For years I thought this was sung by Boris Karloff, but he only narrated the show. It was actually sung by Thurl Ravenscroft - the voice of Tony The Tiger. And sang in "A Pirate's Life For Me."
And yes, Dr. Seuss wrote the lyrics.
Thursday, December 18, 2025
AI Browser Extensions considered harmful
Ad blockers and VPNs are supposed to protect your privacy, but four popular browser extensions have been doing just the opposite. According to research from Koi Security, these pernicious plug-ins have been harvesting the text of chatbot conversations from more than 8 million people and sending them back to the developers.
The four seemingly helpful extensions are Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. They're distributed via the Chrome Web Store and Microsoft Edge Add-ons, but include code designed to capture and transmit browser-based interactions with popular AI tools.
I believe that the very first of Borepatch's Laws of Security - from way, way back in 2008 - was "Free Download" is Internet-speak for "Open your mouth and close your eyes".
Plus ca change ...
So you really shouldn't use them.
Wednesday, December 17, 2025
Monday, December 15, 2025
Lawsuit over FedRAMP compliance
This is perhaps a niche security topic, but some of you are as niche as me:
The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.
Danielle Hillmer, 53, of Chantilly, Virginia, is accused of deceiving auditors over the capabilities of a service the government commissioned in 2017.
Although it is only referred to as Company A in the court documents, Hillmer claimed to work for Big Four consulting firm Accenture during the stated timeline, according to a now-deleted LinkedIn account.
The US alleges that between March 2020 and November 2021, Hillmer obstructed federal auditors and falsely represented the security of the company's cloud platform, which was used by other government customers beyond the Army.
Perhaps not security per se, but this raises the question of just how much do you trust the audit process?
Saturday, December 13, 2025
Friday, December 12, 2025
Pondering the SpaceX IPO
Sure there were rumors, but I was plausibly convinced that they wouldn't do this:
Key Points
- SpaceX is preparing for a potential $1.5 trillion IPO as soon as mid-2026.
- Elon Musk confirmed rumors in an X post.
- The IPO could boost SpaceX’s goals, Musk’s wealth, and the entire space sector.
The numbers seems low at $1.5T and $30B - low if you think that Space is a huge growth sector (as I do) and considering that the company has been cash flow positive for years.
Why I thought that they wouldn't do this is that I think that Elon is driven by Mars colonization, and having shareholders dilutes his ability to focus on that.
I guess we'll see.
Wednesday, December 10, 2025
Tuesday, December 9, 2025
Gartner Group recommends companies ban AI browsers
This is big news. Gartner Group is the largest IT trend analysis firm, used by essentially all large corporations. They just recommended blocking the installation and use of AI browsers:
Agentic browsers are too risky for most organizations to use, according to analyst firm Gartner.
The firm offered that advice last week in a new advisory titled “Cybersecurity Must Block AI Browsers for Now,” in which research VP Dennis Xu, senior director analyst Evgeny Mirolyubov, and VP analyst John Watts observe “Default AI browser settings prioritize user experience over security.”
I've posted about the risks of AI browsers. Gartner's recommendations track mine:
Gartner’s fears about the agentic capabilities of AI browser relate to their susceptibility to “indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and abuse of credentials if the AI browser is deceived into autonomously navigating to a phishing website.”
The authors also suggest that employees “might be tempted to use AI browsers and automate certain tasks that are mandatory, repetitive, and less interesting” and imagine some instructing an AI browser to complete their mandatory cybersecurity training sessions. [Highlighting mine - Borepatch]
The highlighted bit is a very clever way to get attention from IT departments. Not only will it irritate the IT Security team but it will focus the Risk Management team on potential loss of SOC2 compliance. This is a very Gartner way of getting eyeballs from the CISO and CIO. Like I said, clever.
And yeah, I agree 100% with Gartner on this.
Sunday, December 7, 2025
St. Ambrose - Veni Redemptor Genitum
Except there was this little problem: not only was Ambrose not a priest, he wasn't even baptized as a Christian. The crowd wasn't about to let minor issues like that stand between them and their new bishop. So Governor Aurelius Ambrosius became Bishop Ambrose.
He was a force to be reckoned with, even excommunicating Emperor Theodosius the Great (I think that this was the first time this had ever happened).
He also composed the first Christmas Carol, Veni Redemptor Genitum (Come, Redeemer of the Nations). It is still performed today, 1650 years later.
Latin:
Veni, redemptor gentium;
ostende partum Virginis;
miretur omne saeculum:
talis decet partus Deum.
English translation:
Come, Redeemer of the nations;
show forth the Virgin birth;
let every age marvel:
such a birth befits God.
Now the Christmas season is upon us. It seemed right to start our annual christmas music posts with the very first Christmas carol.
* The others are St. Jerome, St. Augustine, and St. Gregory the Great. It was sort of a Murderer's Row lineup of the early Church batting order.
Subscribe to:
Comments (Atom)