN icon” approach)</strong></p>\n<ul>\n<li>A local network extension intercepts traffic and applies rules.</li>\n<li>Best for: advanced control, richer logging, and features that exceed what OS-level DNS settings expose.</li>\n<li>Trade-off: can conflict with other VPN use, and adds more moving parts.</li>\n</ul>\n</li>\n</ol>\n<h3 id=\"the-ios-26-shift-neurlfilter-raises-the-ceiling\">The iOS 26 shift: NEURLFilter raises the ceiling</h3>\n<p>iOS 26 introduces a <strong>URL-filtering</strong> framework designed to block or allow requests with stronger privacy properties than traditional approaches. Apple’s stated direction is privacy-preserving filtering where providers can operate with cryptographic safeguards instead of raw visibility into browsing history.</p>\n<p>Two practical realities matter for readers:</p>\n<ul>\n<li><strong>Coverage is not universal.</strong> The system can automatically cover traffic flowing through Apple networking stacks (notably WebKit and URLSession). Apps that do not use those paths may not be covered unless they integrate participation mechanisms.</li>\n<li><strong>Adoption will be gradual.</strong> The operational and distribution requirements (including entitlements and infrastructure) are non-trivial. This is not an overnight consumer market flip.</li>\n</ul>\n<p>Net: <strong>NEURLFilter is a real platform advance, but it is not yet the default path for mainstream consumer ad blocking.</strong></p>\n<h2 id=\"2-apples-distraction-control-reality-check\">2) Apple’s “Distraction Control” Reality Check</h2>\n<p>With iOS 18, Apple added <strong>Distraction Control</strong> in Safari. It is often described as an “Apple ad blocker,” but that is not what it is.</p>\n<p>Distraction Control is best understood as a <strong>cosmetic tool</strong>:</p>\n<ul>\n<li>It is designed to hide static page elements (for example, persistent banners).</li>\n<li>It is <strong>not positioned as a tracking defence</strong>, and it is <strong>not designed to permanently hide ads or frequently changing elements</strong>.</li>\n</ul>\n<p>Verdict: <strong>use it to reduce visual clutter, not as a privacy control.</strong></p>\n<h2 id=\"3-choose-your-setup-in-30-seconds-decision-framework\">3) Choose Your Setup in 30 Seconds (Decision Framework)</h2>\n<p>Use this logic:</p>\n<ul>\n<li>\n<p><strong>If you mainly care about Safari:</strong><br>\nChoose a <strong>Safari content blocker</strong>.</p>\n</li>\n<li>\n<p><strong>If you want to reduce tracking across apps:</strong><br>\nChoose <strong>Encrypted DNS</strong> (a reputable DNS filtering provider).</p>\n</li>\n<li>\n<p><strong>If you rely on a corporate VPN:</strong><br>\nPrefer <strong>Safari content blocking</strong> for browsing cleanliness, and treat DNS filtering as “best-effort” depending on how your VPN handles DNS.</p>\n</li>\n<li>\n<p><strong>If you want detailed logs, granular firewall control, or DNS-over-QUIC-style performance tuning:</strong><br>\nConsider a <strong>local tunnel/DNS proxy</strong> mode — with the explicit acceptance that it may interfere with other VPN use.</p>\n</li>\n</ul>\n<h2 id=\"4-recommended-options-canada-app-store\">4) Recommended Options (Canada App Store)</h2>\n<p>Prices reflect the Canada App Store as of Jan. 2, 2026, and may change.</p>\n<h3 id=\"tier-1-safari-first-best-for-most-people\">Tier 1: Safari-first (best for most people)</h3>\n<p><strong>Top pick: Wipr 2 ($6.99 CAD, one-time purchase)</strong></p>\n<ul>\n<li>Why it’s here: simple to run, low operational friction, and designed for set-and-forget use.</li>\n<li>Notable: the developer states the blocklist updates automatically on a regular cadence and focuses on reducing ads, trackers, and cookie warnings.</li>\n</ul>\n<p><strong>Runner-up: 1Blocker (free download; paid upgrade available, including lifetime)</strong></p>\n<ul>\n<li>Why it’s here: more control for users who need granular whitelisting and fine-tuning.</li>\n<li>Best for: people who regularly troubleshoot site breakage and want toggles and rule-level governance.</li>\n</ul>\n<h3 id=\"tier-2-cross-app-tracking-reduction-advanced\">Tier 2: Cross-app tracking reduction (advanced)</h3>\n<p><strong>Option A: NextDNS (service; free tier and paid plans in USD)</strong></p>\n<ul>\n<li>Why it’s here: strong visibility, good policy controls, and works well as an <strong>OS-level encrypted DNS</strong> profile.</li>\n<li>Best for: households and power users who want device-wide domain controls and a dashboard.</li>\n<li>Reality check: DNS filtering cannot reliably remove first-party, same-domain ads in major apps (YouTube is the classic example).</li>\n</ul>\n<p><strong>Option B: AdGuard Pro ($12.99 CAD, one-time)</strong></p>\n<ul>\n<li>Why it’s here: a mature toolkit that can pair Safari blocking with DNS-based tracking protection.</li>\n<li>How to think about it:\n<ul>\n<li>If you want a lighter footprint, use OS-level encrypted DNS where feasible.</li>\n<li>If you need more advanced capabilities (for example, detailed logs or proxy-style control), you may choose the more invasive operating mode — understanding the VPN-slot trade-off.</li>\n</ul>\n</li>\n</ul>\n<h2 id=\"5-critical-limitations-read-this-before-you-buy\">5) Critical Limitations (Read This Before You Buy)</h2>\n<h3 id=\"the-youtube-and-first-party-ads-wall\">The YouTube and first-party ads wall</h3>\n<p>DNS-based filtering blocks at the <strong>domain</strong> level. When a service delivers ads from the same domains and infrastructure as core content, DNS-level blocking cannot reliably separate “ad” from “video” without breaking playback.</p>\n<p>Practical implication:</p>\n<ul>\n<li><strong>Do not buy a DNS product expecting it to erase YouTube in-app ads.</strong></li>\n<li>If your objective is fewer ads while watching YouTube, your best non-subscription option is often <strong>watching in Safari with a Safari content blocker enabled</strong>, accepting that behaviour and reliability can change over time.</li>\n</ul>\n<h3 id=\"private-relay-and-custom-encrypted-dns-you-are-changing-the-trust-model\">Private Relay and custom encrypted DNS: you are changing the trust model</h3>\n<p>If you configure <strong>custom encrypted DNS</strong> (via a profile or an app), the device uses that DNS server rather than Private Relay’s oblivious DNS mechanism. That shifts visibility away from your ISP and toward the DNS provider you selected.</p>\n<p>This is not “good” or “bad” — it is a governance decision:</p>\n<ul>\n<li>Your ISP sees less.</li>\n<li>Your chosen DNS provider sees more.</li>\n<li>Apple’s ODoH-based DNS privacy protections are not the mechanism in use when custom encrypted DNS is enforced.</li>\n</ul>\n<h3 id=\"vpn-precedence\">VPN precedence</h3>\n<p>If you run a full VPN tunnel for work, it may take precedence over other networking settings (including DNS behaviour). Plan for this:</p>\n<ul>\n<li>Safari content blocking still helps for Safari.</li>\n<li>DNS filtering may become “best-effort” depending on corporate VPN configuration.</li>\n</ul>\n<h2 id=\"6-pro-tips-power-users\">6) Pro Tips (Power Users)</h2>\n<p><strong>The “combo stack” (high value, low friction):</strong></p>\n<ul>\n<li>Use <strong>Wipr 2</strong> for Safari page cleanliness.</li>\n<li>Use <strong>NextDNS</strong> via a native encrypted DNS profile for device-wide domain-level tracking reduction.</li>\n</ul>\n<p><strong>Use Safari Profiles for “breakage-free” workflows:</strong></p>\n<ul>\n<li>Create a “Banking” profile with no extensions enabled.</li>\n<li>Use your default profile for everyday browsing.</li>\n<li>This avoids toggling extensions on and off when you hit sensitive sites (CRA, financial institutions, and certain SSO flows).</li>\n</ul>\n<p><strong>Troubleshooting sequence (fast):</strong></p>\n<ol>\n<li>Disable the Safari content blocker on the affected site (per-site).</li>\n<li>If the issue persists, temporarily disable custom DNS/encrypted DNS.</li>\n<li>If you are on a corporate VPN, test off-VPN (when permitted) to confirm precedence effects.</li>\n</ol>\n<h2 id=\"verdict\">Verdict</h2>\n<ul>\n<li><strong>Most users:</strong> buy <strong>Wipr 2</strong> and stop thinking about it.</li>\n<li><strong>Power users who want cross-app tracking reduction:</strong> add <strong>NextDNS</strong> via native encrypted DNS.</li>\n<li><strong>Users who need advanced controls and are comfortable with trade-offs:</strong> <strong>AdGuard Pro</strong> remains a strong, feature-rich option — but choose operating mode intentionally, especially if you also need a corporate VPN.</li>\n</ul>\n<h2 id=\"disclaimer-and-ethics-statement\">Disclaimer and Ethics Statement</h2>\n<p>Pricing and availability: Prices are listed in Canadian dollars (CAD) where the App Store provides CAD pricing. Service plans (for example, NextDNS) are typically priced in USD and may vary based on billing cadence and taxes.</p>\n<p>Testing methodology: Apps were tested on an iPhone 16 Pro running iOS 26.2 over 14 days. We evaluated battery impact using Settings &gt; Battery and checked blocking efficacy using standard test sites and real-world browsing. Page-load observations are directional; results vary by site design, network conditions, and device state.</p>\n<p>Editorial independence: Kiledjian.com has no affiliate relationship with the developers or services referenced in this guide. No developer paid for placement or review consideration.</p>\n<p>Keywords: #iOS #iPadOS #AdBlock #AdBlocking #Privacy #CyberSecurity #Infosec #OnlinePrivacy #Tracking #AntiTracking #Safari #ContentBlocker #DNS #EncryptedDNS #DoH #DoT #NextDNS #AdGuard #Wipr2 #1Blocker #VPN #PrivateRelay #ODoH #MobileSecurity #DigitalWellbeing #TechGuide #Apple #iPhone #iPad #Canada #CanadianTech #PrivacyTech #NetworkSecurity #SecurityAwareness #Productivity</p>\n<img src=\"https://cdn.uploads.micro.blog/255457/2026/chatgpt-image-jan-2-2026-at-12-41-02-pm.png\">",
        "date_published": "2026-01-03T07:30:00-04:00",
        "url": "https://kiledjian.com/2026/01/03/the-state-of-blocking-a.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/23/the-delete-button-is-a.html",
        "title": "The ‘Delete’ Button Is a Lie: A Canadian’s Guide to AI Data Retention  ",
        "content_html": "<p>When you hit &ldquo;delete&rdquo; on a conversation with ChatGPT or Gemini, you likely expect it to vanish. In reality, that data often enters a digital limbo—accessible to the provider for 30 days, three years, or even seven years for certain safety-classifier metadata, depending on the fine print you didn&rsquo;t read.</p>\n<p>For paid subscribers, the assumption of privacy is dangerous. While corporate &ldquo;Team&rdquo; and &ldquo;Enterprise&rdquo; plans typically offer stronger contractual controls (including training restrictions and admin-managed retention), &ldquo;Pro&rdquo; and &ldquo;Plus&rdquo; users are frequently treated as consumers with slightly better perks, not better privacy.</p>\n<p>Here is the verified reality of data deletion for the four major large language models (LLMs) available in Canada.</p>\n<h2 id=\"chatgpt-openai\">ChatGPT (OpenAI)</h2>\n<p><strong>The Plans:</strong> Free, Plus and Pro (personal workspaces)<br>\n<strong>The Default:</strong> <strong>Opt-out required.</strong> OpenAI enables data sharing by default for these tiers. Unless you opt out, your conversations can be used to train future models.</p>\n<p><strong>The Reality:</strong><br>\nOpenAI deletes conversations from its systems within <strong>30 days</strong> of you deleting them. However, this is not absolute. OpenAI explicitly states that data may be retained longer if required by law—a significant caveat given 2025’s litigation landscape involving copyright and data usage.</p>\n<p><strong>The Catch:</strong></p>\n<ul>\n<li><strong>Legal Holds:</strong> If your account is subject to a preservation order, &ldquo;deleted&rdquo; data may be archived until the legal matter resolves. For example, during 2025 copyright litigation, a preservation order required the retention of certain consumer data between April and September; OpenAI later stated the order ended Sept. 26, 2025, with limited historical data retained under secure hold.</li>\n<li><strong>Temporary Chat:</strong> Using the &ldquo;Temporary Chat&rdquo; toggle prevents the conversation from appearing in your history, but OpenAI retains these chats for up to 30 days specifically to monitor for abuse.</li>\n<li><strong>Training vs. Retention:</strong> Deleting a chat <em>after</em> it has been used to train the model does not untrain the model.</li>\n</ul>\n<p><strong>Your Move:</strong> Go to <strong>Settings &gt; Data Controls</strong> and toggle &ldquo;Improve the model for everyone&rdquo; to <strong>OFF</strong>. This is the primary way to ensure your future chats are not ingested into the &ldquo;brain&rdquo; of future GPT versions.</p>\n<h2 id=\"claude-anthropic\">Claude (Anthropic)</h2>\n<p><strong>The Plan:</strong> Claude Pro<br>\n<strong>The Default:</strong> <strong>Opt-out required.</strong> In a policy update announced Aug. 28, 2025 (with an Oct. 8 decision deadline for existing users), Anthropic introduced specific provisions for training data retention.</p>\n<p><strong>The Reality:</strong><br>\nIf you allow Anthropic to use your data for model improvement, your conversations may be retained for up to <strong>five years</strong> in their training pipelines. If you opt out, deleted conversations are removed from backend systems within 30 days.</p>\n<p><strong>The Catch:</strong></p>\n<ul>\n<li><strong>The 5-Year Pipeline:</strong> The five-year retention applies to data used for &ldquo;benchmarking and model improvement.&rdquo; If you missed the notification to opt out, your historical data may already be in this pipeline.</li>\n<li><strong>Safety &amp; Compliance:</strong> Even if you opt out of training, Anthropic retains data flagged by its Trust &amp; Safety classifiers for up to <strong>two years</strong>. Critical safety data, such as &ldquo;classifier scores&rdquo; (metadata about <em>why</em> a prompt was flagged), can be kept for up to <strong>seven years</strong>.</li>\n</ul>\n<p><strong>Your Move:</strong> Go to <strong>Settings &gt; Privacy</strong> immediately and ensure the &ldquo;Help improve Claude&rdquo; toggle is turned <strong>OFF</strong>.</p>\n<h2 id=\"gemini-google\">Gemini (Google)</h2>\n<p><strong>The Plan:</strong> Gemini Advanced (Google One AI Premium)<br>\n<strong>The Default:</strong> <strong>18-month retention.</strong> By default, Google retains your Gemini Apps Activity for 18 months, similar to your Search history.</p>\n<p><strong>The Reality:</strong><br>\nYou can change your auto-delete setting to 3 months or delete individual chats manually. However, Google’s backend processing creates persistent copies. Even if you turn &ldquo;Gemini Apps Activity&rdquo; <strong>OFF</strong> entirely, Google retains conversations for up to <strong>72 hours</strong> to maintain service continuity and process feedback.</p>\n<p><strong>The Catch:</strong></p>\n<ul>\n<li><strong>The Human Review Trap:</strong> This is the most critical risk. Google disconnects specific chats to be read by human reviewers. Once a chat is selected for review, it is &ldquo;disconnected&rdquo; (disassociated) from your account and retained for up to <strong>three years</strong>.</li>\n<li><strong>Irreversible:</strong> Because these reviewed chats are technically separated from your user ID, deleting the original conversation from your history does <em>not</em> delete the copy held by the human review team.</li>\n</ul>\n<p><strong>Your Move:</strong> Go to **<a href=\"https://myactivity.google.com/product/gemini**.\" target=\"_blank\" rel=\"noopener noreferrer\">myactivity.google.com/product/g&hellip;</a> Set the Auto-delete option to <strong>3 months</strong> (the minimum) and strictly avoid putting sensitive identifiers in your prompts.</p>\n<h2 id=\"grok-xai\">Grok (xAI)</h2>\n<p><strong>The Plan:</strong> Grok Premium (X Premium)<br>\n<strong>The Default:</strong> <strong>Verify your settings.</strong> xAI’s consumer policy allows for model training unless you intervene.</p>\n<p><strong>The Reality:</strong><br>\nGrok offers a &ldquo;Private Chat&rdquo; mode (often indicated by a ghost icon or distinct toggle) which is intended to be ephemeral. Standard chats (non-private) may be used for training. xAI states that deleted data is removed from accessible systems within 30 days.</p>\n<p><strong>The Catch:</strong></p>\n<ul>\n<li><strong>The Feedback Loop:</strong> Even if you opt out of general training, xAI notes that if you voluntarily submit feedback (like rating a response), that specific data may still be used for model improvement.</li>\n<li><strong>Platform overlap:</strong> If you access Grok via X (formerly Twitter), your data handling is governed by X’s broader privacy terms, which can differ from xAI’s standalone app policies.</li>\n</ul>\n<p><strong>Your Move:</strong> You have two options for privacy: exclusively use &ldquo;Private Chat,&rdquo; or verify your &ldquo;Data Sharing&rdquo; settings (typically found under Privacy &amp; Safety on X) to ensure you have unchecked the box allowing your data to be used for model training.</p>\n<h2 id=\"summary-the-safe-deletion-window\">Summary: The ‘Safe’ Deletion Window</h2>\n<ul>\n<li><strong>Claude:</strong> Deleted conversations are removed from backend systems within 30 days. <em>Risk:</em> <strong>Seven-year retention</strong> for safety classifier scores; five years for training-pipeline data if you do not opt out.</li>\n<li><strong>ChatGPT:</strong> Takes 30 days to delete. <em>Risk:</em> &ldquo;Temporary&rdquo; chats are still monitored for 30 days; legal holds can override deletion.</li>\n<li><strong>Grok:</strong> Takes 30 days to delete. <em>Risk:</em> Voluntary feedback can be used for model improvement even if you opt out of general training.</li>\n<li><strong>Gemini:</strong> Auto-delete can be set to 3, 18 or 36 months (user setting). <em>Risk:</em> Human-reviewed data is kept for <strong>three years</strong> and cannot be deleted by the user.</li>\n</ul>\n<h2 id=\"final-advice-for-canadian-users\">Final Advice for Canadian Users</h2>\n<p>While the <em>Personal Information Protection and Electronic Documents Act</em> (PIPEDA) imposes accountability standards on how companies handle Canadian data, it does not prevent cross-border processing. In practice, once your data sits on a server in Oregon or Iowa, U.S. legal frameworks—and subpoenas—may compel disclosure, even where Canadian expectations differ.</p>\n<p>For absolute security, the data must never leave your device. If you must use cloud AI, assume that &ldquo;Deleted&rdquo; actually means &ldquo;Archived for 30 days,&rdquo; and plan accordingly.</p>\n<h2 id=\"ethics-statement--disclaimer\">Ethics Statement &amp; Disclaimer</h2>\n<p><strong>Ethics Statement:</strong> This article is editorial content. The author has no financial relationship with OpenAI, Anthropic, Google or xAI. No company paid to be included in this post, nor did they review the content prior to publication. I personally subscribe to these services to test them objectively.</p>\n<p><strong>Disclaimer:</strong> The information in this post is based on terms of service and privacy policies available as of Dec. 23, 2025. AI companies frequently update their data retention policies without direct notification. The steps provided above are accurate at the time of writing but may change. This post is for informational purposes only and does not constitute legal or professional advice. Readers should consult their organization&rsquo;s legal or security teams before using consumer AI tools for sensitive work.</p>\n<p>Keywords: #AI #DataPrivacy #Cybersecurity #InfoSec #Privacy #DataRetention #DigitalPrivacy #PIPEDA #Canada #Compliance #RiskManagement #SecurityAwareness #DataProtection #CloudSecurity #AIRegulation #TrustAndSafety #LLM #ChatGPT #ClaudeAI #GoogleGemini #Grok #xAI #OpenAI #Anthropic #Google #PrivacyByDesign #Governance #GRC #SecurityPolicy #DataGovernance #CyberRisk #TechPolicy #PrivacyTech #DigitalRights #InfoPrivacy</p>",
        "date_published": "2025-12-23T12:37:00-04:00",
        "url": "https://kiledjian.com/2025/12/23/the-delete-button-is-a.html",
        "tags": ["Artificial Intelligence","Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/22/south-korea-to-require-facial.html",
        
        "content_html": "<p><a href=\"https://therecord.media/south-korea-facial-recognition-phones\" target=\"_blank\" rel=\"noopener noreferrer\">South Korea to require facial recognition for new mobile numbers | The Record from Recorded Future News</a></p>\n<p>South Korea will mandate facial recognition for new mobile numbers starting March 23 to combat scams and identity theft, requiring a real-time comparison between ID photos and users&rsquo; faces. This policy aims to prevent the activation of phones registered under false or stolen identities.</p>\n",
        "date_published": "2025-12-22T16:04:00-04:00",
        "url": "https://kiledjian.com/2025/12/22/south-korea-to-require-facial.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/22/cyber-spies-use-fake-new.html",
        
        "content_html": "<p><a href=\"https://therecord.media/cyber-spies-fake-new-year-concert-russian-phishing\" target=\"_blank\" rel=\"noopener noreferrer\">Cyber spies use fake New Year concert invites to target Russian military | The Record from Recorded Future News</a></p>\n<p>A cyberespionage group known as Goffee is targeting Russian military personnel and defense organizations with phishing lures, including fake concert invitations and official letters, to deploy a backdoor called EchoGather. While the group is believed to be pro-Ukrainian and has been active since at least 2022, the success and specific objectives of this latest campaign remain unclear.</p>\n",
        "date_published": "2025-12-22T16:03:00-04:00",
        "url": "https://kiledjian.com/2025/12/22/cyber-spies-use-fake-new.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/19/managing-agentic-ai-risk-lessons.html",
        
        "content_html": "<p><a href=\"https://www.csoonline.com/article/4109123/managing-agentic-ai-risk-lessons-from-the-owasp-top-10.html\" target=\"_blank\" rel=\"noopener noreferrer\">Managing agentic AI risk: Lessons from the OWASP Top 10 | CSO Online</a></p>\n<p>The OWASP Top 10 for Agentic AI provides a framework to address the growing security risks associated with agentic AI adoption, offering practical guidance, threat taxonomies, and mitigation strategies for CISOs. While the list is immediately useful, some areas like detailed mitigation steps and attack likelihood require further development.</p>\n",
        "date_published": "2025-12-19T09:51:00-04:00",
        "url": "https://kiledjian.com/2025/12/19/managing-agentic-ai-risk-lessons.html",
        "tags": ["Artificial Intelligence","Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/17/the-doubleblind-signal-a-security.html",
        "title": "The “Double-Blind” Signal: A Security Analysis of Phreeli Wireless",
        "content_html": "<p>In the final weeks of 2025, a new entrant in the American telecommunications market, Phreeli, made an audacious design claim: it aims to know as little about its customers as possible. Launched on Dec. 4, 2025, by Nicholas Merrill — the internet service provider owner who spent a decade fighting a PATRIOT Act-era gag order — Phreeli is a mobile virtual network operator (MVNO) designed to decouple legal identity from cellular activity.</p>\n<p>As a security professional, I approach “privacy-first” claims with inherent scepticism. After a technical deep dive into Phreeli’s architecture and launch documentation, here is an objective analysis of where this service succeeds — and where the physics of cellular technology still create unavoidable risks.</p>\n<p><a href=\"https://www.phreeli.com\" target=\"_blank\" rel=\"noopener noreferrer\">Source</a></p>\n<h2 id=\"the-architecture-double-blind-armadillo\">The architecture: Double-Blind Armadillo</h2>\n<p>The core differentiator of Phreeli is its proprietary Double-Blind Armadillo (DBA) framework. In a standard carrier model, your name and billing information often function as primary identifiers in systems that also handle call records and location-derived metadata. Phreeli attempts to sever this link using cryptographic tokens designed to be unlinkable between billing and network systems.</p>\n<h3 id=\"how-it-functions\">How it functions</h3>\n<ul>\n<li><strong>Identity decoupling:</strong> Users sign up using only a ZIP+4 code (for tax compliance) and a username.</li>\n<li><strong>The cryptographic wall:</strong> When payment is made via credit card or supported cryptocurrency, the billing system validates funds and issues a cryptographic token.</li>\n<li><strong>Blind authentication:</strong> The token is passed to the network side. The network can validate that an account is “paid,” but the token is intended to be unlinkable to the underlying transaction or a real-world identity.</li>\n</ul>\n<h2 id=\"technical-specifications-and-features\">Technical specifications and features</h2>\n<p>Phreeli operates on T-Mobile’s 5G infrastructure in the United States. Its plan structure is tiered based on high-speed data allotments:</p>\n<ul>\n<li><strong>Flex:</strong> US$25 a month base. Includes 2 GB at signup. High-speed data is US$20 per 5 GB.</li>\n<li><strong>Essential:</strong> US$35 a month. Includes 5 GB of high-speed data.</li>\n<li><strong>Core:</strong> US$50 a month. Includes 10 GB of high-speed data.</li>\n<li><strong>Max:</strong> US$85 a month. Includes 40 GB of high-speed data.</li>\n</ul>\n<p>All plans include unlimited talk and text, international roaming in select destinations, and international calling to more than 90 destinations — capabilities often missing from anonymous “burner” services.</p>\n<h2 id=\"the-technical-deep-dive-trust-and-tokens\">The technical deep dive: trust and tokens</h2>\n<p>Phreeli’s white paper describes a design that partitions identity, payment, and network usage into three distinct “islands.” To reduce timing-correlation attacks — where an adversary matches a payment time to an activation time — Phreeli uses a Mixing Service. This service batches authorisation tokens so they are not processed in real time, blurring the chronological link between a US$50 credit card charge and a SIM coming online.</p>\n<p>However, the white paper also notes that, for initial launch, Phreeli implemented a simplified version of the protocol. This creates a trust dependency: users must trust that the mixing service is not logging sensitive correlations internally. Until a fully provable protocol is deployed, the privacy posture rests materially on internal governance and controls, not cryptography alone.</p>\n<h2 id=\"playing-devils-advocate-what-users-miss\">Playing devil’s advocate: what users miss</h2>\n<p>While Phreeli is a meaningful step forward for carrier-level privacy, there are several security debts that no MVNO can fully resolve.</p>\n<ol>\n<li>\n<p><strong>The IMEI/IMSI problem:</strong> Phreeli does not own the towers; it uses an underlying network. That network will still see device and subscriber identifiers such as IMEI (International Mobile Equipment Identity) and IMSI (International Mobile Subscriber Identity). If you insert a Phreeli SIM into a device already strongly linked to your identity through a long-standing Apple ID or Google account, the privacy gains can be materially reduced.</p>\n</li>\n<li>\n<p><strong>Identity gravity wells:</strong> Number portability is a common pitfall. If you port a number already tied to your bank, employer, and long-running online accounts, you reintroduce linkability. Phreeli’s Privacy Policy also indicates that additional identifiers may be provided by third parties during port-in processes.</p>\n</li>\n<li>\n<p><strong>ZIP+4 precision:</strong> ZIP+4 is a tax necessity, but it can still be a high-resolution geographic anchor. In dense urban areas, it may narrow location to a single building or short street segment. It is not a name, but it is often more specific than users assume.</p>\n</li>\n<li>\n<p><strong>Third-party payment processors:</strong> Phreeli uses Stripe for credit-card payments and NOWPayments for cryptocurrency payments. Even if Phreeli does not store card details, payment processors typically run fraud and risk controls that can involve device signals, IP addresses, and identity verification. If stronger payment privacy is required, users should prefer privacy-preserving payment methods (for example, Monero, or Zcash using shielded addresses), while recognising that exchanges, on-ramps, and merchant processors can still introduce traceability.</p>\n</li>\n</ol>\n<h2 id=\"threat-model-assessment\">Threat model assessment</h2>\n<p>Before switching, a user must define their adversary. Phreeli is designed to be effective against commercial data brokers and routine civil demands by limiting the identity data it collects and stores.</p>\n<p>However, as a US-based telecom provider, Phreeli is subject to lawful access and interception requirements, including the Communications Assistance for Law Enforcement Act (CALEA). Depending on the legal instrument and scope, providers may be compelled to support interception and/or disclose call-identifying information and related records. Even if Phreeli minimises what it retains, the underlying network must still handle telecom identifiers and routing metadata.</p>\n<p>Use privacy tools responsibly and in compliance with applicable laws and employer policies.</p>\n<h2 id=\"professional-verdict\">Professional verdict</h2>\n<p>Phreeli is a robust attempt to reduce the collection and resale of carrier-held customer data by limiting what it stores and how systems are linked. It also aims to curtail the downstream aggregation of location- and usage-adjacent data, which remains a significant commercial ecosystem.</p>\n<p>For high-threat users, Phreeli should be viewed as one layer in a defence-in-depth strategy. To achieve its full potential, it should be paired with a privacy-hardened device posture (for example, GrapheneOS), privacy-aware payment choices, and careful operational separation from long-standing accounts and identifiers.</p>\n<p>As of Dec. 17, 2025, I have not seen a publicly released independent security assessment of the production environment. Readers should treat the strongest privacy guarantees as design claims until validated. It is a promising start, but in security, we verify — then trust.</p>\n<h2 id=\"sources-reviewed\">Sources reviewed</h2>\n<ul>\n<li>Phreeli official website: phreeli.com (Privacy Policy, FAQ, and plan tiers)</li>\n<li>Phreeli technical white paper: “Double-Blind Armadillo: An Architecture for Anonymous Wireless”</li>\n<li>WIRED: “A New Anonymous Phone Carrier Lets You Sign Up With Nothing but a Zip Code” (Dec. 4, 2025)</li>\n<li>Android Authority: “New privacy-focused MVNO Phreeli doesn’t even record your name” (Dec. 4, 2025)</li>\n<li>FCC: Communications Assistance for Law Enforcement Act (CALEA) guidance materials</li>\n<li>TechRadar: “This new anonymous phone carrier doesn’t even need your name — here are 5 things you should know about it” (Dec. 5, 2025)</li>\n</ul>\n<p><strong>Disclosure and methodology:</strong> This post is not sponsored. I have no commercial relationship with Phreeli, its founders, employees, investors, or affiliates, and I have not received compensation, products, discounts, or other consideration in connection with this review. I wrote this analysis using publicly available information only, including Phreeli’s published website materials and third-party media coverage cited below. I did not perform hands-on testing (for example, packet capture, device/SIM provisioning experiments, or a code review of backend systems). This is an independent security and privacy analysis, not legal advice.</p>\n<p>Keywords: #Privacy #PrivacyTech #Security #Cybersecurity #InfoSec #Telecom #Wireless #MVNO #MobileSecurity #DataPrivacy #PrivacyFirst #DigitalPrivacy #Surveillance #Metadata #ThreatModel #OSINT #ZeroTrust #RiskManagement #SecurityResearch #SecurityAnalysis #PrivacyEngineering #Cryptography #ZKProofs #Anonymity #OpSec #InfosecCommunity #MobilePrivacy #DataBrokers #CALEA #LawfulIntercept #TMobile #eSIM #GrapheneOS #Monero</p>\n<img src=\"https://cdn.uploads.micro.blog/255457/2025/chatgpt-image-dec-17-2025-at-11-08-06-am.png\">",
        "date_published": "2025-12-17T14:08:00-04:00",
        "url": "https://kiledjian.com/2025/12/17/the-doubleblind-signal-a-security.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/13/liberating-airpods-with-bluetooth-spoofing.html",
        
        "content_html": "<p><a href=\"https://hackaday.com/2025/12/12/liberating-airpods-with-bluetooth-spoofing/\" target=\"_blank\" rel=\"noopener noreferrer\">Liberating AirPods With Bluetooth Spoofing | Hackaday</a></p>\n<p>LibrePods is an app for Android and Linux that unlocks AirPods&rsquo; hidden features, like noise reduction and ear detection, by spoofing their Bluetooth ID. While it offers advanced functionality, including use as hearing aids, it requires root access on most Android devices and Apple may eventually block this workaround.</p>\n",
        "date_published": "2025-12-13T22:26:00-04:00",
        "url": "https://kiledjian.com/2025/12/13/liberating-airpods-with-bluetooth-spoofing.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/13/apple-issues-security-updates-after.html",
        
        "content_html": "<p><a href=\"https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html\" target=\"_blank\" rel=\"noopener noreferrer\">Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild</a></p>\n<p>Apple has released security updates for multiple operating systems and its Safari browser to address two WebKit flaws that have been exploited in the wild. One of these vulnerabilities, CVE-2025-14174, is the same flaw previously patched in Google Chrome.</p>\n",
        "date_published": "2025-12-13T22:18:00-04:00",
        "url": "https://kiledjian.com/2025/12/13/apple-issues-security-updates-after.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/13/france-and-germany-grappling-with.html",
        
        "content_html": "<p><a href=\"https://www.govinfosecurity.com/france-germany-grappling-nation-state-hacks-a-30282\" target=\"_blank\" rel=\"noopener noreferrer\">France and Germany Grappling With Nation-State Hacks</a></p>\n<p>The French Ministry of Interior is investigating a suspected nation-state cyberattack on its email server, while Germany has attributed a 2024 hacking incident on its air traffic control systems to Russian nation-state hackers. These incidents highlight a broader trend of hybrid tactics, including hacking and disinformation, employed by Russia against European nations.</p>\n",
        "date_published": "2025-12-13T02:38:00-04:00",
        "url": "https://kiledjian.com/2025/12/13/france-and-germany-grappling-with.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/02/eus-top-court-rules-that.html",
        
        "content_html": "<p><a href=\"https://therecord.media/eu-top-court-rules-online-marketplaces-responsible-for-data-processing-ads\" target=\"_blank\" rel=\"noopener noreferrer\">EU’s top court rules that online marketplaces are responsible for processing of data in ads | The Record from Recorded Future News</a></p>\n<p>The EU&rsquo;s top court has ruled that online marketplaces are responsible for processing data in ads under the GDPR, requiring them to obtain consent for sensitive data and verify advertisers. This decision significantly impacts data protection compliance across the EU, with some experts predicting challenges for hosting sites and potential implications for free expression and privacy.</p>\n",
        "date_published": "2025-12-02T20:48:00-04:00",
        "url": "https://kiledjian.com/2025/12/02/eus-top-court-rules-that.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/02/autonomously-finding-ffmpeg-vulnerabilities-with.html",
        
        "content_html": "<p><a href=\"https://zeropath.com/blog/autonomously-finding-7-ffmpeg-vulnerabilities-with-ai-2025\" target=\"_blank\" rel=\"noopener noreferrer\">Autonomously Finding 7 FFmpeg Vulnerabilities With AI - ZeroPath Blog | ZeroPath</a></p>\n<p>This document details seven vulnerabilities found in FFmpeg, including buffer overflows and invalid frees, stemming from issues like integer truncation, unbounded serialization, off-by-one errors, and incorrect stream indexing. ZeroPath&rsquo;s AI SAST identified these by analyzing allocation and copy alignment, framing invariants, packet builder capacities, cardinality propagation, and offset arithmetic integrity, often bypassing limitations of traditional fuzzers and static analysis tools.</p>\n",
        "date_published": "2025-12-02T20:47:00-04:00",
        "url": "https://kiledjian.com/2025/12/02/autonomously-finding-ffmpeg-vulnerabilities-with.html",
        "tags": ["Artificial Intelligence","Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/02/poetry-can-trick-ai-models.html",
        
        "content_html": "<p><a href=\"https://www.the-independent.com/tech/ai-model-chatgpt-poetry-nuclear-weapons-b2875452.html\" target=\"_blank\" rel=\"noopener noreferrer\">Poetry can trick AI models like ChatGPT into revealing how to make nuclear weapons, study finds | The Independent</a></p>\n<p>A new study reveals that poetry-based prompts can trick AI models like ChatGPT into bypassing safety features and revealing instructions for creating malware or nuclear weapons. This method, termed adversarial poetry, successfully circumvented controls in major AI models, with poetic prompts leading to a significantly higher rate of unsafe replies compared to prose.</p>\n",
        "date_published": "2025-12-02T20:46:00-04:00",
        "url": "https://kiledjian.com/2025/12/02/poetry-can-trick-ai-models.html",
        "tags": ["Artificial Intelligence","Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/02/irans-muddywater-levels-up-with.html",
        
        "content_html": "<p><a href=\"https://www.darkreading.com/cyberattacks-data-breaches/irans-muddywater-levels-up-muddyviper-backdoor\" target=\"_blank\" rel=\"noopener noreferrer\">Iran&rsquo;s &lsquo;MuddyWater&rsquo; Levels Up With MuddyViper Backdoor</a></p>\n<p>The Iran-aligned cyberespionage group MuddyWater has evolved its tactics, employing new tools like the MuddyViper backdoor and Fooder loader for more stealthy operations. This shift from historically noisier methods indicates an increased focus on espionage and defense evasion, with potential collaboration observed with another Iran-aligned actor, Lyceum.</p>\n",
        "date_published": "2025-12-02T20:45:00-04:00",
        "url": "https://kiledjian.com/2025/12/02/irans-muddywater-levels-up-with.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/12/02/korea-arrests-suspects-selling-intimate.html",
        
        "content_html": "<p><a href=\"https://www.bleepingcomputer.com/news/security/korea-arrests-suspects-selling-intimate-videos-from-hacked-ip-cameras/\" target=\"_blank\" rel=\"noopener noreferrer\">Korea arrests suspects selling intimate videos from hacked IP cameras</a></p>\n<p>Korean police have arrested four suspects for hacking over 120,000 IP cameras and selling the stolen intimate videos on an overseas adult website. Investigations are ongoing against the website&rsquo;s operators and buyers, with authorities collaborating internationally to shut down the platform and prevent further harm to victims.</p>\n",
        "date_published": "2025-12-02T20:44:00-04:00",
        "url": "https://kiledjian.com/2025/12/02/korea-arrests-suspects-selling-intimate.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/14/the-search-engine-deceiver-how.html",
        "title": "The search engine deceiver: how TrackMeNot hides your queries in a cloud of noise",
        "content_html": "<p><strong>Update note:</strong> TrackMeNot is no longer actively maintained—the last update was in November 2019. The extension still functions on Firefox and can be manually installed on Chromium browsers, but users should understand that unmaintained browser extensions pose security risks. Without ongoing updates, the extension won&rsquo;t receive patches for newly discovered vulnerabilities or adapt to changes in browser APIs. If you choose to use TrackMeNot, you&rsquo;re accepting these trade-offs in exchange for the obfuscation benefits it provides.</p>\n<p>Your search history is a window into your soul. It reveals your fears, your ambitions, your health concerns, your political leanings, your midnight curiosities. Every query you type into Google, Bing, Yahoo, or DuckDuckGo gets logged, analyzed, and folded into an ever-expanding profile of who you are.</p>\n<p>Search engines will tell you this data collection makes their services better. They&rsquo;re not wrong. But they conveniently omit the part where this treasure trove of intimate information gets monetized, sold, subpoenaed, and weaponized against you.</p>\n<p>What if instead of hiding your searches, you could drown them in noise?</p>\n<h2 id=\"the-search-surveillance-problem\">The search surveillance problem</h2>\n<p>Most people don&rsquo;t think twice about their search queries. They treat search engines like a private conversation with an all-knowing friend. But that conversation is being recorded, transcribed, and stored indefinitely.</p>\n<p>In 2006, AOL accidentally reminded everyone of this uncomfortable truth when it released search data from 650,000 users. The company claimed it had anonymized the data by removing names and IP addresses. It hadn&rsquo;t worked. Within days, journalists from <em>The New York Times</em> identified specific users from their search patterns alone. User 4417749 turned out to be a 62-year-old widow from Georgia whose searches revealed her social security concerns, her health problems, and even where she lived.</p>\n<p>That wasn&rsquo;t a data breach. That was normal operations becoming public.</p>\n<p>The reality is starker than most people realize: search engines don&rsquo;t need your name to know who you are. Your search patterns are your fingerprint. The sequence of queries, the timing, the topics—they combine into a profile more revealing than anything you&rsquo;d voluntarily share.</p>\n<p>This is where TrackMeNot enters the story.</p>\n<h2 id=\"obfuscation-by-design\">Obfuscation by design</h2>\n<p>TrackMeNot was created in 2006 by Daniel Howe, Helen Nissenbaum, and Vincent Toubiana—the core team that would later develop AdNauseam. It&rsquo;s a browser extension that runs silently in the background, continuously generating fake search queries while you go about your normal browsing.</p>\n<p>The concept is elegantly simple. If search engines are building profiles based on your queries, make those profiles worthless by poisoning the data stream. TrackMeNot doesn&rsquo;t encrypt your searches or hide them behind a VPN. Instead, it generates a constant flow of ghost queries that make it nearly impossible to distinguish your real searches from the decoys.</p>\n<p>Imagine a search profile that shows simultaneous interest in quantum physics and celebrity gossip, vegan recipes and steakhouse reviews, retirement planning and student loans, conservative politics and progressive activism. The profile becomes useless. The surveillance machinery grinds to a halt, overwhelmed by contradictory signals.</p>\n<p>This isn&rsquo;t concealment—it&rsquo;s camouflage through chaos.</p>\n<h2 id=\"how-it-actually-works\">How it actually works</h2>\n<p>TrackMeNot operates as a low-priority background process. At random intervals, it issues search queries to your chosen search engines. These aren&rsquo;t just random words strung together—that would be too easy to filter out. TrackMeNot uses a sophisticated mechanism to generate queries that look plausibly human.</p>\n<p>The extension starts with a seed list of search terms. When it issues a query, it parses the search results for related terms and incorporates them into future queries. This creates an evolving, quasi-intelligent search pattern that mimics genuine user behaviour. Over time, each installation of TrackMeNot develops its own unique personality based on what it &ldquo;learns&rdquo; from search results.</p>\n<p>The queries go out to real search engines. The responses come back. From the search engine&rsquo;s perspective, you appear to be an incredibly active user with impossibly diverse interests. Your actual searches—the ones you care about—become invisible needles in an ever-growing haystack.</p>\n<p>You control the frequency, the search engines it targets, and can blacklist specific sites where you don&rsquo;t want random queries being generated. The extension is transparent: you can view logs of every query it sends, verify it&rsquo;s working as described, and adjust its behaviour to match your risk tolerance.</p>\n<h2 id=\"the-google-problem-again\">The Google problem (again)</h2>\n<p>If this sounds familiar, it should. Just like AdNauseam, TrackMeNot has a contentious history with Google.</p>\n<p>In May 2019, Google removed TrackMeNot from the Chrome Web Store. The stated reason? Violations of program policies, including “requesting broad permissions that are not required” and “inaccurate description of functionality.” But here&rsquo;s what actually happened: On May 12, Google flagged the extension as containing malware, disabled it for all existing users, and then banned the developers&rsquo; account to prevent them from updating the software or communicating with their users.</p>\n<p>TrackMeNot had been available in the Chrome Web Store since 2011. It was open-source software with over 20,000 active users. And Google marked it as malware overnight.</p>\n<p>The timing is worth noting. This happened two years after Google banned AdNauseam. Both extensions share the same creators. Both directly interfere with Google&rsquo;s ability to build accurate user profiles. Both were banned from Google&rsquo;s platform under vague pretenses.</p>\n<p>Let&rsquo;s not be naive about what&rsquo;s happening here. Google&rsquo;s business model depends entirely on knowing who you are and what you want. TrackMeNot makes that impossible. The company that built its reputation on organizing the world&rsquo;s information decided that a privacy tool was more dangerous than actual malware.</p>\n<p>The extension remains available for Firefox, where it works perfectly fine. Chromium-based browser users can install it manually, but Google&rsquo;s actions have effectively throttled adoption by making it difficult to find and frightening to install.</p>\n<h2 id=\"the-ethics-of-noise\">The ethics of noise</h2>\n<p>Some critics argue that TrackMeNot constitutes a form of fraud. After all, you&rsquo;re generating fake searches that waste search engine resources and potentially pollute their data sets.</p>\n<p>This criticism fundamentally misunderstands the power dynamic at play.</p>\n<p>Search engines claim ownership of your search data. They log it without meaningful consent, aggregate it without compensation, and sell insights derived from it to the highest bidder. They&rsquo;ve built trillion-dollar empires by treating your curiosity as a natural resource to be extracted and monetized. And when you object, they shrug and say “just don&rsquo;t use our free service.”</p>\n<p>TrackMeNot is digital self-defence. If search engines are going to surveil your queries regardless of your preferences, you have every right to make that surveillance as unreliable as possible. Introducing noise into a system that refuses to respect your privacy is not fraud—it&rsquo;s resistance.</p>\n<p>The alternative is accepting that every question you ask the internet becomes a permanent part of your profile, available to advertisers, potential employers, government agencies, and anyone else with sufficient access or motivation to dig through search engine databases. That&rsquo;s not a reasonable social contract.</p>\n<h2 id=\"should-you-use-it\">Should you use it?</h2>\n<p>Here&rsquo;s what you need to know before installing TrackMeNot.</p>\n<p>First, the project is no longer actively maintained. The last update was in November 2019. It still works—thousands of people use it daily on Firefox—but don&rsquo;t expect new features or rapid bug fixes. The developers have made the code available for others to fork and continue, but as a practical matter, this is mature software in maintenance mode.</p>\n<p>Second, TrackMeNot works best when you&rsquo;re not in a hurry. If you&rsquo;re using a metered internet connection or have data caps, the constant background queries will consume bandwidth. Not a lot—we&rsquo;re talking about search queries, not video streams—but it&rsquo;s something to consider.</p>\n<p>Third, search engines sometimes respond to heavy query volumes with CAPTCHA challenges. If TrackMeNot is configured too aggressively, you might find yourself proving you&rsquo;re human more often than you&rsquo;d like. The solution is to dial down the query frequency, but this reduces the effectiveness of the obfuscation.</p>\n<p>Fourth, and most importantly: TrackMeNot is not anonymity. It doesn&rsquo;t hide your IP address, it doesn&rsquo;t encrypt your traffic, and it doesn&rsquo;t prevent search engines from seeing your real queries. What it does is make your search profile unreliable for profiling purposes. That&rsquo;s valuable, but it&rsquo;s not the same as being invisible.</p>\n<p>If you&rsquo;re looking for simple anonymity, use Tor or a trustworthy VPN. If you&rsquo;re trying to prevent search engines from building an accurate profile of your interests, TrackMeNot is one of the most elegant solutions available.</p>\n<p>It&rsquo;s still available on the Firefox Add-ons store. Chromium browser users will need to install it manually—instructions are available at trackmenot.io. Yes, Google has made this harder than it should be. That&rsquo;s not an accident.</p>\n<h2 id=\"the-broader-context\">The broader context</h2>\n<p>TrackMeNot predates AdNauseam by eight years. It&rsquo;s the original proof of concept for obfuscation as a privacy strategy. The idea that you could protect yourself not by hiding but by generating misleading information was radical when Howe and Nissenbaum first proposed it.</p>\n<p>Think about how we typically approach privacy online. We use encryption to make data unreadable. We use anonymizing networks to make traffic untraceable. We use ad blockers to make surveillance impossible. These are all defensive strategies—walls we build to keep watchers out.</p>\n<p>Obfuscation is different. It&rsquo;s offensive. It actively feeds bad data into surveillance systems, making them question the reliability of everything they collect. It&rsquo;s not about hiding; it&rsquo;s about lying so convincingly and so prolifically that the truth becomes impossible to extract.</p>\n<p>This matters because perfect defence is impossible. Companies like Google have infinite resources to develop new tracking methods. They control the platforms, they write the rules, and they have entire teams dedicated to circumventing privacy tools. No matter how good your defences are, someone will eventually find a way through.</p>\n<p>But obfuscation doesn&rsquo;t require perfect defence. It just requires enough noise to make the signal unreliable. And that&rsquo;s achievable with tools that everyday people can actually use.</p>\n<h2 id=\"a-final-thought\">A final thought</h2>\n<p>I&rsquo;ve spent decades helping organizations implement security programs and navigate privacy requirements across more than thirty countries. One thing I&rsquo;ve learned: the most effective privacy tools are the ones that change the economics of surveillance.</p>\n<p>Encryption makes surveillance expensive by requiring computational resources to break. Anonymization makes surveillance expensive by requiring correlation across multiple data sources. Obfuscation makes surveillance expensive by requiring human analysis to separate signal from noise at scale.</p>\n<p>TrackMeNot exploits a fundamental truth about surveillance capitalism: it only works if the data is reliable. Pollute the data stream, and the entire system begins to fail. Not dramatically. Not immediately. But incrementally, query by query, the profiles become less accurate, the predictions less reliable, the targeting less effective.</p>\n<p>Will TrackMeNot single-handedly dismantle search engine surveillance? Obviously not. But it demonstrates something important: individuals don&rsquo;t have to accept surveillance as the price of using the internet. We have options. We have tools. And we have the right to make ourselves as unknowable as we choose to be.</p>\n<p>Your searches reveal who you are. TrackMeNot lets you reveal whoever you want them to think you are. That&rsquo;s not just privacy protection—it&rsquo;s practical autonomy in an age of algorithmic control.</p>\n<p>Consider confusing the watchers.</p>\n<h2 id=\"ethics-and-disclosure\">Ethics and disclosure</h2>\n<p>The views expressed in this post are entirely my own and do not represent the positions, strategies, or opinions of my employer or any organization I&rsquo;m affiliated with. I&rsquo;m writing this as an individual privacy advocate and technology observer, not in any professional capacity.</p>\n<p>I have no financial relationship with the TrackMeNot project. I&rsquo;m not compensated for writing this, and I don&rsquo;t benefit from its adoption. This is my honest assessment of a tool I find technically interesting and philosophically important.</p>\n<p>Using TrackMeNot does have consequences beyond your own browsing experience. Every fake query the extension generates consumes search engine resources, however minimal. At scale, this represents an economic cost to search providers. The developers argue this is justified resistance against non-consensual surveillance. Others would call it wasteful or even hostile to legitimate services. I&rsquo;m presenting the tool and its implications—you&rsquo;ll need to decide where you stand on that ethical spectrum.</p>\n<p>There&rsquo;s also a broader question about the value of accuracy in aggregate data. Search engines argue that query data helps improve services, identify trends, and even track public health concerns. Widespread adoption of obfuscation tools could make that data less useful for legitimate purposes. This is a real trade-off, though I&rsquo;d argue the burden should be on search engines to collect data consensually rather than on users to accept surveillance as the default.</p>\n<p>The legal status of obfuscation tools varies by jurisdiction and remains largely untested. Use your judgment.</p>\n<p>Keywords: #privacy #infosec #cybersecurity #surveillance #searchengines #onlinesafety #digitalrights #dataprotection #anonymity #vpn #trackmenot #privacytools #firefox #google #obfuscation #adnauseam #securityresearch #dataprivacy #opensource #technews #internetfreedom #privacyadvocate #securitycommunity #cyberawareness #securitytools #digitalobfuscation #searchprivacy #webtracking #technologyethics #privacybydesign #securityculture #securityleadership #datasecurity #internetprivacy</p>\n<hr>\n<p><em>TrackMeNot is free, open-source software created by Daniel Howe, Helen Nissenbaum, and Vincent Toubiana. Still available at trackmenot.io, though no longer maintained.</em></p>\n<img src=\"https://cdn.uploads.micro.blog/255457/2025/chatgpt-image-nov-14-2025-at-08-36-45-am.png\">",
        "date_published": "2025-11-14T10:36:00-04:00",
        "url": "https://kiledjian.com/2025/11/14/the-search-engine-deceiver-how.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/14/the-ad-blocker-that-fights.html",
        "title": "The ad blocker that fights back: why AdNauseam deserves your attention  ",
        "content_html": "<p>When most people think about ad blockers, they picture a simple transaction: install the extension, ads disappear, browsing improves. But what if I told you there is an ad blocker that does more than hide from the surveillance economy — it actively sabotages it?</p>\n<p>Meet AdNauseam, and prepare to have your assumptions about online privacy challenged.</p>\n<h2 id=\"the-problem-with-just-hiding\">The problem with just hiding</h2>\n<p>Traditional ad blockers act like digital invisibility cloaks. They clean up your browsing experience, but they do not address the underlying issue: advertising networks continue building behavioural profiles about you. They know the sites you visit, the ads you ignore and the patterns your browsing reveals.</p>\n<p>Think about it this way: when you walk past store windows without stopping, retailers still learn something about you. The same idea applies online, except the tracking is more sophisticated and the consequences more serious.</p>\n<p>This is where AdNauseam stands out.</p>\n<h2 id=\"obfuscation-as-resistance\">Obfuscation as resistance</h2>\n<p>Built on top of uBlock Origin, AdNauseam takes a markedly different route. Rather than only blocking ads, it quietly “clicks” on all of them in the background. You never see the ads — they are hidden as usual — but behind the scenes, AdNauseam generates phantom clicks.</p>\n<p>The result is simple: your advertising profile becomes useless.</p>\n<p>Imagine trying to categorise someone who appears to be interested in everything: luxury cars and discount flights, steak houses and vegan cafés, college admissions and retirement planning. The data becomes noise. Profiling becomes unreliable.</p>\n<p>This is not just engineering — it is a form of digital protest.</p>\n<h2 id=\"the-google-problem\">The Google problem</h2>\n<p>Here is where the story becomes even more compelling. In January 2017, Google banned AdNauseam from the Chrome Web Store. The official justification was a vague developer agreement violation.</p>\n<p>But Google’s business depends on one thing: accurate ad targeting. AdNauseam directly undermines it.</p>\n<p>When MIT Technology Review tested the extension in 2021, working with co-creator Helen Nissenbaum, they found Google’s systems treated many of the phantom clicks as legitimate — and billed advertisers accordingly.</p>\n<p>A free, open-source privacy tool was generating fraudulent-looking ad traffic that cost advertisers money and corrupted the data that fuels Google’s revenue engine.</p>\n<p>Google’s response was swift and severe. Not only did it remove AdNauseam from its store, it labelled the extension as malware, making installation even in developer mode difficult.</p>\n<h2 id=\"the-ethics-of-clicking\">The ethics of clicking</h2>\n<p>Some critics claim AdNauseam is a form of click fraud. That argument does not hold up.</p>\n<p>Click fraud generally involves malicious actors attempting to drain competitors’ budgets or inflate their own revenue. AdNauseam does neither. It introduces noise on behalf of users who explicitly choose to pollute their own advertising profiles.</p>\n<p>If you believe individuals have a right to privacy and a right to resist invasive tracking, then the ability to introduce noise into that tracking is part of that right.</p>\n<h2 id=\"should-you-use-it\">Should you use it?</h2>\n<p>AdNauseam is not for everyone.</p>\n<p>If you want the most stable, low-maintenance ad-blocking experience, stick with uBlock Origin. It is excellent and reliable.</p>\n<p>AdNauseam has limitations. Its ad-clicking system can be inconsistent. Some users report that it collects far fewer ads than it blocks. Some sites experience occasional issues. And, as a smaller project fighting constantly evolving ad platforms, it cannot always keep pace.</p>\n<p>These are trade-offs. The question is whether active resistance is worth the bumps along the way.</p>\n<p>If you dislike being treated as a data source for trillion-dollar advertising platforms, AdNauseam offers something rare: a way to fight back.</p>\n<p>It works on Firefox, Opera, Microsoft Edge and Brave. Chrome users must install it manually from adnauseam.io. Google has ensured it requires effort.</p>\n<h2 id=\"the-bigger-picture\">The bigger picture</h2>\n<p>AdNauseam is part of a wider movement of privacy tools focused on obfuscation rather than passive protection. Tools like TrackMeNot and the Tor network share this philosophy.</p>\n<p>When regulation fails to keep pace with corporate surveillance practices, individuals rely on technical means to protect themselves. Sometimes, the best defence is to create noise.</p>\n<h2 id=\"ethics-and-disclosure\">Ethics and disclosure</h2>\n<p>The views shared here are my own as a privacy advocate and observer.</p>\n<p>I have no financial connection to the AdNauseam project.</p>\n<p>Using AdNauseam does have economic implications. Phantom clicks cost advertisers money and affect publisher revenue. Some see this as justified resistance. Others see collateral damage. You will need to decide where you stand.</p>\n<p>This post discusses methods of resisting surveillance. While I support the right to privacy, this is not legal advice. Legal status varies by jurisdiction.</p>\n<h2 id=\"a-final-thought\">A final thought</h2>\n<p>After decades working in global security and privacy, one lesson stands out: privacy is fundamentally about power.</p>\n<p>AdNauseam shifts a small amount of that power back to individuals. It demonstrates that we do not have to accept surveillance as the cost of participating online.</p>\n<p>Is it perfect? No.<br>\nWill it dismantle surveillance capitalism? No.</p>\n<p>But it proves that obfuscation is a valid privacy strategy — and that sometimes the most meaningful act of resistance is refusing to be predictable.</p>\n<p>Your data. Your terms. Consider fighting back.</p>\n<p><em>AdNauseam is free, open-source software created by Daniel Howe, Helen Nissenbaum and Mushon Zer-Aviv. Available at adnauseam.io.</em></p>\n<hr>\n<p>Keywords: #privacy #cybersecurity #adnauseam #dataprotection #onlinesecurity #infosec #privacytools #digitalrights #surveillancecapitalism #adblocker #uBlockOrigin #opensource #techethics #browserprivacy #websecurity #adtracking #dataprivacy #personalprivacy #internetfreedom #antitracking #surveillance #securityawareness #digitalresistance #privacyadvocate #userprivacy #techpolicy #ethicaltech #privacybydesign #cyberawareness #privacyprotection #infoseccommunity #cyberresilience #datasecurity #freesoftware #internetprivacy</p>\n<img src=\"https://cdn.uploads.micro.blog/255457/2025/chatgpt-image-nov-14-2025-at-07-54-15-am.png\">",
        "date_published": "2025-11-14T09:56:00-04:00",
        "url": "https://kiledjian.com/2025/11/14/the-ad-blocker-that-fights.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/07/washington-post-says-it-is.html",
        
        "content_html": "<p><a href=\"https://www.reuters.com/business/media-telecom/washington-post-says-it-is-among-victims-cyber-breach-tied-oracle-software-2025-11-06/\" target=\"_blank\" rel=\"noopener noreferrer\">Washington Post says it is among victims of cyber breach tied to Oracle software | Reuters</a></p>\n<p>The Washington Post has announced it is a victim of a cyber breach linked to Oracle software, specifically the Oracle E-Business Suite platform. This breach is attributed to the ransomware group CL0P, which has targeted numerous organizations using this Oracle software.</p>\n",
        "date_published": "2025-11-07T09:56:00-04:00",
        "url": "https://kiledjian.com/2025/11/07/washington-post-says-it-is.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/07/whats-that-coming-over-the.html",
        
        "content_html": "<p><a href=\"https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/\" target=\"_blank\" rel=\"noopener noreferrer\">What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)</a></p>\n<p>This article details a pre-authenticated Remote Code Execution vulnerability (CVE-2025-34299) found in Monsta FTP, a web-based FTP client. Despite attempts to patch, the vulnerability persisted in later versions until version 2.11.3 was released on August 26, 2025.</p>\n",
        "date_published": "2025-11-07T09:53:00-04:00",
        "url": "https://kiledjian.com/2025/11/07/whats-that-coming-over-the.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/07/vibecoded-ransomware-proofofconcept-ended-up.html",
        
        "content_html": "<p><a href=\"https://www.csoonline.com/article/4086639/vibe-coded-ransomware-proof-of-concept-ended-up-on-microsofts-marketplace.html\" target=\"_blank\" rel=\"noopener noreferrer\">Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace | CSO Online</a></p>\n<p>A Visual Studio Code extension containing ransomware-style behavior and data-stealing capabilities, dubbed Ransomvibe, was successfully published to Microsoft&rsquo;s marketplace. Despite containing obvious red flags like hardcoded credentials and decryption tools, the extension bypassed review and highlights a failure in Microsoft&rsquo;s marketplace security.</p>\n",
        "date_published": "2025-11-07T09:52:00-04:00",
        "url": "https://kiledjian.com/2025/11/07/vibecoded-ransomware-proofofconcept-ended-up.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/07/cisco-fixes-critical-uccx-flaw.html",
        
        "content_html": "<p><a href=\"https://securityaffairs.com/184321/security/cisco-fixes-critical-uccx-flaw-allowing-root-command-execution.html\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco fixes critical UCCX flaw allowing Root command execution</a></p>\n<p>Cisco has addressed a critical vulnerability (CVE-2025-20354) in its Unified Contact Center Express (UCCX) software, which could allow remote attackers to execute commands with root privileges. The flaw stems from improper authentication in the Java RMI process, enabling unauthenticated attackers to upload files and run commands on affected systems.</p>\n",
        "date_published": "2025-11-07T09:51:00-04:00",
        "url": "https://kiledjian.com/2025/11/07/cisco-fixes-critical-uccx-flaw.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/07/fake-day-exploit-emails-trick.html",
        
        "content_html": "<p><a href=\"https://hackread.com/fake-0-day-exploit-emails-crypto-malicious-code/\" target=\"_blank\" rel=\"noopener noreferrer\">Fake 0-Day Exploit Emails Trick Crypto Users Into Running Malicious Code – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More</a></p>\n<p>A new cryptocurrency scam uses fake 0-day exploit emails to trick users into running malicious JavaScript code, leading them to believe they can achieve massive profits. The attackers manipulate the user&rsquo;s browser to display inflated payouts and hijack transactions, directing funds to their own crypto wallets.</p>\n",
        "date_published": "2025-11-07T09:50:00-04:00",
        "url": "https://kiledjian.com/2025/11/07/fake-day-exploit-emails-trick.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/07/hidden-logic-bombs-in-malwarelaced.html",
        
        "content_html": "<p><a href=\"https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html?m=1\" target=\"_blank\" rel=\"noopener noreferrer\">Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation</a></p>\n<p>Nine malicious NuGet packages have been discovered, containing logic bombs set to detonate in August 2027 and November 2028, targeting database operations and industrial control systems. The packages, published by user &ldquo;shanhai666&rdquo; and collectively downloaded nearly 9,500 times, employ sophisticated techniques to disguise attacks as random failures, making incident response extremely difficult.</p>\n",
        "date_published": "2025-11-07T09:50:00-04:00",
        "url": "https://kiledjian.com/2025/11/07/hidden-logic-bombs-in-malwarelaced.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/07/federally-qualified-health-center-reports.html",
        
        "content_html": "<p><a href=\"https://www.govinfosecurity.com/federally-qualified-health-center-reports-ransomware-breach-a-29950\" target=\"_blank\" rel=\"noopener noreferrer\">Federally Qualified Health Center Reports Ransomware Breach</a></p>\n<p>The Central Jersey Medical Center, a federally qualified health center, has reported a ransomware attack that occurred on August 25th, potentially compromising sensitive patient information including names, dates of birth, social security numbers, and health records. The center is working with cybersecurity experts to investigate and enhance its security measures, though it has not disclosed if data was exfiltrated or the number of individuals affected.</p>\n",
        "date_published": "2025-11-07T09:48:00-04:00",
        "url": "https://kiledjian.com/2025/11/07/federally-qualified-health-center-reports.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/01/chinalinked-hackers-exploited-lanscope-flaw.html",
        "title": "China-linked hackers exploited Lanscope flaw",
        "content_html": "<p>China-linked hackers exploited Lanscope flaw as a zero-day in attacks\n<a href=\"https://www.bleepingcomputer.com/news/security/china-linked-hackers-exploited-lanscope-flaw-as-a-zero-day-in-attacks/\" target=\"_blank\" rel=\"noopener noreferrer\">www.bleepingcomputer.com/news/secu&hellip;</a></p>\n<p>China-linked cyber-espionage actors tracked as &lsquo;Bronze Butler&rsquo; (Tick)\nexploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to\ndeploy an updated version of their Gokcpdoor malware.</p>\n<p>The discovery of this activity comes from Sophos researchers, who observed the\nthreat actors exploiting the vulnerability in mid-2025 before it was patched\nto steal confidential information.</p>\n<p>The flaw exploited in these attacks is CVE-2025-61932, a critical request\norigin verification flaw impacting Motex Lanscope Endpoint Manager versions\n9.4.7.2 and earlier. It enables unauthenticated attackers to execute arbitrary\ncode on the target with SYSTEM privileges via specially crafted packets.</p>\n",
        "date_published": "2025-11-01T23:03:59-04:00",
        "url": "https://kiledjian.com/2025/11/01/chinalinked-hackers-exploited-lanscope-flaw.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/01/cisa-warns-ransomware-gangs-exploit.html",
        "title": "CISA warns ransomware gangs exploit CVE-2024-1086",
        "content_html": "<p>CISA warns ransomware gangs exploit CVE-2024-1086, a Linux kernel flaw in\nnetfilter: nf_tables, introduced in 2014 and patched in Jan 2024.\n<a href=\"https://securityaffairs.com/184076/security/old-linux-kernel-flaw-cve-2024-1086-resurfaces-in-ransomware-attacks.html\" target=\"_blank\" rel=\"noopener noreferrer\">securityaffairs.com/184076/se&hellip;</a></p>\n<p>CISA warned that ransomware gangs are exploiting CVE-2024-1086, a\nhigh-severity Linux kernel flaw introduced in 2014 and patched in January\n2024.</p>\n<p>CISA didn’t provide details about the ransomware attacks exploiting the flaw\nor name the groups responsible for targeting it.</p>\n<p>The vulnerability CVE-2024-1086 is a Linux kernel use-after-free issue that\nresides in the netfilter: nf_tables component that allows an attacker to\nachieve local privilege escalation.</p>\n",
        "date_published": "2025-11-01T17:05:25-04:00",
        "url": "https://kiledjian.com/2025/11/01/cisa-warns-ransomware-gangs-exploit.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/01/australia-warns-of-badcandy-infections.html",
        "title": "Australia warns of BadCandy infections ",
        "content_html": "<p>Australia warns of BadCandy infections on unpatched Cisco devices\n<a href=\"https://www.bleepingcomputer.com/news/security/australia-warns-of-badcandy-infections-on-unpatched-cisco-devices/\" target=\"_blank\" rel=\"noopener noreferrer\">www.bleepingcomputer.com/news/secu&hellip;</a></p>\n<p>The Australian government is warning about ongoing cyberattacks against\nunpatched Cisco IOS XE devices in the country to infect routers with the\nBadCandy webshell.</p>\n<p>The vulnerability exploited in these attacks is CVE-2023-20198, a max-severity\nflaw that allows remote unauthenticated threat actors to create a local admin\nuser via the web user interface and take over the devices.</p>\n<p>Cisco fixed the flaw in October 2023, which was then marked as an actively\nexploited issue. A public exploit became available two weeks later, fueling\nmass exploitation for backdoor planting on internet-exposed devices.</p>\n<p>The Australian authorities have warned that variants of the same Lua-based\nBadCandy web shells are still used in attacks throughout 2024 and 2025,\nindicating that many Cisco devices remain unpatched.</p>\n",
        "date_published": "2025-11-01T17:04:38-04:00",
        "url": "https://kiledjian.com/2025/11/01/australia-warns-of-badcandy-infections.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      },
      {
        "id": "http://ekiledjian2.micro.blog/2025/11/01/cloud-abuse-at-scale.html",
        "title": "Cloud Abuse at Scale",
        "content_html": "<p>Cloud Abuse at Scale\n<a href=\"https://www.fortinet.com/blog/threat-research/cloud-abuse-at-scale\" target=\"_blank\" rel=\"noopener noreferrer\">www.fortinet.com/blog/thre&hellip;</a></p>\n<p>Identity compromise remains one of the most pressing threats to cloud\ninfrastructure today. When attackers gain access to valid credentials, they\ncan often bypass the traditional security controls designed to protect those\nenvironments. In AWS, this type of compromise frequently manifests through\nabuse of the Simple Email Service (SES), one of the most common tactics\nobserved in real-world intrusions. SES offers adversaries a convenient and\nscalable way to conduct illicit email operations once they’ve obtained valid\nAWS access keys.</p>\n<p>In recent activity, we identified a campaign in which adversaries used stolen\ncredentials to target SES. As part of this campaign, we uncovered a\nlarge-scale attack infrastructure—dubbed TruffleNet—built around the\nopen-source tool TruffleHog, which is used to systematically test compromised\ncredentials and perform reconnaissance across AWS environments. Beyond\ncredential testing, we also observed adversaries leveraging compromised cloud\naccounts to facilitate downstream Business Email Compromise (BEC) campaigns.</p>\n",
        "date_published": "2025-11-01T17:03:50-04:00",
        "url": "https://kiledjian.com/2025/11/01/cloud-abuse-at-scale.html",
        "tags": ["Cybersecurity \u0026 Privacy"]
      }
  ]
}
