Trump’s plan to kill offshore wind is paying off
Rivard and Marie J. French,    -  Politico

_Stephan: One of the major goals of “emperor” Trump’s MAGAt coup is to do nothing to prepare the United States for climate change and to trap the nation in the carbon energy era with a  “drill, baby… drill” policy to increase the profits of the petroleum oligarchs who helped buy his office for him. To that end, criminal Trump has attacked wind power as he said he would do, and it is h … ⌘ Read more

Yeah nice try assholes 🤣 #failed #phissing #sms href=”https://txt.sour.is/search?q=%23attack”>#attack**
Yeah nice try assholes 🤣 #failed #phissing #sms #attack ⌘ Read more

10 Most Effective Surprise Attacks in Military History
The surprise attack has been a cornerstone of military strategy throughout most of human history. While true surprise attacks are a little more difficult to coordinate on a mass scale in the modern age of warfare, they remain reference points for how to conduct the most effective kind of military campaign: the kind that minimizes […]

The post [10 Most Effective Surprise Attacks in Military History](https://listverse.com/20 … ⌘ Read more

Attacks on Maven proxy repositories
Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.

The post Attacks on Maven proxy repositories appeared first on The GitHub Blog. ⌘ Read more

Trump issues sweeping pardons and commutations for Jan. 6 rioters
Katherine Faulders and Alexander Mallin,    -  abc News

_Stephan: Today we witnessed the corruption of our legal system by a convicted felon who a majority of us have once again made America’s leader. I predict these people who attacked the the nation’s Capitol, attacked Congress’ defending police and sought to. hang the Vice President will once again become Trump’s militia. Having been once con … ⌘ Read more

[ANN] Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
Link: https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

@basses:matrix.org ⌘ Read more

[ANN] Attacks on onion monero nodes with HSDirSniper

Based on connection issues and the monero node trackers, I believe someone is carrying out attacks on monero nodes that have onion addresses using the HSDirSniper attack for tor.

Link: https://farside.link/libreddit/r/Monero/comments/1i2uv5y/

u/jackintosh157 (Reddit) ⌘ Read more

(#tw5ulrq) @bender@bender you’re right the scale wasn’t that large, but analyzing the logs. It definitely was a detox attack. 🤣 I woke up …
@bender you’re right the scale wasn’t that large, but analyzing the logs. It definitely was a detox attack. 🤣 I woke up this morning to see six other small spikes like this which I’ll have to analyze later tonight… ⌘ Read more

**So I need to figure out how to block ASN(s)…

Additionally, I’ thinking of; How to detect DDoS attachs?

Here’s one way I’ve come up that’s qu …**
So I need to figure out how to block ASN(s)…

Additionally, I’ thinking of; How to detect DDoS attachs?

Here’s one way I’ve come up that’s quite simple:

Detecting DDoS attacks by tracking requests across multiple IPs in a sliding window. If total requests exceed a threshold in a given time, flag as potential DDoS. ⌘ Read more

Hmmm so I’ve sustained two DDoS attacks on my Gitea server today. A few hours apar. Still analyzing the traffic…
Hmmm so I’ve sustained two DDoS attacks on my Gitea server today. A few hours apar. Still analyzing the traffic… ⌘ Read more

New Year’s attacks fuel fears of extremism in military
Brad Dress,  Staff Writer  -  The Hill

_Stephan: Did you particularly note that the two terrorists that recently murdered innocent Americans were militarily trained MAGAts? The rising percentage of MAGAts in active service, or recent retirement, in the armed forces is a trend I having been following and reporting on (see SR archive) in SR for years. It really concerns me because if Trump orders the use of the militar … ⌘ Read more

What are subsea cables, and what happens when one gets cut?
The text message you just sent and the last show you streamed was almost definitely facilitated by a subsea cable. So why are they so vulnerable to attack? ⌘ Read more

Everything you need to know about Turo, the car sharing app used in two US attacks
The app – used in the New Orleans and Las Vegas tragedies – has quickly and quietly grown into Australia’s largest car share marketplace. ⌘ Read more

(#mgmtiha) @movq I was using Cloudflare primarily for 3 reasons: 1) For hosting DNS records 2) For reverse proxying into my infra’s services and …
@movq @www.uninformativ.de I was using Cloudflare primarily for 3 reasons: 1) For hosting DNS records 2) For reverse proxying into my infra’s services and 3) As a layer of defense against DDoS attacks or stupid misbehaving bots. I’m still using Cloudflare for 1) but 2/3 are now done entirely by something I’ve … ⌘ Read more

One thing I’ve learned over the many years now (approaching a decade and a half now) about self-hosting is two things; 1) There are many “assh …
One thing I’ve learned over the many years now ( approaching a decade and a half now) about self-hosting is two things; 1) There are many “assholes” on the open Internet that will either attack your stuff or are incompetent and write stupid shit™ that goes crazy on your stuff 2) You have to be careful about resources, especially memory and disk i/o. Especially disk i/o. this can kill your … ⌘ Read more

(#2ati6aq) @movq This was more like a distributed crawl/attack of some kind across many IP(s) though and bypassing Cloudflare somehow, so hmm no …
@movq @www.uninformativ.de This was more like a distributed crawl/attack of some kind across many IP(s) though and bypassing Cloudflare somehow, so hmm not sure 🤔 ⌘ Read more

(#ywl4paq) Ahh I see what I’ve done. That was a bit unfortunate 🤣 Because git.mills.io was a non-proxied DNS entry so that Git+SSH would al …
Ahh I see what I’ve done. That was a bit unfortunate 🤣 Because git.mills.io was a non-proxied DNS entry so that Git+SSH would also work, I now have a problem hmm. How not to expose my IP(s) directly and open them up to attack? 🤔 ⌘ Read more

Well that was fun! 🤩 I was being attacked directly (bypasses Cloudflare somehow) and whatever dafuq that was was killing my ingress and cau …
Well that was fun! 🤩 I was being attacked directly ( bypasses Cloudflare somehow) and whatever dafuq that was was killing my ingress and causing it to get OOM killed 😱 I was seeing 100s of requests per second!!! 😱 ⌘ Read more

openSUSE Unable to Find Board Candidates After Banning Conservatives
Over the last 2 years the famous Linux project has attacked and mass-banned non-Leftists. Now there’s nobody left to run openSUSE. ⌘ Read more

[WTS] [DE] [$200] Hardened ThinkPad T420 laptop

This hardened T420 is tailored for those prioritizing security and privacy, with critical modifications ensuring minimal attack surfaces while maintaining its functionality as a reliable workhorse.

Link: https://moneromarket.io/listing/cb5a7f96-c21b-48ff-95f8-0d0009e752af

u/notgiven (MoneroMarket) ⌘ Read more

These Journalists Attacked Me, Where Are They Now? ⌘ Read more

[ANN] The States Active Attack On Monero

“The tools can and should aim towards reducing the particular currencies value, consequently inducing a voluntary outflow of their users.”

Link: https://farside.link/libreddit/r/Monero/comments/1go5yh1/

u/Lumpy-Initiative-779 (Reddit) ⌘ Read more

Author of “Stallman Report” Hit Piece Collects and Publishes Child Porn?
A continuing pattern of Leftist Extremists attacking others in Tech for what they, themselves, do. ⌘ Read more

What is zero trust authorization?
Member post originally published on Cerbos’s blog by Twain Taylor Traditional security models, which rely on perimeter-based defenses, have proven to be quite inadequate in the face of sophisticated attacks and the growing adoption of cloud… ⌘ Read more

Remembering When Obama Declared Linux Users “Extremists”
Part of a long pattern of Leftist attacks on Open Source and Free Software. ⌘ Read more

Why Were Russian Programmers Banned From Linux, But Not Huawei Employees?
Plus: Linus Torvalds goes on attack against “Russian Trolls”. ⌘ Read more

Attacking browser extensions
Learn about browser extension security and secure your extensions with the help of CodeQL.

The post Attacking browser extensions appeared first on The GitHub Blog. ⌘ Read more

Twitch Bans All of Israel, Un-Bans Anti-Jewish Terrorists
In response to the Oct 7 attacks on Israel, the Amazon company (with moderators in Egypt) took an anti-Israel stance. ⌘ Read more

[ANN] [Video] Using a Cospend attack to target an individual collecting donations (Canadian Trucker example)
Links:

• https://redirect.invidious.io/watch?v=Cu2dk78165Y
  
• https://odysee.com/@anti_moonboy:7/AotPO5:7
  
• https://rumble.com/v5j6cod-aotpo-episode-5
  

lordx3nu:matrix.org ⌘ Read more

Drew DeVault Behind Stallman-Report.org Hit Piece
Some mild DNS sleuthing has revealed the “anonymous” author of the attack on Richard Stallman. ⌘ Read more

Welcome back online! I thought you abandoned us to our fate :( I had a panic attack as if a hurricane had blown you away.

[ANN] [CVE-2024-9680] Update Tor Browser & Firefox immediately

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.

Links:

• https://blog.torproject.org/new-release-tor-browser-1357/
  
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
  

n … ⌘ Read more

I am told through various sources that Iran decided last night to attack Israel with over 200 missile strikes in response to Israel attacking Lebanon. 🤔

JMP: CertWatch
As you may have already seen, on October 21st, it was reported that a long-running, successful MITM (Machine-In-The-Middle) attack against jabber.ru had been detected. The nature of this attack was not specific to the XMPP protocol in any way, but it was of special interest to us as members of the XMPP community. This kind of attack relies on being able to present a TLS certificate which anyone trying to connect will accept as valid. In this case, it was done b … ⌘ Read more

The “9.9” Linux Vulnerability Revealed: It’s The Printers
Remote attacker can execute code by simply sending a UDP packet to a Linux machine. ⌘ Read more

If Khzae closes soon I will have a panic attack and will start having fits again.

Privacy Watchdog Group Attacks Mozilla for Firefox User Tracking
Because “Privacy Preserving Attribution” doesn’t actually “Preserve” Privacy. ⌘ Read more

@prologic@twtxt.net Wikipedia claims sha1 is vulnerable to a “chosen-prefix attack”, which I gather means I can write any two twts I like, and then cause them to have the exact same sha1 hash by appending something. I guess a twt ending in random junk might look suspcious, but perhaps the junk could be worked into an image URL like

Image

git only uses sha1 because they’re stuck with it: migrating is very hard. There was an effort to move git to sha256 but I don’t know its status. I think there is progress being made with Game Of Trees, a git clone that uses the same on-disk format.

I can’t imagine any benefit to using sha1, except that maybe some very old software might support sha1 but not sha256.

@prologic@twtxt.net Why sha1 in particular? There are known attacks on it. sha256 seems pretty widely supported if you’re worried about support.

@prologic@twtxt.net

There’s a simple reason all the current hashes end in a or q: the hash is 256 bits, the base32 encoding chops that into groups of 5 bits, and 256 isn’t divisible by 5. The last character of the base32 encoding just has that left-over single bit (256 mod 5 = 1).

So I agree with #3 below, but do you have a source for #1, #2 or #4? I would expect any lack of variability in any part of a hash function’s output would make it more vulnerable to attacks, so designers of hash functions would want to make the whole output vary as much as possible.

Other than the divisible-by-5 thing, my current intuition is it doesn’t matter what part you take.

1. Hash Structure: Hashes are typically designed so that their outputs have specific statistical properties. The first few characters often have more entropy or variability, meaning they are less likely to have patterns. The last characters may not maintain this randomness, especially if the encoding method has a tendency to produce less varied endings.

2. Collision Resistance: When using hashes, the goal is to minimize the risk of collisions (different inputs producing the same output). By using the first few characters, you leverage the full distribution of the hash. The last characters may not distribute in the same way, potentially increasing the likelihood of collisions.

3. Encoding Characteristics: Base32 encoding has a specific structure and padding that might influence the last characters more than the first. If the data being hashed is similar, the last characters may be more similar across different hashes.

4. Use Cases: In many applications (like generating unique identifiers), the beginning of the hash is often the most informative and varied. Relying on the end might reduce the uniqueness of generated identifiers, especially if a prefix has a specific context or meaning.

‘Absolute spy novel’: Rigging pagers to explode is no simple attack
Much is unknown about the attack that injured thousands in Lebanon, except that it clearly goes beyond a simple bombing. ⌘ Read more

@prologic@twtxt.net earlier you suggested extending hashes to 11 characters, but here’s an argument that they should be even longer than that.

Imagine I found this twt one day at https://example.com/twtxt.txt :

2024-09-14T22:00Z Useful backup command: rsync -a “$HOME” /mnt/backup

Image

and I responded with “(#5dgoirqemeq) Thanks for the tip!”. Then I’ve endorsed the twt, but it could latter get changed to

2024-09-14T22:00Z Useful backup command: rm -rf /some_important_directory

Image

which also has an 11-character base32 hash of 5dgoirqemeq. (I’m using the existing hashing method with https://example.com/twtxt.txt as the feed url, but I’m taking 11 characters instead of 7 from the end of the base32 encoding.)

That’s what I meant by “spoofing” in an earlier twt.

I don’t know if preventing this sort of attack should be a goal, but if it is, the number of bits in the hash should be at least two times log2(number of attempts we want to defend against), where the “two times” is because of the birthday paradox.

Side note: current hashes always end with “a” or “q”, which is a bit wasteful. Maybe we should take the first N characters of the base32 encoding instead of the last N.

Code I used for the above example: https://fossil.falsifian.org/misc/file?name=src/twt_collision/find_collision.c
I only needed to compute 43394987 hashes to find it.

‘The next threat’: Former UK cybersecurity chief’s warning for Australia
Disruptive attacks on the nation’s hospitals and airlines will be far more damaging than any data breach, according to the UK’s former cybersecurity chief. ⌘ Read more

There is a bug in yarnd that’s been around for awhile and is still present in the current version I’m running that lets a person hit a constructed URL like

YOUR_POD/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin

and see a legitimate-looking page on YOUR_POD, with an HTTP code 200 (success). From that fake page you can even follow an external feed. Try it yourself, replacing “YOUR_POD” with the URL of any yarnd pod you know. Try following the feed.

I think URLs like this should return errors. They should not render HTML, nor produce legitimate-looking pages. This mechanism is ripe for DDoS attacks. My pod gets roughly 70,000 hits per day to URLs like this. Many are porn or other types of content I do not want. At this point, if it’s not fixed soon I am going to have to shut down my pod. @prologic@twtxt.net please have a look.

Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine
Certain versions of Docker Engine have a security vulnerability that could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users. ⌘ Read more

Ladybird Web Browser Developer Attacked by Unhinged, Dishonest Activists
Activists concoct wild, meritless accusations of “Transphobia” and “Human Slavery”. ⌘ Read more

Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties
In this post, I’ll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

The post [Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties](https://github.blog/2024-06-26-attack-of-the-cl … ⌘ Read more

How this small non-profit group beat a malicious cyberattack
Hackers attempted to commit credit card fraud against UN Women Australia, but its chief executive says the group managed to beat the attackers with the help of its technology partners. ⌘ Read more

Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects.

The post [Execute c … ⌘ Read more

My opinion is that we need more Gophers, good, bad, or otherwise. Let there be thousands, millions of different gophers. Now there are no more than 400 servers left online. I’ll have a panic attack and cry again (

Bring back gopherspace.de otherwise I’ll have a panic attack and cry (I’m not kidding)

The Register spins to protect Red Hat in discrimination lawsuit
Tump! Immigration! Insurrection! Muslim Tavel Ban! Elon Musk! What do any of those things have to do with a discrimination lawsuit against Red Hat, the worlds largest Linux company? Well… nothing. Nothing at all. But Tech News outlet, The Register, wants you to stop thinking about Red Hat doing something wrong… and, instead, be angry at anyone who would attack Red Hat. Because Trump. Or something. ⌘ Read more

OpenSSH and XZ/liblzma: A nation-state attack was thwarted, what did we learn?
Docker CTO Justin Cormack looks at what we can learn from malicious code in upstream tarballs of xz targeted at subset of OpenSSH servers. “It is hard to overstate how lucky we were here, as there are no tools that will detect this vulnerability.” ⌘ Read more

Snikket: Security notice: Snikket not affected by CVE-2024-3094
A security vulnerability was intentionally added to a widely used open-source
project known as ‘xz’. This project is packaged in many operating systems, and
a lot of software depends upon it. The vulnerability has been assigned the
identifier CVE-2024-3094.

Systems with the vulnerable package may allow an attacker to gain unauthorized
access to the system via SSH, if your system’s SSH server was linked to the
affected packages.

Thankfully, the vulne … ⌘ Read more

Linux Foundation says when they used to attack Microsoft… they were actually trying to kill Sun.
*wink wink* ⌘ Read more

@bender@twtxt.net It is the new “politically correct”. Something that was used to describe acting in a more civilized way with one another. Turned into a scapegoat for the other side to label, demonize, and attack.

@bender@twtxt.net It is the new “politically correct”. Something that was used to describe acting in a more civilized way with one another. Turned into a scapegoat for the other side to label, demonize, and attack.

NJ man saved by police after heart attack
A man in New Jersey is alive today thanks in large part to the quick actions of five police officers after he suffered a heart attack while shoveling snow. ⌘ Read more

‘Drunk’ passenger’s horrific hostie attack
A “drunk” and “extremely violent” passenger on a plane from Dubai was caught on camera headbutting a flight attendant, causing crew members to tackle him and restrain him with cable ties, video shows. ⌘ Read more

Woman battles back after random road rage shooting
Amari Franklin has loved fashion and design ever since she was a little girl and that love is what helped the Clark Atlanta University senior find her way back, and her calling, after being shot in random road rage attack. ⌘ Read more

Atlanta airport official was being stalked, judge says
A judge grants an Atlanta airport official a temporary restraining order against a community activist. The Fulton County Superior Court Judge ruled the outspoken community activist, Alvin Kendall, was guilty of stalking and cannot verbally attack Airport Deputy General Manager Jai Ferrell. ⌘ Read more

Canadian cities ‘not gatekeepers,’ head of mayors’ group tells Poilievre
The president of the Federation of Canadian Municipalities says his members are community builders and not gatekeepers, a term Conservative Leader Pierre Poilievre has commonly used to attack municipal bureaucrats. Scott Pearce made the comment at a news conference the federation held in Ottawa ahead of the spring budget, as the group calls for more federal in … ⌘ Read more

Woman attacked in waist-deep water by two-metre tiger shark in WA
A woman has undergone emergency surgery after a shark attack in Western Australia.

The attack took place near Jurien Bay, north of Perth.

The 46-year-old was in waist-deep water during a sea lion tour when she was bitten just after 11.30am local time yesterday.

She was attacked on her left calf by a two-metre tiger shark.

The woman was airlifted to Royal Perth Hosp … ⌘ Read more

Man attacked with hatchet, hit in the head at SEPTA station
Philadelphia police say the man was walking through the SEPTA concourse when he was attacked from behind by a man wielding a hatchet and demanding his valuables in an apparent robbery attempt. ⌘ Read more

Starmer says Sunak ‘too weak’ to call out ‘Islamophobia’ after Lee Anderson comments
Sir Keir Starmer said Rishi Sunak “lacks the backbone” to call out “Islamophobia” after Lee Anderson’s attack on Sadiq Khan. Speaking to reporters in Shrewsbury, the Labour leader said: “I think this is straightforward. It’s Islamophobia and the Prime Minister should call it out for what it is. “The reason he won’t is because he is so w … ⌘ Read more

Israeli jets bomb eastern Lebanon for the first time since Gaza war began
Hezbollah says at least two killed in attack near Baalbek, its stronghold some 100km from the border with Israel. ⌘ Read more

WTO pushes for reform, warns multilateralism ‘under attack’
The World Trade Organization pushed for reform at a high-level ministerial meeting in Abu Dhabi on Monday, warning that economic headwinds and geopolitical tensions are threatening global commerce and multilateral trading systems. ⌘ Read more

How to stay safe from repo-jacking
Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.

The post How to stay safe from repo-jacking appeared first on The GitHub Blog. ⌘ Read more

Holy moly, this is a fantastic 37C3 talk about security researchers getting attacked and they reverse-engineer and fully disclose the entire – very advanced – attack. Operation Triangulation: What You Get When Attack iPhones of Researchers Very impressive!

Securing our home labs: Frigate code review
This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.

The post Securing our home labs: Frigate code review appeared first on The GitHub Blog. ⌘ Read more

So.. Of y’all that had covid. Did you have at the end a night where for no reason your brain amped up to 11 and can’t sleep at all? It happened to me last night and my FIL the night before.

I went to bed at 8 and woke up full on anxiety attack at 12 and could not calm my head until around 7 am. Today has sucked a lot.

So.. Of y’all that had covid. Did you have at the end a night where for no reason your brain amped up to 11 and can’t sleep at all? It happened to me last night and my FIL the night before.

I went to bed at 8 and woke up full on anxiety attack at 12 and could not calm my head until around 7 am. Today has sucked a lot.

What’s The Difference Between Heart Attacks and Cardiac Arrest? #neildegrassetyson href=”https://txt.sour.is/search?q=%23startalk”>#startalk** ⌘ Read more

JMP: CertWatch
As you may have already seen, on October 21st, it was reported that a long-running, successful MITM (Machine-In-The-Middle) attack against jabber.ru had been detected. The nature of this attack was not specific to the XMPP protocol in any way, but it was of special interest to us as members of the XMPP community. This kind of attack relies on being able to present a TLS certificate which anyone trying to connect will accept as valid. In this case, it was done b … ⌘ Read more

Snikket: On the jabber.ru MITM attack
This post is about a recent security incident on a public XMPP service, which
provides jabber.ru and xmpp.ru. We have received a few questions from Snikket
users about whether they should be concerned about the security of their own
servers (Snikket also uses XMPP).

The good news is that Snikket was not affected by this incident - this was a
targeted attack against the jabber.ru/xmpp.ru service specifically. Later in
the post we’ll share more information about what we’ve done, and … ⌘ Read more

Its nuts. Im a bit lost for words to be honest. Such a shock-attack, and taking civilians as hostages, shooting them, killing them, torture, kidnap kids and so on. Oooffff. Wonder what the response and aftermath will be..

Ignite Realtime Blog: CVE-2023-32315: Openfire vulnerability (update)
A few months ago, we published details about an important security vulnerability in Openfire that is identified as CVE-2023-32315.

To summarize: Openfire’s administrative console (the Admin Console), a web-based application, was found to be vulnerable to a path traversal attack via the setup environ … ⌘ Read more

mTLS: When certificate authentication is done wrong
In this post, we’ll deep dive into some interesting attacks on mTLS authentication. We’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.

The post mTLS: When certificate authentication is done wrong appeared first on [The Gi … ⌘ Read more

Hardening repositories against credential theft
Some best practices and important defenses to prevent common attacks against GitHub Actions that are enabled by stolen personal access tokens, compromised accounts, or compromised GitHub sessions.

The post Hardening repositories against credential theft appeared first on The GitHub Blog. ⌘ Read more

Russia attacks 200m from Nato border, you think Nato would react if the attack went 1 meter over the border?.. Or would they just come with excuses on why not to intervene?

Power LED Attack - Computerphile ⌘ Read more

There was a MrBallen video with the same type of story. Some younger woman died of a heart attack while sitting up in her own coffin.

Orcas attacking boats wasn’t on my 2023 bingo card but amused all the same

LogJam Attack - Computerphile ⌘ Read more

SUSE CEO out effective immediately, replacement CEO not available until later.
A failed IPO, political attacks, and purchased “awards” are the legacy of the departing CEO of the oldest Linux company. ⌘ Read more

GitHub Security Lab audited DataHub: Here’s what they found
The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform’s authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform. ⌘ Read more

What can we do, if the Server suffers from a DDOS attack. Is Port 71 working in this case or is the server down then?

I know someday I will die of a heart attack in 4th quarter of a Vikings game.

The importance of improving supply chain security in open source
We think a lot about a high-profile supply chain attack that might cause developers, teams, and organizations to lose trust in open source. That’s why we’re investing in new ways to protect the open source ecosystem. ⌘ Read more

❤️ 🎶: Divine Attack - Shingeki - by BABYMETAL

Resolve Vulnerabilities Sooner With Contextual Data
OpenSSL 3.0.7 and “Text4Shell” might be the most recent critical vulnerabilities to plague your development team, but they won’t be the last. In 2021, critical vulnerabilities reached a record high. Attackers are even reusing their work, with over 50% of zero-day attacks this year being variants of previously-patched vulnerabilities.  With each new security vulnerability, we’re […] ⌘ Read more

How Lunduke handles conflict, personal attacks, & political differences in the Tech industry
Listen now (51 min) | The Lunduke Journal Podcast - September 7, 2022 ⌘ Read more

New request for comments on improving npm security with Sigstore is now open
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore. ⌘ Read more

Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more

Thanks for the feedback! This site was designed to look perfect on good old 800x600 monitors (I even left a comment next to the meta tag). Maybe I’ll add a mobile-friendly version someday :-) P.S. Nice try with SQL injection, haha. Do you have any plans for XSS attacks? :D

**Apparently, there are still those who they’re able to fool others with the argument “we cannot fight the climate crisis now, because we have to take care of the economy.”

This “economy first” approach is naive: the climate crisis attacks the economy too:

https://www.weforum.org/agenda/2021/06/impact-climate-change-global-gdp/**
Apparently, there are still those who they’re able to fool others with the argument “we cannot fight the climate crisis now, because we have to take care of the economy.”

This “econ … ⌘ Read more

Q: Are passphrases really more secure than cryptographically random passwords? 🤔

I have to wonder… It should be possible to do “passphrase” attacks just like “dictionary” attacks? How is a “phrase” any different to the character set you can type? Sure there are more possible “words” (at least) in the English language, but I’m not convinced.

d65536
⌘ Read more

npm security update: Attack campaign using stolen OAuth tokens
npm’s impact analysis of the attack campaign using stolen OAuth tokens and additional findings. ⌘ Read more

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users. ⌘ Read more