<invalid character>
- Why 0x56?
- It's a special number to me.
- Contributor to
- FactLayer. Links below👇
Joined Jun 2018
ProTip: when upgrading your yubikey or similar device, make sure you go through *every* account.
I was locked out of my work password manager for 2 days because I forgot that account.
Capital One breach response.
THERE WERE NO SSN'S IN THE BREACH
except about 200,000
BUT THERE WERE NO BANK ACCOUNT NUMBERS IN THE BREACH
except around 100,000
BUT IT WAS ALL ENCRYPTED
except some of it
#CoSoSec
How not to do breach response
BlueKeep RCE spotted on github
Shields Up!
FFS. He doesn't get it does he. Once an encryption backdoor is opened, it cannot be closed. A bad actor will just walk right through that very same day.
I get it. Encryption can help the bad guys. But there are mitigation techniques, albeit difficult, manpower-expensive ones, around that. Once encryption is broken, it leaves *every* *single* *person* in the world open to attack. What's that saying ... "good ... bad ... ratio ... and act accordingly"
https://techcrunch.com/2019/07/23/william-barr-consumers-security-risks-backdoors/
MitM attack on all Kazakhstan bound internet traffic
This may not be all that understandable to the average netizen... but this is kinda disturbing to me.
If Googlebot is susceptible to XSS which could allow SEO stuffing, then Google results can't always be trusted. (seriously, no snark here... google *is* the top SE after all.)
https://www.tomanthony.co.uk/blog/xss-attacks-googlebot-index-manipulation/
Ever try to get around a paywall in incognito mode only to see "Sorry, you can't view this in private mode."?
Chrome is about to close that loophole.
https://gizmodo.com/google-chrome-update-will-close-loophole-that-tipped-si-1836514664
Use Slack since 2015?
never update your password?
don't use 2FA?
update your password.
Headline says it all:
Permission-greedy apps delayed Android 6 upgrade so they could harvest more user data
FBI just released master decryption keys for GandCrab ransomware.
If you update your Mac, it won't be susceptible to the Zoom camera issue.
any other Ruby devs on CoSo?
reconsider the "strong_password" gem
https://www.zdnet.com/article/backdoor-found-in-ruby-library-for-checking-for-strong-passwords/
You'd think a director of IT would be more savvy than to open something he received in email.
https://gizmodo.com/florida-city-fires-it-employee-after-paying-460-000-in-1836031022
Devs: this is a lesson on what never to do with a password reset flow:
https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/
With all the ransomware out there, remember: your second (and perhaps final) line of defence is to
do backups to _non-connected_ media.
Well, this is disturbing.
4 watts of power, 4 fake LTE "towers" some special software, a densely crowded area, and a well crafted fake "Presidential Emergency Message" and you now have a recipe for localized chaos.
https://www.hackread.com/researchers-exploit-lte-flaws-to-send-fake-presidential-alerts/
"The fact that American corporations are mimicking the actions of an authoritarian government to score and treat consumers differently is disturbing"
https://gizmodo.com/the-surveillance-scores-companies-use-to-rip-you-off-mi-1835812385
Still think if you don't do anything wrong you have nothing to hide?
I think most people here know better, but remind those less technical. Don't click on ads claiming to speed up, clean, or otherwise "fix" your computer.
https://www.infosecurity-magazine.com/news/millions-fall-victim-to-system-1/
<invalid character>
- Why 0x56?
- It's a special number to me.
- Contributor to
- FactLayer. Links below👇
Joined Jun 2018