> be nerds
> look into persona (used by discord)
> kyc (know your customer) service
> used for age verification
> search on internet (shodan)
> find weird server
> image 1
> openai-watchlistdb.withpersona
> openai-watchlistdb-testing.withpersona
> lolwtf
> look inside
> supposed to be behind cloudflare to hide ip
> openai messed up
> not behind cloudflare
> real ip shown
> using google cloud
> lookup cert history
> 2023-11-16 created
> 2024-02-28 gets cert
> 2024-03-04 prod goes live
> google stuff
> openai and persona partners
> partner around timeline of certs
> back to searching stuff
> find withpersona-gov
> look inside
> okta (image 2)
> lolwtf
> look inside
> website accidentally leaking stuff
> fedramp-private-backend-api
> look inside
> api .js accidentally exposed
> look inside
> wtf "SARInstructionsCard"
> wtf "app.onyx.withpersona-gov"
> wtf "FINTRAC"
> wtf "PrivatePartnershipProjectNameCodes"
> image 3
> wtf "AsyncSelfie"
> look inside
> openai, persona, send data to us gov
> feds map face to financial records
> map face using AI
> map face to ICE stuff
> api stores data for lots of stuff
> image 4
tl;dr persona kyc and openai are frens, using your selfie for verification and sending to ICE (or USGOV in general), using AI to tie to your financial records. see subsequent post for full write-up. its long and not mobile friendly
> look into persona (used by discord)
> kyc (know your customer) service
> used for age verification
> search on internet (shodan)
> find weird server
> image 1
> openai-watchlistdb.withpersona
> openai-watchlistdb-testing.withpersona
> lolwtf
> look inside
> supposed to be behind cloudflare to hide ip
> openai messed up
> not behind cloudflare
> real ip shown
> using google cloud
> lookup cert history
> 2023-11-16 created
> 2024-02-28 gets cert
> 2024-03-04 prod goes live
> google stuff
> openai and persona partners
> partner around timeline of certs
> back to searching stuff
> find withpersona-gov
> look inside
> okta (image 2)
> lolwtf
> look inside
> website accidentally leaking stuff
> fedramp-private-backend-api
> look inside
> api .js accidentally exposed
> look inside
> wtf "SARInstructionsCard"
> wtf "app.onyx.withpersona-gov"
> wtf "FINTRAC"
> wtf "PrivatePartnershipProjectNameCodes"
> image 3
> wtf "AsyncSelfie"
> look inside
> openai, persona, send data to us gov
> feds map face to financial records
> map face using AI
> map face to ICE stuff
> api stores data for lots of stuff
> image 4
tl;dr persona kyc and openai are frens, using your selfie for verification and sending to ICE (or USGOV in general), using AI to tie to your financial records. see subsequent post for full write-up. its long and not mobile friendly
β€83π±42π€£21π€―6π₯°5π’3π₯1
vx-underground
> be nerds > look into persona (used by discord) > kyc (know your customer) service > used for age verification > search on internet (shodan) > find weird server > image 1 > openai-watchlistdb.withpersona > openai-watchlistdb-testing.withpersona > lolwtf >β¦
full write up: https://vmfunc.re/blog/persona
vmfunc.re
the watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to theβ¦
53MB of source code leaked from a government endpoint. 269 verification checks. biometric face databases. SAR filings to FinCEN. and the same company that verifies your ChatGPT account.
β€46π₯15π₯°3π€1
vx-underground
> be nerds > look into persona (used by discord) > kyc (know your customer) service > used for age verification > search on internet (shodan) > find weird server > image 1 > openai-watchlistdb.withpersona > openai-watchlistdb-testing.withpersona > lolwtf >β¦
1. i didnt discover this, vmfunc and friends did. im regurgitating their stuff
2. ive been informed discord stopped using persona. they use something else now. persona is still used in lots of places (like apparently roblox)
3. vmfunc and friends are still doing a write up about it and trying to talk to persona about it.
https://x.com/vmfunc/status/2024100827510517891
2. ive been informed discord stopped using persona. they use something else now. persona is still used in lots of places (like apparently roblox)
3. vmfunc and friends are still doing a write up about it and trying to talk to persona about it.
https://x.com/vmfunc/status/2024100827510517891
X (formerly Twitter)
celeste (@vmfunc) on X
update on "the watchers"
we are in direct written correspondence with persona's CEO. he's been responsive. he's been engaged. all exchanges will be published in full in part 2. a part 3 might be coming too.
now. about the names.
the personnel section wasβ¦
we are in direct written correspondence with persona's CEO. he's been responsive. he's been engaged. all exchanges will be published in full in part 2. a part 3 might be coming too.
now. about the names.
the personnel section wasβ¦
π€£51β€βπ₯12β€4π₯°4π’1
Earlier today X employees bragged X only has 30 employees. Guess which website is down again?
π€£183β€9π―7π₯4π₯°3
Meanwhile at Microsoft: Microsoft deployed botched security rules and Exchange Online accidentally flagged legitimate emails as malicious.
From February 5th to February 12th, "thousands" of safe emails were flagged as phishing emails
https://www.bleepingcomputer.com/news/microsoft/microsoft-anti-phishing-rules-mistakenly-blocked-emails-teams-messages/
From February 5th to February 12th, "thousands" of safe emails were flagged as phishing emails
https://www.bleepingcomputer.com/news/microsoft/microsoft-anti-phishing-rules-mistakenly-blocked-emails-teams-messages/
BleepingComputer
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns.
π₯°40π9π6β€3
vx-underground
Meanwhile at Microsoft: Microsoft deployed botched security rules and Exchange Online accidentally flagged legitimate emails as malicious. From February 5th to February 12th, "thousands" of safe emails were flagged as phishing emails https://www.bleepiβ¦
tldr if you're missing an email, or forgot to read an email, just blame it on Microsoft. Ez GG
π₯°52π16β€4
> be me
> working
> wife and baby sleeping
> hear blood-curdling scream
> "HELP"
> run fast af
> blast through door
> 11 month old climbed over baby barricade
> wife holding him by foot
> dangling off bed
> wife terrified
> grab baby
> he looks at me
> smiles
> starts laughing
> wife crying from pure terror
> baby sees her crying
> laughs
mfw baby almost killed himself, thinks its hilarious
> working
> wife and baby sleeping
> hear blood-curdling scream
> "HELP"
> run fast af
> blast through door
> 11 month old climbed over baby barricade
> wife holding him by foot
> dangling off bed
> wife terrified
> grab baby
> he looks at me
> smiles
> starts laughing
> wife crying from pure terror
> baby sees her crying
> laughs
mfw baby almost killed himself, thinks its hilarious
π±114π€£84π15β€7π’7π₯°6
vx-underground
> be me > working > wife and baby sleeping > hear blood-curdling scream > "HELP" > run fast af > blast through door > 11 month old climbed over baby barricade > wife holding him by foot > dangling off bed > wife terrified > grab baby > he looks at me > smilesβ¦
Babies have no concept of danger. All they know right now is "I can go places" and "I want to go places". He probably think it's funny Mommy and Daddy gave him a bunch of attention and thought falling was like a fun little ride.
tl;dr on constant suicide watch
tl;dr on constant suicide watch
π₯86π₯°26π«‘16π€£9β€7π6π2
I guess Persona saw my post, or other adjacent posts on social media, because Persona sent out an email addressing the findings to their customers.
They wrote the following (although I'm paraphrasing):
1. Persona does not share your customers data outside of scope. They said all contracts are solidified and compliance is important
2. Persona does not work with the Department of Homeland Security, or the United States government in general, however they assert they admit they are seeking potential contracts
3. Persona is not involved with Peter Thiel, although he is an investor. Persona asserts they have no relationship with Palantir
4. Company employees, including investors, do not have access to customer data.
5. They don't plan on saying anything else about this posts on social media because it amplifies stuff. They politely and gently call social media people schizo conspiracy theorists and state they are privately engaging with accredited journalists behind the scenes.
They wrote the following (although I'm paraphrasing):
1. Persona does not share your customers data outside of scope. They said all contracts are solidified and compliance is important
2. Persona does not work with the Department of Homeland Security, or the United States government in general, however they assert they admit they are seeking potential contracts
3. Persona is not involved with Peter Thiel, although he is an investor. Persona asserts they have no relationship with Palantir
4. Company employees, including investors, do not have access to customer data.
5. They don't plan on saying anything else about this posts on social media because it amplifies stuff. They politely and gently call social media people schizo conspiracy theorists and state they are privately engaging with accredited journalists behind the scenes.
π€£170π₯°8π€8β€7π―2
Hello,
I added more malware and more malware papers to the website most of you don't even realize this page is about (I collect malware source code, samples, and papers).
Big updates:
https://vx-underground.org/Updates
I added more malware and more malware papers to the website most of you don't even realize this page is about (I collect malware source code, samples, and papers).
Big updates:
https://vx-underground.org/Updates
β€43π3π₯°2π€£1π«‘1
I've seen nerds say, "how does the malware guy who doesnt go outside have a family and i dont?"
Well, it's very shrimple.
1. I don't talk about what I do, ever. They don't understand malware and if I tried to explain it they'd be scared.
2. I don't tell anyone what I do on the internet, ever. If I told people I unironically talk to cyber terrorists and send the FBI pictures of cats they'd be scared.
3. I don't talk about computers or anything technology adjacent, ever. Computers are for nerds and normal people don't understand it. If I explained anything they'd be scared.
4. I dress normal. I wear generic middle class jeans from generic middle class stores. I wear generic shoes like Nikes. I don't wear cybersecurity shirts. All my shirts are cheap $8 shirts that are blank with no logo on it.
Basically, be a normal person. Talk about dumb shit, like the weather or food, or something. Ask people about themselves (they love talking about themselves). You have to segregate internet person from IRL person.
tl;dr malware is illegal and for nerds
Well, it's very shrimple.
1. I don't talk about what I do, ever. They don't understand malware and if I tried to explain it they'd be scared.
2. I don't tell anyone what I do on the internet, ever. If I told people I unironically talk to cyber terrorists and send the FBI pictures of cats they'd be scared.
3. I don't talk about computers or anything technology adjacent, ever. Computers are for nerds and normal people don't understand it. If I explained anything they'd be scared.
4. I dress normal. I wear generic middle class jeans from generic middle class stores. I wear generic shoes like Nikes. I don't wear cybersecurity shirts. All my shirts are cheap $8 shirts that are blank with no logo on it.
Basically, be a normal person. Talk about dumb shit, like the weather or food, or something. Ask people about themselves (they love talking about themselves). You have to segregate internet person from IRL person.
tl;dr malware is illegal and for nerds
β€101π31π₯°7π―6π’5π€―3π€3π2π2π€1
vx-underground
I've seen nerds say, "how does the malware guy who doesnt go outside have a family and i dont?" Well, it's very shrimple. 1. I don't talk about what I do, ever. They don't understand malware and if I tried to explain it they'd be scared. 2. I don't tellβ¦
This probably makes me sound like a sociopath, or something, but I very seriously don't talk about vx-underground or anything I do online with people IRL.
Nobody would understand it, I don't feel like explaining it, and truthfully I don't feel like discussing it. I don't need to bond with people over dumb computer nerd stuff.
Online I am "smelly smellington", I collect malware, development malware, reverse engineer malware, and do silly things which are playfully unethical.
IRL I'm a Father, a son, an Uncle, I go to family birthday parties, go do stuff like trick-or-treating, Christmas stuff, family cook-outs, sometimes go to church (I'm not religious, but whatever), etc. I like to watch UFC, weird cartoons on YouTube like MeatCanyon, and enjoy stuff like watching Netflix with my family
smelly smellington != IRL me
tl;dr just be a normal person, nerd
Nobody would understand it, I don't feel like explaining it, and truthfully I don't feel like discussing it. I don't need to bond with people over dumb computer nerd stuff.
Online I am "smelly smellington", I collect malware, development malware, reverse engineer malware, and do silly things which are playfully unethical.
IRL I'm a Father, a son, an Uncle, I go to family birthday parties, go do stuff like trick-or-treating, Christmas stuff, family cook-outs, sometimes go to church (I'm not religious, but whatever), etc. I like to watch UFC, weird cartoons on YouTube like MeatCanyon, and enjoy stuff like watching Netflix with my family
smelly smellington != IRL me
tl;dr just be a normal person, nerd
β€75π13π’6π―5π4π₯°3π€2π₯1
Hello,
I've receive your messages loud and clear. You want more cat pictures. I have 12 "cat blocks" on VXUG already. Each "cat block" is 2,000 pictures. I'll add like, 37 more blocks.
I will work on uploading tonight
https://vx-underground.org/Archive
I've receive your messages loud and clear. You want more cat pictures. I have 12 "cat blocks" on VXUG already. Each "cat block" is 2,000 pictures. I'll add like, 37 more blocks.
I will work on uploading tonight
https://vx-underground.org/Archive
π₯°49π€©8π6β€5π2
vx-underground
Hello, I've receive your messages loud and clear. You want more cat pictures. I have 12 "cat blocks" on VXUG already. Each "cat block" is 2,000 pictures. I'll add like, 37 more blocks. I will work on uploading tonight https://vx-underground.org/Archive
I make them smaller "blocks" because last time I bundled them all together it was over 162GB and several thousand people tried it download it at once.
It resulted in 100TB of data attempting to be pulled and our infrastructure imploded.
tl;dr ddos via cats
It resulted in 100TB of data attempting to be pulled and our infrastructure imploded.
tl;dr ddos via cats
β€βπ₯41π₯°10π₯6π3β€1π1π1
vx-underground
My computer hard drive sounds like a bunch of loose change bouncing around inside a dryer. No idea what that means
It suddenly stopped. Now it sounds like a bunch of fish gurgling under water.
π₯°42π€4β€2π₯2π«‘1