UN, WHO & Mila Map the AI vs COVID-19 Battlefield by Maruko in TechSec

[–]x0x7 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

If we use AI as a central intelligence to craft policy to minimize the spread of coronavirus, it will have to form policies that harm humans in some dimension. What if it then figured out that if there are no humans there will be no coronavirus, or at least if there were fewer. Then it directed policies designed to kill humans that we believed were reasonable, like lock-in orders, that would starve us economically and lead to the deaths needed to stop corona virus spread.

Don't lose your privacy with Utopia p2p by Hrusk in TechSec

[–]pastnowtomorrow 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

definitely agree. everyone needs advanced protection for their info

CIA is not omnipotent anymore :) by Hrusk in TechSec

[–]Oppossum 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

If such app really exists,it will be interesting to use. As I've never met anything REALLY secured.

Samsung: Anyone's thumbprint can unlock S10 phone by Mnemonic in TechSec

[–]Mnemonic[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Exactly, the thumbprint is easier to 'hack'/'crack' than any sufficient password.

Samsung: Anyone's thumbprint can unlock S10 phone by Mnemonic in TechSec

[–]felisc 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Anyone using a thumbprint to unlock their phone doesn't actually care about security anyway

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts by Mnemonic in TechSec

[–]Ian 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Soon I'd rather walk and swim than fly...

You Might Want to Uninstall VLC. Immediately. by Mnemonic in TechSec

[–]OmegaUser296 7 insightful - 2 fun7 insightful - 1 fun8 insightful - 2 fun -  (0 children)

[Update 8:35 AM] Based on a tweet by VideoLAN, VLC may not be as vulnerable as it initially appeared. VideoLAN says the “security issue” in VLC was caused by a third-party library called Libebml that was fixed 16 months ago, and that Mitre’s claim was based on a previous (and outdated) version of VLC.

[Update 10:30 AM] The VLC CVE on the National Vulnerability Database has now been updated, downgrading the severity of the issue from a Base Score of 9.8 (critical) to 5.5 (medium), with the change log also specifying that the “Victim must voluntarily interact with attack mechanism.”

You Might Want to Uninstall VLC. Immediately. by Mnemonic in TechSec

[–]fred_red_beans 7 insightful - 2 fun7 insightful - 1 fun8 insightful - 2 fun -  (0 children)

Sadly, that means while people are waiting for a fix, your only recourse to protect yourself from the flaw is to uninstall VLC

or just not run it, there's no background process

You Might Want to Uninstall VLC. Immediately. by Mnemonic in TechSec

[–]solder0 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

D: Wut!

British Airways Faces Record-breaking GDPR Fine [£183 Million] after Data Breach by BackwardsCompatible in TechSec

[–]magnora7 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Oof. Yet another reason for desiring Brexit for them, I imagine.

Mozilla Patches Firefox Zero-day Abused in the Wild by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

That was an accident, sorry. Thank you for pointing it out.

Mozilla Patches Firefox Zero-day Abused in the Wild by BackwardsCompatible in TechSec

[–]HanakoIsBestGirl 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Firefox's Enhanced Tracking Protection whitelists Google, Instagram... and Winamp? ~ Bryan Lunduke - [ If you haven't been paying attention, Firefox has been compromised. ] by JasonCarswell in TechSec

[–]JasonCarswell[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I think it was /u/sawboss who was asking where FireFox sold out.

FINALLY THE SCAM RIPENS!!!

That's how Android started - free. Now if you want all the "good" features you have to buy into Google.

The "free" FireFox will become shitty and abandoned. Unless deviants resurrect it like old Reddit code.

Firefox's Enhanced Tracking Protection whitelists Google, Instagram... and Winamp? ~ Bryan Lunduke - [ If you haven't been paying attention, Firefox has been compromised. ] by JasonCarswell in TechSec

[–]d3rr 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Tricky bastards. It's totally misleading to show a privacy shield but not to do it for preferred partners. On a page with google and other trackers, the shield will show and you will think everything is blocked, but it was just the other trackers that got blocked.

Firefox's Enhanced Tracking Protection whitelists Google, Instagram... and Winamp? ~ Bryan Lunduke - [ If you haven't been paying attention, Firefox has been compromised. ] by JasonCarswell in TechSec

[–]JasonCarswell[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

It goes back decades. For one, a couple years ago, after v56 their grand overhaul was complete shit, conforming to Google - in large part because Google has admitted infiltrating and holding back the open source Mozilla projects.

This video is just the last example of many.

Firefox's Enhanced Tracking Protection whitelists Google, Instagram... and Winamp? ~ Bryan Lunduke - [ If you haven't been paying attention, Firefox has been compromised. ] by JasonCarswell in TechSec

[–]sawboss 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Please explain your claim that "Firefox has been compromised".

Google Just Gave 2 Billion Chrome Users A Reason To Switch To Firefox | Ad Blocker Restriction by BackwardsCompatible in TechSec

[–]HanakoIsBestGirl 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

And almost all of those users decided that actually putting in the effort to download a different browser was too much for them.

Google Just Gave 2 Billion Chrome Users A Reason To Switch To Firefox | Ad Blocker Restriction by BackwardsCompatible in TechSec

[–]NoobSter 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

With net un-neutrality it will be so expensive to have a fast loading website that only big corps will be able to afford fast loading websites. So 1996 is not far away from us.

Google Just Gave 2 Billion Chrome Users A Reason To Switch To Firefox | Ad Blocker Restriction by BackwardsCompatible in TechSec

[–]NoobSter 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (0 children)

The problem with this is that Google will soon end controlling most of the online content and therefore block other browsers and leverage its position as the ranking authority to encourage most websites to implement its blocking techniques. Soon with a browser different from Chrome you will only be able to surf small websites and combined with the net un-neutrality they will load super slow.

Google Just Gave 2 Billion Chrome Users A Reason To Switch To Firefox | Ad Blocker Restriction by BackwardsCompatible in TechSec

[–]sodasplash 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

I used chrome the other day for like five minutes for the first time ever.

Google Just Gave 2 Billion Chrome Users A Reason To Switch To Firefox | Ad Blocker Restriction by BackwardsCompatible in TechSec

[–][deleted] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

I recently deleted firefox since they deleted all their apps from the store. Firefox can fuck itself, I am using Vivaldi now.

Google Just Gave 2 Billion Chrome Users A Reason To Switch To Firefox | Ad Blocker Restriction by BackwardsCompatible in TechSec

[–]yetanotherone_sigh 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Next for me: pihole.

Google Just Gave 2 Billion Chrome Users A Reason To Switch To Firefox | Ad Blocker Restriction by BackwardsCompatible in TechSec

[–]Snow 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I predicted they will remove the ublock from Chrome Store.

Google Just Gave 2 Billion Chrome Users A Reason To Switch To Firefox | Ad Blocker Restriction by BackwardsCompatible in TechSec

[–]FormosaOolong 8 insightful - 2 fun8 insightful - 1 fun9 insightful - 2 fun -  (0 children)

Really getting sick of the corporate control freaks.

At this point I'd gladly go back to Web 1 circa 1996 even if I had to listen to that modem screech and wait three minutes for my page to load.

Google Just Gave 2 Billion Chrome Users A Reason To Switch To Firefox | Ad Blocker Restriction by BackwardsCompatible in TechSec

[–]InsultingCow 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Goodbye Chrome!

Israel Tech Takeover - playlist by/of Know More News by JasonCarswell in TechSec

[–]JasonCarswell[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

The best quality images the better. Hirez or SVGs or HQ video. Finding them is not always as easy as you'd think. If they aren't great off the bat there are creative ways to make them better or just re-doing them. Animation with good timing and some kind of unifying design aesthetic a would also make them professional.

Sound engineering is a whole other ball of wax. If we really did this then it might be worth re-writing and asking him to re-record it for a consistent unified sound.

If you're serious about this I would actually cut it down to 10-13 min. Apparently that's the ideal YouTube video length. I don't know what metrics they used to determine that. I think it also applies to ads which are not a concern to me. It may relate to attention span, content value, etc. I'd rather pack it in than bloat it out.

If we did this, it could be the beginning of /s/SaidItMedia which may lead to /s/SaidItWeekly, /s/SaidItMonthly, /s/SaidItPodcast, or /s/SaidItTV. IMO this compact docu-short would be more ambitious as a one off vs my ideas for a very limited-animation news reader series. I see no reason why /s/SaidItMedia shouldn't be a project to be open-managed under the /s/GlossedAndProfound thing.

I'm not interested in making a bunch of slap dash videos. I'm not against them, but I'd rather make one great video that gets a million views over 20 videos each with a thousand views. I aim for quality over quantity.

Also, there'd be the great opportunity to add promotional stuff in the end credits - like ads, but could be for ideas or resources without charge. ie. promote SaidIt.net.

It's no small thing. Sourcing and writing is as big a project as compiling and designing the rest.

It's better with a team for motivation, inspiration, cooperation, and building toward a common goal. Going it alone is less fun.

Israel Tech Takeover - playlist by/of Know More News by JasonCarswell in TechSec

[–]d3rr 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

That's an epic offer man, thanks. What kind of imagery did you have in mind? Showing his source images/material but full screen? I guess it's gotta pop somehow or it's just cliff notes.

Israel Tech Takeover - playlist by/of Know More News by JasonCarswell in TechSec

[–]JasonCarswell[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

With better sound and graphics too.

If you log the time code, source the images, etc. write it up how you want it. I'll assemble it for you with style.

Israel Tech Takeover - playlist by/of Know More News by JasonCarswell in TechSec

[–]d3rr 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I bet we could re-cut that whole playlist into 20 minutes of pure ass kicking terror. Not that any of us need more projects :/

Cory Doctorow: Big Tech, EU Copyright Directive, & the Chinafication of the Internet ~ Geopolitics & Empire - [ Cory is one of my heroes. More details in comments. ] by JasonCarswell in TechSec

[–]JasonCarswell[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

The first time I saw it, Cory gave a lecture wearing a t-shirt with this image. It's so brilliant I wish I'd made it, so I had to find it, called "The Dark Side Of The Money". It's been my desktop for years and is now the banner for /s/TrutherTop20s.

I'm attracted to Cory's discussion on copyright activism, etc.

Admittedly I have never read any of his sci-fi novels. In fact I haven't read any sci-fi for a couple decades. I still have unread Neil Stephenson and William Gibson c.2004, never mind all the current stuff.

I've had /s/CopyrightActivism on my wish list of subs to create for ages. Unfortunately there's not much of a discussion out there, much less any demand for it on SaidIt. Meanwhile it's one of the powerful ways the corporatocracy maintains its stranglehold over information and content.

Cory Doctorow: Big Tech, EU Copyright Directive, & the Chinafication of the Internet ~ Geopolitics & Empire - [ Cory is one of my heroes. More details in comments. ] by JasonCarswell in TechSec

[–]JasonCarswell[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Show notes:


Cory Doctorow discusses the oligarchic or monopoly power amassed by Big Tech (e.g. Facebook, Google, Amazon), their business model of surveillance capitalism, the need for anti-trust reform, the futility of using alternative systems, the EU Copyright Directive, and the Chinafication of the internet. He also discusses his fascinating science fiction work.

Support/Donate to Geopolitics & Empire:

Websites

About the Guest

Cory Doctorow (craphound.com) is a science fiction novelist, blogger and technology activist. He is the co-editor of the popular weblog Boing Boing (boingboing.net), and a contributor to many magazines, websites and newspapers. He is a special consultant to the Electronic Frontier Foundation (eff.org), a non-profit civil liberties group that defends freedom in technology law, policy, standards and treaties. He holds an honorary doctorate in computer science from the Open University (UK), where he is a Visiting Professor; he is also a MIT Media Lab Research Affiliate and a Visiting Professor of Practice at the University of South Carolina’s School of Library and Information Science. In 2007, he served as the Fulbright Chair at the Annenberg Center for Public Diplomacy at the University of Southern California.

His novels have been translated into dozens of languages and are published by Tor Books, Head of Zeus (UK), Titan Books (UK) and HarperCollins (UK). He has won the Locus, Prometheus, Copper Cylinder, White Pine and Sunburst Awards, and been nominated for the Hugo, Nebula and British Science Fiction Awards.

His recent books include RADICALIZED (2019) and WALKAWAY (2017), science fiction for adults; IN REAL LIFE, a young adult graphic novel created with Jen Wang (2014); and INFORMATION DOESN’T WANT TO BE FREE, a business book about creativity in the Internet age (2014).

His latest young adult novel is HOMELAND, the bestselling sequel to 2008’s LITTLE BROTHER. His New York Times Bestseller LITTLE BROTHER was published in 2008. His latest short story collection is WITH A LITTLE HELP, available in paperback, ebook, audiobook and limited edition hardcover. In 2011, Tachyon Books published a collection of his essays, called CONTEXT: FURTHER SELECTED ESSAYS ON PRODUCTIVITY, CREATIVITY, PARENTING, AND POLITICS IN THE 21ST CENTURY (with an introduction by Tim O’Reilly) and IDW published a collection of comic books inspired by his short fiction called CORY DOCTOROW’S FUTURISTIC TALES OF THE HERE AND NOW. THE GREAT BIG BEAUTIFUL TOMORROW, a PM Press Outspoken Authors chapbook, was also published in 2011.

LITTLE BROTHER was nominated for the 2008 Hugo, Nebula, Sunburst and Locus Awards. It won the Ontario Library White Pine Award, the Prometheus Award as well as the Indienet Award for bestselling young adult novel in America’s top 1000 independent bookstores in 2008; it was the San Francisco Public Library’s One City/One Book choice for 2013. It has also been adapted for stage by Josh Costello.

He co-founded the open source peer-to-peer software company OpenCola, and serves on the boards and advisory boards of the Participatory Culture Foundation, the Clarion Foundation, the Open Technology Fund and the Metabrainz Foundation.

Podcast intro music is from the song "The Queens Jig" by "Musicke & Mirth" from their album "Music for Two Lyra Viols": http://musicke-mirth.de/en/recordings.html (available on iTunes or Amazon)


Amazon in line to get £300M contract to store your biometric data ~ Gordon Dimmack by JasonCarswell in TechSec

[–]BackwardsCompatible 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

They fined and arrested people over a TRIAL? I wouldn't want my face recorded either. Also what if I'm wearing a scarf cause it's cold? I guess anyone hiding their face is up to no good now. /s

I hate how this whole facial recognition thing is slowly spreading. China, airports, and so on. They will all probably claim "it's public space" but that shouldn't give them the right to tell us we cant hide our faces.

Epic Games Allegedly Sent a Player's Personal GDPR Data to a 'Random p Person' by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Rip, title typo. Sorry.

At Least 186 EU ISPs Use Deep-Packet Inspection to Shape Traffic, Break Net Neutrality by BackwardsCompatible in TechSec

[–]wizzwizz4 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Told you. Net neutrality no longer being enforced in the US affects the whole of the world. I really hope they don't get the EU to change the regulation ISPs do it here, too.

Obligatory "you don't need ISPs if they're going to do shit like this".

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]HeyImSancho 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

But dissenter, and gab, they're the evil!!! Mistake, or not, they knew, and concealed this; it's simple treachery for a buck, or worse.

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]happysmash27 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Windows Server 2003, not Windows 98, which has a significantly different core OS.

WhatsApp Discovers Surveillance Attack by BackwardsCompatible in TechSec

[–]Arkansas 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

our greatest ally

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]ikidd 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Damn that works pretty well.

There's also ReactOS which is Win98 reverse engineered and coded from scratch.

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Yes! And if we get lonely but don't want to put in the effort, there's always https://www.windows93.net/

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]ikidd 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]Optimus85 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

This is why an open-source/open-architecture CPU seems more and more like a viable alternative: https://www.youtube.com/watch?v=L8jqGOgCy5M

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]magnora7 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

I think you are almost certainly correct. It's probably part of that $60 billion per year additional "black budget" the CIA gets that no one gets to know anything about.

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]zyxzevn 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

I think that Intel and AMD will have gotten quite a donation for backdooring all PCs. But we will probably not really know, until it is too late.

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]wizzwizz4 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

That article makes the claim:

  • A system that makes sure Intel's the only person allowed to write code for the IME allows Intel to write code that's accepted by the IME…
  • Therefore, Intel's allowed the NSA to write backdoors that are then given the Intel seal of approval and allowed on the IME.

This is faulty logic. Yes, the whole malware-prevention system is flawed if Intel releases IME software containing a backdoor (as they kind of accidentally did, by releasing buggy IME software without providing a way to invalidate that seal of approval, so an updated less-buggy IME system can just be replaced with the buggy one and then exploited as usual – which is only an issue if the attacker has IME-flashing ability, but is still a larger attack surface than strictly necessary) but that doesn't mean they're deliberately introducing backdoors into IME-signed code.

I think Intel should be making IME-free processors or making the code more open, but you're already trusting Intel when you buy their chips and install their microcode patches.

What I'd really like is if there was some mechanism like this:

  • You include a ROM chip (yes, ROM!) at a certain address space containing data like "I hereby trust /u/wizzwizz4 with the power to write to my IME".
  • You give Intel my public key and that data.
  • Intel gives you a certificate that links my public key and that data in such a way that my public key is only accepted if the ROM space contains that data.
  • I can then compile and sign IME code that, when provided in tandem with Intel's certificate, is accepted by the IME system.
  • (optional) Either Intel's certificate or my certificate is locked to a specific period of time according to the BIOS clock. This is the easy way to invalidate buggy code (wait until the certificate expires, then code signed with it isn't accepted any more) but since the clock isn't trusted it's also pretty much just smoke and mirrors.
  • (almost mandatory) The code that checks / loads the IME code is open source and the result of a deterministic compilation process (i.e. can be recompiled to produce a byte-for-byte identical result). This should be stored on ROM, not EEPROM, since nothing's checking to make sure it isn't overwritten.

This allows anyone to write code for the IME system in their device (so Puri.sm could just include an extra ROM chip and write their own IME code, then release updates to that IME system when bugs are found without having to go through Intel) without making it insecure.

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]magnora7 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Good points, but I think it was intentional. https://www.eteknix.com/nsa-may-backdoors-built-intel-amd-processors/

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]wizzwizz4 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

This isn't a backdoor, though. (And if you're talking about IME, it probably isn't intended to be a backdoor (despite being able to easily function as one) and there are several ways to mostly disable it. Still pretty rubbish, though.)

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]magnora7 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (0 children)

After finding out they deliberately built backdoors in to all intel processors a couple years ago, I find it hard to care anymore about Intel's CPU security. They've obviously built it to be backdoored in the deepest ways possible, so how can I expect to be secure? I can't.

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–][deleted] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

XP is best XD

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]BackwardsCompatible 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Not only this, but businesses on legacy systems in general. My previous job had to stick with XP and Windows 7 due to the software and hardware restrictions of their legacy system. It was terrible.

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]Mnemonic[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Microsoft is still raking in millions from goverments all over the world to keep it patched because 'muh missle systems and stuff' run on it.

Not to mention systems life elevators, security cameras, audiorecording studios and what not that was 'super high-tech' back in the XP days, but way to costly to 'upgrade' with every windows iteration.

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]d3rr 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

XP lives!

WhatsApp Discovers Surveillance Attack by BackwardsCompatible in TechSec

[–]d3rr 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Who is behind the software? The NSO Group is an Israeli company that has been referred to in the past as a "cyber-arms dealer".

Google Will Now Let You Automatically Delete Location and Activity History by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Agree, data is worth far too much money overall for the big corps to be passing on.

Google Will Now Let You Automatically Delete Location and Activity History by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Too much money behind it for them to really delete imo.

Google Will Now Let You Automatically Delete Location and Activity History by BackwardsCompatible in TechSec

[–]IdleHands 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

I have no trust in Google actuality deleting the data.

Google Will Now Let You Automatically Delete Location and Activity History by BackwardsCompatible in TechSec

[–]Timmy 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

For some reason this seems to be either a cost savings move for Google, or misdirection where the data will simply be moved elsewhere before being deleted.

Update Regarding Add-ons in Firefox by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Samuel Vuorela wrote on May 4, 2019 at 9:20 am:

Why not just post a link to the fix that can be installed WITHOUT enabling Studies? This sounds like a clever plan to get more people to share their data via Studies…

The fix in question can be installed by clicking this link [1]. It’s signed by Mozilla.

Thanks to user gpm at Hacker News, who posted this tip [2].

[1] https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi [2] https://news.ycombinator.com/item?id=19826903

Firefox Add-Ons Legacy Disabling by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

That's what happened to me. Was just surfing and... Poof. And then my salt rose lol

Mozilla Will Block Firefox Add-Ons That Contain Obfuscated Code - by BackwardsCompatible in TechSec

[–]Intuit 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

the company explained its decision by noting that over 70% of malicious and policy violating extensions that they block from Chrome Web Store contain obfuscated code.

It's flawed to think that therefore blocking obfuscated code will stop 70% of malicious and policy-violating extensions. Initially it will, of course, but those will be modified to pass as non-obfuscated code.

Firefox Add-Ons Legacy Disabling by BackwardsCompatible in TechSec

[–]d3rr 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I just rolled over to midnight and got it too, ouch. Pretty embarrassing bug. I didn't even close my browser so I guess it's just always phoning home to check on my extensions? Not good.

Mozilla Will Block Firefox Add-Ons That Contain Obfuscated Code - by BackwardsCompatible in TechSec

[–]m68k 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Seems as of now, Firefox is already killing (deleting in my case) addons. At least I can fallback to Seamonkey. :P

Firefox Add-Ons Legacy Disabling by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

RIP all my Add-Ons went down over an hour ago cause of this.

Mozilla Will Block Firefox Add-Ons That Contain Obfuscated Code - by BackwardsCompatible in TechSec

[–]Orangutan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Figures they'd do it on a Friday.

Mozilla Will Block Firefox Add-Ons That Contain Obfuscated Code - by BackwardsCompatible in TechSec

[–]cant_even 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Google said:

the company explained its decision by noting that over 70% of malicious and policy violating extensions that they block from Chrome Web Store contain obfuscated code.

...and Mozilla agreed.

That's good enough for me.

My crappy connection delays me more than any millisecond-faster 'execution time' could make up for.

Mozilla Will Block Firefox Add-Ons That Contain Obfuscated Code - by BackwardsCompatible in TechSec

[–]Yhvr 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Oh no, what will we ever do? cough https://beautifier.io/ cough

I mean, you can only prettify code so much. In the process of obfuscation, things like comments and variable names are lost. There are also some pros to obfuscation, like faster execution time (sometimes), and smaller files. I don't see why they should be against this

After Account Hacks, Twitch Streamers Take Security Into Their Own Hands by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

It's basically account stuffing. A large chunk of the stolen information came from the Town of Salem breach. Attackers used that login information on twitch and other platforms to get access.

https://www.bleepingcomputer.com/news/security/27-percent-of-passwords-from-town-of-salem-breach-already-cracked/

To check if your email was comprised anywhere.

https://haveibeenpwned.com

Let me know if this is what you are looking for.

Fake Jason Statham Bilks a Fan Out of Serious Money [Social Engineering] by BackwardsCompatible in TechSec

[–]hennaojisan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

A fool and his money were lucky to get together in the first place.

After Account Hacks, Twitch Streamers Take Security Into Their Own Hands by BackwardsCompatible in TechSec

[–]AschTheConjurer 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

I was curious as to why I got an email about my defunct twitch account being logged in.

Does OP have a link to the original story about the hacks?

After Account Hacks, Twitch Streamers Take Security Into Their Own Hands by BackwardsCompatible in TechSec

[–]sawboss 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

One way to deal with this is when a streamer wants to connect their game have Twitch generate a cryptographic nonce. The player will then enter the nonce into the game client which uses that to establish the connection. The nonce should only grant limited access to the account, and certainly not the privilege of changing the player's Twitch password. In this way the game client only has access to limited portions of the account during each session.

Pros & Cons of Privacy and Security Solutions by Secushare by Divine_Lotus in TechSec

[–]BackwardsCompatible 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Interesting. I read the portion about messaging applications as I have had some issues with Telegram and have not been happy with it. It has been going down hill fast IMO and it just doesn't feel secure. Will be looking into Briar.

Fake Jason Statham Bilks a Fan Out of Serious Money [Social Engineering] by BackwardsCompatible in TechSec

[–]Administrator 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

A fool and his money are soon parted.

Netflix Content Compromised in Widevine DRM Hack by BackwardsCompatible in TechSec

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Why even use Netflix? I really don't understand! You could easily stream pretty much any paid show easily on every modern platform in 4k :/

Netflix Content Compromised in Widevine DRM Hack by BackwardsCompatible in TechSec

[–]happysmash27 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Some mobile devices also block HD streams because of wireless carrier restrictions.

The article linked seems to say that they don't support DRM HD streaming due to licensing restrictions, not that the devices purposefully block the streams.

Security Flaws in P2P [iLnkP2P] Leave IoT Devices Vulnerable by BackwardsCompatible in TechSec

[–]MadDogMcree 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Wireless was never secure. IoT is for noobs who think using the same backbone will result in lower latency, and using higher frequency would result in better coverage. The coverage will be like your 5ghz router that cuts out when you go in another room and switches to 2.4, except worse. The latency the same, b/c it's literally just a wifi router stuck on a pole.

DNS Over HTTPS is Coming Whether ISPs and Governments Like It or Not by BackwardsCompatible in TechSec

[–]Mitutoyo 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Certificate? I have Linux so I own my computer for the most part. Just need to me cleaner. And the rest is down to me doing things right

GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

New Facebook Messenger Malware [NSFD] [Awareness] by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

There are tons of scammers on Facebook too. It's honestly crazy on there.

New Facebook Messenger Malware [NSFD] [Awareness] by BackwardsCompatible in TechSec

[–]HanakoIsBestGirl 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I didn't know it was possible to make a Facebook product more malicious.

DNS Over HTTPS is Coming Whether ISPs and Governments Like It or Not by BackwardsCompatible in TechSec

[–]wizzwizz4 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Remember: still flawed if you have an untrusted root cert on your machine.

DNS Over HTTPS is Coming Whether ISPs and Governments Like It or Not by BackwardsCompatible in TechSec

[–]Rowan 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Bookmarked for later reading.

Adblock Plus Exploit Allows Threat Actors to Read Gmail and Other Google Services | SC Media by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I used to use ABP a lot. I didn't switch personally due to any security issues overall, but I started to notice some sites getting around their ad block. I've had ublock since.

Adblock Plus Exploit Allows Threat Actors to Read Gmail and Other Google Services | SC Media by BackwardsCompatible in TechSec

[–]fred_red_beans 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

I have been using adblock plus and have found it to be effective. I have not tried the other options mentioned in this post though.

Adblock Plus says the threat was minimal in the first place, and has removed the rewrite option:

Vulnerability? Fixed!

Potential vulnerability through the URL rewrite filter option

Facebook Still Tracks You After You Deactivate Account by BackwardsCompatible in TechSec

[–]PM-HENTAI 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Adblock Plus Exploit Allows Threat Actors to Read Gmail and Other Google Services | SC Media by BackwardsCompatible in TechSec

[–]Yhvr 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Brave Shield, UBlock Origin, Ghostery, & DuckDuckGo Privacy Tools gang

Adblock Plus Exploit Allows Threat Actors to Read Gmail and Other Google Services | SC Media by BackwardsCompatible in TechSec

[–]bobbobbybob 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Ublock origin, nano defender, inline install blocker, no coin and disable html 5 autoplay works 4 me. Adblock has been dodgy for a long time

Facebook Still Tracks You After You Deactivate Account by BackwardsCompatible in TechSec

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

there'd better not be. if there is it's a bug that should be reported.

Facebook Still Tracks You After You Deactivate Account by BackwardsCompatible in TechSec

[–]Jesus 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Can not seem to find it in code? What does BRave say?

Facebook Still Tracks You After You Deactivate Account by BackwardsCompatible in TechSec

[–]PM-HENTAI 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Brave Shields says there is a google analytics tracker on this site that has been blocked

Facebook Still Tracks You After You Deactivate Account by BackwardsCompatible in TechSec

[–]PM-HENTAI 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

On Computing Forever downgrading to a dumbphone (Nokia 3310) is a thing that was discussed, seems like a good idea to remove the distraction of the phone apart from the whole privacy thing

Adblock Plus Exploit Allows Threat Actors to Read Gmail and Other Google Services | SC Media by BackwardsCompatible in TechSec

[–]PM-HENTAI 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

You would also deserve it for using adblock plus, which is much weaker than ublock or brave shields (popups mainly) and allows some ads through. Google at least has some useful services (which I need for school) but using adblock plus over actual blockers is asking for trouble

Adblock Plus Exploit Allows Threat Actors to Read Gmail and Other Google Services | SC Media by BackwardsCompatible in TechSec

[–]PM-HENTAI 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Brave Shields gang

Adblock Plus Exploit Allows Threat Actors to Read Gmail and Other Google Services | SC Media by BackwardsCompatible in TechSec

[–]Snow 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Didn't use Adblock plus since it allows a part of ads by default.

Adblock Plus Exploit Allows Threat Actors to Read Gmail and Other Google Services | SC Media by BackwardsCompatible in TechSec

[–]Yhvr 6 insightful - 2 fun6 insightful - 1 fun7 insightful - 2 fun -  (0 children)

ublock origin gang

Adblock Plus Exploit Allows Threat Actors to Read Gmail and Other Google Services | SC Media by BackwardsCompatible in TechSec

[–]Tom_Bombadil 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Adblock Plus Hackkey

Adblock Plus Exploit Allows Threat Actors to Read Gmail and Other Google Services | SC Media by BackwardsCompatible in TechSec

[–]useless_aether 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (0 children)

to everyone still using google services: you asked for it

Former Student Destroys 59 University Computers Using USB Killer Device by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Sometimes people have motives, other times just for fun.

Former Student Destroys 59 University Computers Using USB Killer Device by BackwardsCompatible in TechSec

[–]kazenmusic 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I've never understood vandalism...or the vandals. Why? I don't get it.