Dark mode: ON

Infosec Decoded Season 5 #69: Salesloft Breach

With Doug Spindler and sambowne@infosec.exchange

Recorded Tue, Sep 2, 2025

AI

ChatGPT can now create flashcards quiz on any topic
Therapists are secretly using ChatGPT. Clients are triggered.

Politics

Unfortunately, the ICEBlock app is activism theater
Because ICE sightings in the app aren’t verified in any way, it's likely that most reports in the app aren't actually ICE. And even worse, during the Q&A, he made it clear that he didn't understand terms like “warrant canary,” "reverse engineering," or “security through obscurity,” which doesn't inspire confidence.
Leaked ‘Gaza Riviera’ plan dismissed as ‘insane’ attempt to cover ethnic cleansing
Palestinians would be encouraged into “voluntary” departure to another country or into restricted, secure zones during reconstruction. Those who own land would be offered “a digital token” by the trust in exchange for rights to redevelop their property, to be used to finance a new life elsewhere.

The highly fanciful prospectus – subtitled “From a Demolished Iranian Proxy to a Prosperous Abrahamic Ally”– appears to have been drawn up by people with no physical knowledge of Gaza, the politics of the Middle East or the likely challenges in attempting to rebuild the territory as a multibillion-dollar tourism and technology hub that would inevitably compete with Israel.

Noem says LA 'would have burned down' without Trump's National Guard deployment
She characterized Los Angeles as a doomed city that needed to be saved by the president.
How do you respond when students come out with conspiracy theory nonsense?
Wired, Business Insider Editors Duped By Completely Bogus ‘AI’ Using ‘Journalist’ Who Made Up Towns, People That Don’t Exist

Infosec

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.
ZERO-DAY ALERT: Automated Discovery of Critical CWMP Stack Overflow in TP-Link Routers
TP-Link failed to patch a vulnerability in its routers for more than a year.
Keratin extracted from sheep's wool repairs teeth in breakthrough
Microsoft-backed boffins show mega speed boost with hollow-core fiber
It has lower loss and 50% increase in speed
Microsoft denies recent Windows 11 update is bricking SSDs