neurovagrant

neurovagrant, 9 months ago to random

Just saw someone advocating progressive movements organize on the Fediverse.

BE VERY VERY CAREFUL ABOUT SAYING STUFF LIKE THIS.

-Most fediverse tie-ins are not architected to protect you. For instance, Mastodon Direct Messages are not encrypted and admins can access them.

-Most instances are hosted by ordinary people who don't have the time, knowledge, or resources to fight subpoenas in either criminal or civil actions.

Meet here. Support each other. Cheer each other on. Show solidarity, and elevate and amplify each other.

Organize in much more restricted environments, like end-to-end encrypted messengers like Signal.

neurovagrant, 10 months ago to random

Every Mastodon instance should have its own sea shanty.

neurovagrant, 6 months ago to random

this one hurt

neurovagrant, 9 months ago to random

One of the hardest lessons I’ve had to learn, but it changed everything.

neurovagrant, 2 months ago to random

Just saw a commercial so it reminds me to say: never use Grammarly, tell your friends not to use Grammarly, hide yo kids, hide yo wife, Grammarly is bad news.

Their data policies are and always have been atrocious, and they should be blocked with all due haste in every corporate environment.

neurovagrant, 4 months ago to random

the copilot key

THE COPILOT KEY

i hate everything.

https://arstechnica.com/gadgets/2024/01/ai-comes-for-your-pcs-keyboard-as-microsoft-adds-dedicated-copilot-key/

neurovagrant, 4 months ago to random

Watching scifi movies and seeing a character ask an AI to do or evaluate something hits different now.

I'm watching Alien: Covenant and the pilot just asked the spaceship AI how close they could get to the storm in the planet's atmosphere.

The AI answered 80 kilometres, which I assume at this point is a confidently wrong answer, probably pulled from an unattributed blogpost systems away about a different ship, different atmosphere, and different storm.

neurovagrant, 3 months ago (edited 3 months ago) to random

just sayin’

(US number, fyi)

neurovagrant, 3 days ago to random

well

time to start learning about RFID so I can add the digital ghosts of a bunch of random shit to my car for when it gets read

https://archive.is/bYszD

neurovagrant, 10 months ago to random

I love how cleverly this uses glitch text to represent the experience of Auditory Processing Disorder, something I struggle with (often comorbid with other neurodivergences like autism and ADHD).

neurovagrant, 1 year ago to random

I apologize in advance.

neurovagrant, 8 months ago to random

This story by @josephcox to kick off 404Media is a barn-burner.

Bad actors are using false identities or compromised credentials to maintain persistent access to credit reporting data and automating its sale with bots to the tune of $15 per.

Address history, cellphone details, driver's license details, relatives and other sensitive data.

https://www.404media.co/the-secret-weapon-hackers-can-use-to-dox-nearly-anyone-in-america-for-15-tlo-usinfosearch-transunion/

neurovagrant, 1 year ago to random

So, hey, asking for a friend, but has anyone written stuff about caring for aging parents from the perspective of a neurodiverse son/daughter/enby?

(it me. the friend is me.)

#neurodiversity #actuallyautistic

neurovagrant, 11 months ago to random

Nah, Bluesky is not the move.

Between their explicit refusal to consider accessibility and the fact that Jack just began actively promoting anti-vaccine conspiracy theorist RFK Jr, who spouts misinformation daily.

https://thehill.com/homenews/campaign/4034584-ex-twitter-leader-jack-dorsey-endorses-rfk-jr-for-president/

neurovagrant, 11 months ago to random

ah, good, Windows is forcing an integrated AI "assistant" into Win11.

As I've said recently, more and more, Microsoft is forcing me into the arms of Apple.

https://blogs.windows.com/windowsdeveloper/2023/05/23/bringing-the-power-of-ai-to-windows-11-unlocking-a-new-era-of-productivity-for-customers-and-developers-with-windows-copilot-and-dev-home/

neurovagrant, 1 month ago to random

"Fresno High is the latest school in the district to roll out the 5 Star Students app to regulate student trips outside classrooms during instructional periods. Students are limited to two seven-minute bathroom breaks during the day, and the app keeps track of the time they spend outside of classrooms."

imma tell you what, this kind of bullshit data-aggregation surveillance on children should never be normalized.

https://www.fresnobee.com/news/local/education-lab/article286882795.html?te=1&nl=california-today&emc=edit_ca_20240322

neurovagrant, 3 months ago to random

Can anyone tell me what kind of tree this is?

I need to know in case I'm ever able to buy a house and land, because I am absofuckinglutely cultivating a tree like this for my crow friends.

neurovagrant, 1 month ago to random

Sure we've got influencers, but really central to infosec community cohesion is the shitposters. I worry that emerging infosec students aren't told about the importance of our shitposters. We need a list for them.

Maybe even a college course.

neurovagrant, 8 months ago (edited 8 months ago) to random

I'll take "Messages you don't want to see in your Okta admin console on Monday morning" for $1000, Alex.

neurovagrant, 8 months ago to random

oh this is a good one to start off the week with

neurovagrant, 7 days ago to Cybersecurity

Whole lot of IDN Homoglyph Attack registrations via GoDaddy and hosted on Amazon the past few days. Examples from yesterday and today:

xn--fcbook-pta36b[.]com (fácębook[.]com)

xn--xnt-rmal15isb[.]com (xƭínïtƴ[.]com)

xn--xnt-vmag15isb[.]com (xƭînïtƴ[.]com)

xn--goole-b3b[.]com (gooǵle[.]com)

#cybersecurity #infosec #threatintel

neurovagrant, 11 months ago to random

good job everyone

neurovagrant, 11 months ago to random

Clearing out a bit of my reading backlog this morning.

This Andy Greenberg article on Russian APT group Turla is fantastic, makes for great reading.

https://www.wired.com/story/turla-history-russia-fsb-hackers/

neurovagrant, 9 months ago (edited 9 months ago) to Cybersecurity

Hello friends, I've seen the below image come up a few times elsewhere and am going to expound a little!

While the hyperlinks in the image display correctly, those aren't actually the addresses of those sites! Instead, they're the Internationalized Domain Name replacements - examples of what are called IDN Homograph Attacks.

It's incredibly hard to include all characters from all active alphabets in the mechanisms that resolve domain names - so currently that letter set is restricted, and instead uses a translation system called Punycode to move between a visual URL with the correct characters and a domain name your computer can actually resolve to a website.

So while neurovagrant[.]com is fine either way, nӘ̃urovagrant[.]com isn't! The actually domain would be xn--nurovagrant-rkg322d[.]com.

Notice that xn-- ! That's what tells browsers and other software that it's an IDN domain, and to try and translate it.

Attackers use this to their benefit. So:

xn--mcrosoft-security-teams-1ec[.]com can appear in your email, on your twitter feed, in other places visually as: mícrosoft-security-teams[.]com

You may think you're signing in to check your retirement at vanguarɗ[.]com but it's actually sent you to xn--vanguar-4cd[.]com

A link that appears as vḙnmo[.]com actually sends you to the website xn--vnmo-q64a[.]com

They even target kids! Take a look at xn--rblox-jua[.]com - which looks like röblox[.]com in most settings. Note the diacritical mark above the first o.

If anything looks off, there's a reason. Always view links with skepticism, don't click on things unnecessarily, and always sign into the sites you use by going to the domain name you know.

Stay frosty out there, friends.

#cybersecurity #infosec #StayFrosty

neurovagrant, 7 hours ago to random

AAAAAAAAHAHHAHAHAHAHHAHAHAHAHAHAHHAHAHA AHHAHAHAHAHAHHAHAHAHAHHAHAHAHAHAHAHAHAH

breathes

breathes

....AAAAAAHAAHAHAHAHAHAHAHAAHAHAHAHA

https://infosec.exchange/@josephcox/112473926878476027