identity and access
6 posts
The surveillance doesn't have to be real
An author alleges Meta surveilled her for 12 months. The act is unconfirmed; the capability is structural and built into centralized identity.
Trusted is a label, not a boundary
US authorization of Mythos AI grants access by a 'trusted' label with no confirmed revalidation, monitoring, or revocation. A label is not a control.
What a tool does never made it safe
When ownership of an integrated, data-access tool changes, existing access persists under a new identity unless it is revoked and re-issued.
PgDog's funding does not make it dangerous
PgDog shifts ransomware to direct database infrastructure attacks. The enabling failure: identity and access controls that did not hold under exercise.
Entra ID trades your credential for a token
Microsoft Entra ID resolves trust at sign-in and honors bearer tokens on reference, not verification, which is how one compromised login becomes a cloud breach.
Audi faces scrutiny over myAudi platform exposure
A board-level view of the myAudi connected vehicle security concern: exposure, control failure, and the conditions directors must now enforce.