barubary

@barubary@infosec.exchange

Indoor European. I know #regex. I write #code (in #C or #Haskell or #Perl or #JavaScript or #bash).

This profile is from a federated server and may be incomplete. Browse more on the original instance.

isotopp, to random German
@isotopp@chaos.social avatar

https://blog.koehntopp.info/2024/02/13/the-matrix-trashfire.html

In which I try Matrix and Element and can't even manage to sign on, because the Onboarding is a Trashfire of bad UX, a selection of vulnerable servers and a confusion of clients.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

I deleted my toot about Broadcom abandoning VMware ESXi last month as I got fed up of reply guys explaining to me it couldn’t possibly happen.. but anyway, it has happened. https://kb.vmware.com/s/article/2107518?lang=en_US

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

deleted_by_author

josephcox, to random

New from 404 Media: a woman is bringing a class action lawsuit against massive sex toy company Adam and Eve for sharing information about her sex toy searches with Google, including what she added to her cart (“Pink Jelly Slim Dildo”) https://www.404media.co/woman-sues-sex-toy-retailer-adam-and-eve-claiming-it-shared-data-about-her-dildos/

markarayner, to Meme
@markarayner@mas.to avatar

“All of this has happened before. All of this will happen again.”
–Number Six

EU_Commission, (edited ) to random
@EU_Commission@social.network.europa.eu avatar

112 is your life-saving number!

On 11/2, we mark Europe’s single emergency phone number, available everywhere in the EU, free of charge.

How does it work?

🔴 Simply dial 112 from any fixed or mobile phone to reach emergency services like ambulance, fire brigade, or police.
🔴 Specially trained operators will handle your call and can assist in multiple languages.

der_raDDler, to random German
@der_raDDler@dresden.network avatar

Man stelle sich einmal vor, in einem Fall wäre eine Schusswaffe anstelle eines Automobils als Tatwaffe verwendet worden. Wäre folgender Dialog in einer Polizeidienststelle denkbar?

„Auf mich wurde mit einer Schusswaffe geschossen.“

„Wurden Sie getroffen?“

„Nein, die Kugel ging wenige cm an meinem Kopf vorbei.“

„Gibt es einen Sachschaden zu beklagen?“

„Ähm. Nein?“

„Mussten Sie ausweichen?“

„Nein, ich hatte Glück. Der Schütze hat knapp danebengeschossen.“

„Dann ist ja nichts passiert. Einen schönen Tag noch.“

Danke an @chrischmi vom @ADFC für diese treffende Beschreibung des |s!

https://koeln.adfc.de/artikel/das-oeffentliche-interesse-ist-da


sluttymayo, to random
@sluttymayo@jorts.horse avatar

very much in favor of gay marriage because it's good cybersecurity practice*. some people will have two mother's maiden names (good) or no mother's maiden name at all (best; use something more secure) which makes their accounts more difficult to steal via the recovery questions

*among other reasons

waldoj, to random
@waldoj@mastodon.social avatar

CNN blocking the default configuration of Safari is a bold move.

simontatham, to random
@simontatham@hachyderm.io avatar

One of these days I'm going to have to write myself a script that wraps 'gitk' and presents (where appropriate) a message along the lines of

"You have %d gitks open on this directory already, %d of which are minimised or hidden behind stuff. Are you sure you need to open an extra one?"

adactio, to random
@adactio@mastodon.social avatar

When people say “RSS is dead” what they really mean is “we couldn’t figure out a way to monetise RSS.”

🔗 https://adactio.com/notes/20871

JennyList, to Canada
@JennyList@mastodon.social avatar

Back in the 1980s it was comically easy to steal some performance cars. We had an epidemic of car theft.

They didn't criminalise screwdriver ownership, they mandated engine immobilisers on new cars. The epidemic slowed to a trickle.

The solution to built-in security vulnerabilities is to mandate products without them.

Not to ban tools which might exploit them, leaving the vulnerabilities in place and leaving the crooks able to keep stealing.

timlegge, to Perl

@Perl, Published a timeline and write up of the recent module vulnerabilities in parsing spreadsheets.

https://blogs.perl.org/users/timothy_legge/2024/02/vulnerable-perl-spreadsheet-parsing-modules.html

texttheater, to random German
@texttheater@mastodon.social avatar

Was

isotopp, to random German
@isotopp@chaos.social avatar
icing,
@icing@chaos.social avatar

@isotopp PasOps, often better then DevOps. 😌

isotopp, to random German
@isotopp@chaos.social avatar

Wir müssen mal über den Security Software Development Non-Lifecycle reden.

Heute ist nämlich Fortigate Patchday:

https://www.fortiguard.com/psirt/FG-IR-24-029
CVE-2024-23113, CVSSV3 Score 9.8, Unauthorized Code Execution

Und was ist es?
Ein Format String Bug. In 2024.

cstross, to random
@cstross@wandering.shop avatar

UK Government Secretly Shuts Down NHS Pride Programme

Civil servants have told VICE News that UK government officials within the Department of Health and Social Care encouraged NHS bosses to pull the funding of the diversity scheme, as part of a wider pushback against LGBTQ inclusion—and especially trans inclusion programmes.

https://www.vice.com/en/article/ak38ak/uk-government-shuts-down-nhs-lgbtq-diversity-program-rainbow-badge-scheme

c3d2, to random German
@c3d2@c3d2.social avatar

Diesen Sonntag, 11. Februar, findet die alljährliche Gegendemonstration zum Naziaufmarsch um den 13. Februar statt. Die Nazi-Demo um NPD (neuerdings Die Heimat) und JN nimmt die Bombardierung Dresdens vor 79 Jahren als Anlass Geschichtsrevisionismus zu betreiben und dabei die Rolle Dresdens im Dritten Reich und am Holocaust zu relativieren.
Aktuelle Informationen findet ihr im Fediverse bei @ddwiedersetzen und auf dem Instagram und Twitter von Dresden WiEdersetzen und Hope fight racism.

briankrebs, (edited ) to random

Google is too big to fail, and yet they seem to be failing at basic things they used to do well (like search) while removing useful features (like cache) and adding a bunch of crap nobody needs or wants.

Want to know if a given domain name shows up anywhere in search? Well screw you, we're not going to tell you that anymore, but here's 1,400 completely useless and irrelevant results that could possibly have some info (but don't). When the search engine could have done what it's done for years, and admit that it doesn't know WTF you're talking about and say "no results found." Now it just makes shit up if it doesn't know the answer.

Hey cool! My search result shows the term I was looking for is present on 7 websites. Shoot! None of them are online anymore. How about showing us your cached version of the site, you know the one that was used to create this search result? Oh wait, no, you can't see that anymore. Why? Here's Danny Sullivan's dismissive and mystifying explanation: "“It was meant for helping people access pages when way back, you often couldn’t depend on a page loading,” Sullivan wrote on X. “These days, things have greatly improved. So, it was decided to retire it.”

Want software? Great, Google will serve a malicious ad on top that looks a lot like an organic search result but which is paid for by scammers and installs malware.

poofbirb, to random
@poofbirb@kolektiva.social avatar

accidentally pushed a hello world app called PISS to the gce infrastructure at my old company where I haven't been employed in over a year

randahl, to random
@randahl@mastodon.social avatar

Screen shot from an actual campaign video, from MAGA Republican candidate for Missouri Valentina Gomez, in which she promises:

“When I’m Secretary of State, I will 🔥BURN🔥all books that are grooming, indoctrinating, and sexualizing our children. MAGA. America First🇺🇸”

I remember when the Nazis burned books. I also remember what they burned next.

samir, to random
@samir@functional.computer avatar

You know it's web scale when your tarball is base64-encoded and embedded in a JSON string.

DreadShips, to random
@DreadShips@mastodon.me.uk avatar

Rishi Sunak's position appears to be that it's disgusting to claim he would be transphobic about a dead girl when there's so many live ones to be bigoted about.

Absolute fucking hateful wanker.

haschrebellen, to random
@haschrebellen@kolektiva.social avatar

😎

GossiTheDog, (edited ) to random
@GossiTheDog@cyberplace.social avatar

The three million toothbrush botnet story isn’t true.

Here’s the original source of the story: https://archive.is/2024.01.30-203406/https://www.luzernerzeitung.ch/wirtschaft/kriminalitaet-die-zahnbuersten-greifen-an-das-sind-die-aktuellen-cybergefahren-und-so-koennen-sie-sich-schuetzen-ld.2569480

It’s simply a made up example. It doesn’t exist. It starts talking about NoName Ddosia, too, which also isn’t toothbrushes.

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

The newspaper that had the first article about the Fortigate toothbrush botnet have updated the story and doubled down:

“The article originally said that the case "really happened like that."
This information came from the company Fortinet, which had described the case as real in the interview and proofread the article before publication. Fortinet is now correcting this statement and calling it a "hypothetical scenario". https://www.luzernerzeitung.ch/wirtschaft/kriminalitaet-die-zahnbuersten-greifen-an-das-sind-die-aktuellen-cybergefahren-und-so-koennen-sie-sich-schuetzen-ld.2569480

Private
GossiTheDog,
@GossiTheDog@cyberplace.social avatar

The cat is bagless - there is another Ivanti Pulse Secure zero day vuln. Ivanti say they have no evidence of exploitation, but they might want to follow me on Mastodon. It’s in SAML. https://www.bleepingcomputer.com/news/security/ivanti-patch-new-connect-secure-auth-bypass-bug-immediately/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • GTA5RPClips
  • magazineikmin
  • thenastyranch
  • Durango
  • Youngstown
  • ngwrru68w68
  • rosin
  • slotface
  • everett
  • InstantRegret
  • osvaldo12
  • provamag3
  • khanakhh
  • cisconetworking
  • normalnudes
  • tacticalgear
  • mdbf
  • modclub
  • ethstaker
  • cubers
  • Leos
  • anitta
  • megavids
  • tester
  • lostlight
  • All magazines
    •