Po zobaczeniu cudownej bramki w meczu Wisła Puławy - drugi zespół Lecha Poznań chciałem sprawdzić coś na stronie internetowej Wisły Puławy. Niestety, nie działa, co się zdarza (a w weekend nie oczekuję, że ktoś to naprawi), ale... Jezu, nie róbcie tak. Zabezpieczajcie ekrany o błędach na serwerze produkcyjnym.
Szybka historyjka, co działo się w ciągu ostatnich kilkunastu godzin (czy raczej kilkunastu miesięcy?) w świecie open-source.
Istnieje sobie otwartoźródłowy projekt o nazwie “xz” autorstwa Lasse Collin[1].
Od około dwóch lat jednym ze współtwórców tego projektu jest użytkownik o pseudonimie “JiaT75”[2].
Cześć! Jestem najzwyklejszym użytkownikiem Mastodona. Na wszystkich swoich komputerach używam #Linux i pluję na #Windows. Umiem trochę Javy, którą ostatnio zaniedbuję na rzecz Rusta. Gram w #Minecraft, #Fortnite i #Warframe i #Cyberpunk 2077. Nie jestem neurotypowy, więc często zachowuję się dziwnie i nie łapię sarkazmów czy przenośni. Używam głównie oprogramowania #FOSS i selfhostuję swoje usługi, bo jestem paranoikiem prywatności. Siedzę trochę w #cybersec. To chyba tyle o mnie :blobcathearthug:
Hey #cyberSec nerds, would anyone have some time to offer #advice about getting into the field? I've been seriously thinking about that direction but I have 0 clue how that side specifically runs.
Bonus points if your experience is from #Canada.
Jack Posobiec (White supremacist that believes in conspiracies such as the white genocide conspiracy)
Jim Jordan (One of the main players to planning Jan 6th)
Matt Gaetz (A pedophile and operated a sex ring, but never was charged (fuck you justice department))
Steve Bannon (The fraudster that scammed trump supporters for a fake company to build Trump's wall)
-Vivek Ramaswamy (New face, but is young and likable. Dropped out of presidential nominee bid, but probably got a promise of a cushy job position in Trump's administration, from looks of things)
JD Vance (Didn't originally like Trump, but changed his opinion in 2018 and started spewing out many points from The Heritage, The Family Leader, etc)
Tommy Tuberville (One of the senators that helped to overturn the presidential election in 2020 and closely allied with Trump)
Kristi Noem (Governor of South Dakota, that is a terrible governor and well... I don't want to go into too much right now)
All seem to possibly be conspiring to overthrow the government. Articles are here:
This is all going off of this screenshot, which is a direct threat and should be taken seriously. I quickly put together this and uploaded what I could grab.
someone on a Japanese hacker forum decided it was a good idea to spam the entire Fediverse because they wanted to cancel a minor that DDoSed a Discord bot which apparently made them lost millions (what?)
A Discord bot. I can't make this shit up man.
The real culprit seems to be someone who goes by mumei in the ctkpaarr.org forums, whose first post was literally a threat to ap12, that if they don't delete their "Kuroneko Server" Discord bot, they will spam every blog, forum and SNS and cancel him.
This shit is ridiculous.
The ap12 account from mastodon-japan was actually fake, and this dude impersonated a minor to get all of the Fediverse (us) to bully him.
I'm doing some funny OSINT stuff and... I have found some funny stuff.
I looked him up on Google, Found a Discord report about him with his real email attached.
Looked up his email, and found a post on the ctkpaarr forums (the one he's advertising the discord) of him being currently flamed for this current ongoing incident.
The best part? He bought the script using a PayPal account. With his real name and identity.
He is a real skid. He just bought an off-the-shelf script and decided to piss off a lot of people, even the dude he bought it from with his antics. Bro snitched on himself and his entire community LMEOW
For the sake of my own job, my rep and legal security I'm not gonna tell where exactly I found this, but you guys can find it yourself. Figure it out.
This guy is making me dying out of laughter 💀 Our team @hq is hysterical right now at this horrible opsec.
There's currently an incident involving some kind of Japanese skids who call themselves the "Kuroneko" organization.
They seem to be attempting to commit DDoS attacks on Misskey servers, constantly creating new accounts on compromised instances and spamming advertisements for their hacking services.
Admins who are federating with these compromised servers, while they might not get compromised themselves, may be affected by the sheer amount of traffic volume from their spam.
Admins are advised to #fediblock or temporarily stop sending requests to affected servers for now, if they don't want to get secondhand DoS'd
IMO I never expected them to be Japanese out of all things, kinda funny. They also host VOICEROID and VOICEVOX TTS bots on their Discord apparently. Kinda a weird flex I guess.
Funkcja przypomnienia hasła jest bardzo specyficzna - z jednej strony niepozorna, z drugiej wymagająca dobrych zabezpieczeń, a więc szalenie ważna. Dlatego jest to też fragment systemu, na których uwagę zwracają audytorzy cyberbezpieczeństwa. A warto powiedzieć, że nie trzeba dużo, aby poprawnie ochronić tę część procesu - wystarczy trzymać się reguł, które wymienia choćby Niebezpiecznik.
#Malaysian#Telecom Provider, Aminia Hit by Pro-#Israeli#Cyberattack, Website Inaccessible....The group claims to have compromised Aminia’s billing and Managed WiFi services portals, hinting at a potential data breach. The attack follows the group’s threat to target Malaysian internet infrastructure.
We continue to identify sophisticated threats originating from the use of #opensource software packages. This time the attacker uses a signed #Microsoft executable to initiate the attack chain through an #npm package.
Uwierzytelnianie użytkowników to jedna z najczęściej wykorzystywanych funkcji aplikacji webowych (i nie tylko), więc to normalne, że powstało kilka powszechnie szanowanych rozwiązań, wśród których można wymienić sesje i tokeny. Czym się różnią ideowo oraz implementacyjnie?
"Deliberately grounded on a tiny reef in the #SouthChinaSea, part of an island chain claimed by the two Asian countries, the #BRPSierraMadre is now the unlikely base for a detachment of Filipino marines who stand guard over the atoll, scanning the turquoise waters for Chinese ships." #AyunginShoal#SecondThomasShoal#Philippines
Earlier, the PCG said that its X account had been “compromised.”
Posts on the PCG’s X page and its reply tabs were empty, although the “like” reactions were kept – however, most of the “likes” came from a particular account promoting cryptocurrency. #Philippines#WestPHSea#PHCoastGuard#CyberSec