RC RANDOM CHAOS

identity and access

6 posts

The surveillance doesn't have to be real
Article

The surveillance doesn't have to be real

An author alleges Meta surveilled her for 12 months. The act is unconfirmed; the capability is structural and built into centralized identity.

Trusted is a label, not a boundary
Article

Trusted is a label, not a boundary

US authorization of Mythos AI grants access by a 'trusted' label with no confirmed revalidation, monitoring, or revocation. A label is not a control.

What a tool does never made it safe
Article

What a tool does never made it safe

When ownership of an integrated, data-access tool changes, existing access persists under a new identity unless it is revoked and re-issued.

PgDog's funding does not make it dangerous
Article

PgDog's funding does not make it dangerous

PgDog shifts ransomware to direct database infrastructure attacks. The enabling failure: identity and access controls that did not hold under exercise.

Entra ID trades your credential for a token
Article

Entra ID trades your credential for a token

Microsoft Entra ID resolves trust at sign-in and honors bearer tokens on reference, not verification, which is how one compromised login becomes a cloud breach.

Audi faces scrutiny over myAudi platform exposure
Article

Audi faces scrutiny over myAudi platform exposure

A board-level view of the myAudi connected vehicle security concern: exposure, control failure, and the conditions directors must now enforce.