br00t4c, to security
@br00t4c@mastodon.social avatar
nixCraft, to random
@nixCraft@mastodon.social avatar
br00t4c, to security
@br00t4c@mastodon.social avatar
davidaugust, to Russia
@davidaugust@mastodon.online avatar
Nonilex, to DaftPunk
@Nonilex@masto.ai avatar

Speaker released 3 bills Wed to provide aid to , & , & plans to hold final votes on Sat.

The votes will test if Johnson can control his party. Reps , & are threatening to remove him for the bills.

Some w/ interest want Ukraine to fend off , but anti- are taking orders from & .

https://docs.house.gov/billsthisweek/20240415/APRIL2024_UKRAINE_xml.pdf

raph, to privacy
@raph@social.coop avatar

Some personal news!

I'm excited to receive the award from the @mozilla Foundation! The award honors "25 visionaries reshaping our digital future" for my work with @horizontal. I've always been a huge fan and supporter of Mozilla's work in building a safe, open, and privacy-respecting internet, so being recognized by Mozilla is a real honor.

Quick context ⬇️

AskPippa, to Canada
@AskPippa@c.im avatar

I wonder if the thieves behind this heist were inspired by the Oceans movies? have arrested 19 people, recovered some of the gold and found 64 illegal guns heading to .
As an aside, theft in airports around the world is rampant. Mostly it's stuff removed from peoples checked luggage (cash, jewelry, electronics, etc.). I wrote to the transport authorities when my Swiss army knife vanished from checked luggage, they wrote back saying it was too small a matter to bother with. My point in the complaint was that theft is hugely common (ask people you know who travel, a surprising number have had something stolen from luggage), and that it's a risk -- if people can take stuff out of a suitcase, they can put something bad into it.

https://www.cbc.ca/news/canada/toronto/pearson-airport-heist-arrests-1.7176041

jake4480, to Discord
@jake4480@c.im avatar

If you use Discord, you might wanna know this.

A service called Spy Pet is scraping Discord servers, archiving and tracking users' messages and activity, and then selling access to that data.

Spy Pet scrapes more than 10,000 Discord servers, and besides selling access to anyone with cryptocurrency, it offers the data for training AI models or to assist law enforcement agencies, according to its website.

Spy Pet claims to be tracking more than 14,000 servers, 600 million users, and includes a database of more than 3 billion messages.

(The article is paywalled probably, etc but it's here) https://www.404media.co/a-spy-site-is-scraping-discord-and-selling-users-messages

sethmlarson, to security
@sethmlarson@fosstodon.org avatar

I'm attending #OSSummit, reach out to me if you want to chat about #security of #Python or #PyPI 👋

Nonilex, to anime_titties
@Nonilex@masto.ai avatar

Secret document urges action to weaken the

’s Foreign Ministry has been drawing up plans to try to weaken its Western adversaries, including the , & leverage the to forge a global order free from what it sees as American dominance, acc/to a secret Foreign Ministry document.


https://www.washingtonpost.com/world/2024/04/17/russia-foreign-policy-us-weaken/

Nonilex,
@Nonilex@masto.ai avatar

…The creation of the Concept & the classified addendum followed a call to Russian academics for policy suggestions. One proposal submitted in Feb 2023 to the Foreign Ministry by the deputy head of Moscow’s Institute for the Commonwealth of Independent States, which maintains close ties to ’s apparatus, laid out Russia’s options more bluntly still.

thejapantimes, to worldnews
@thejapantimes@mastodon.social avatar

Global warming is still not a mainstream political issue, even though it is fundamentally affected by and affects how power and wealth are distributed. https://www.japantimes.co.jp/commentary/2024/04/17/world/climate-change-is-political/

osjobhub, to opensource
@osjobhub@fosstodon.org avatar
seanjmullan, to Java
@seanjmullan@mastodon.world avatar

The XML Signature secure validation mode has been enabled by default in Oracle's JDK 11.0.23 and 8u411 releases. The mode was already enabled by default in JDK 17 and later. This mode provides additional protection by disabling weak algorithms and other potentially unsafe constructs in XML Signatures.

See the Released Changes of the Java Crypto Roadmap (https://www.java.com/en/jre-jdk-cryptoroadmap.html) for more details.

davemark, to security
@davemark@mastodon.social avatar

"Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers"

😮

The simpleminded change from the text "X.com" to read "twitter.com" led to embedded URLs being changed from, say, "fedX.com" to "fed...twitter.com" (the ellipsis is mine).

Phishing schemes abound. 🙄

https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/
#X

Edent, to webdev
@Edent@mastodon.social avatar

🆕 blog! “I can't use my number pad for 2FA codes”

This has to be the most infuriating bug report I've ever submitted. I went to type in my 2FA code on a website - but no numbers appeared on screen. Obviously, I was an idiot and had forgotten to press the NumLock button. D'oh! I toggled it on and typed again. No numbers appeared. I […]

👀 Read more: https://shkspr.mobi/blog/2024/04/i-cant-use-my-number-pad-for-2fa-codes/

blog, (edited ) to aa
@blog@shkspr.mobi avatar

I can't use my number pad for 2FA codes
https://shkspr.mobi/blog/2024/04/i-cant-use-my-number-pad-for-2fa-codes/

This has to be the most infuriating bug report I've ever submitted.

I went to type in my 2FA code on a website - but no numbers appeared on screen. Obviously, I was an idiot and had forgotten to press the NumLock button. D'oh! I toggled it on and typed again. No numbers appeared. I switched to another tab, my numbers appeared when I typed them. So I was reasonably confident that my keyboard was working.

I swapped back to the 2FA entry and tried again. Still nothing. Then I tried typing the numbers using the number row on my keyboard. My 2FA code appeared.

WHAT IN THE SAINTED NAME OF ALPHONSE CHAPANIS IS GOING ON?!?!?

Developers often use JavaScript to "improve" the standard features of HTML. For example, using <input type="number"> has some accessibility concerns and using https://css-tricks.com/everything-you-ever-wanted-to-know-about-inputmode/#aa-numeric is great for showing a number key board on mobile, but not much else.

So a developer wants a reliable way to make sure a user can only type numbers. Fair enough.

There are two ways to do this - a right way and a wrong way - using https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent.

One way is to listen for the character being sent from the keyboard - known as the key.

The other is to listen for the - known as the code.

A good demo of this is at keyjs.dev - play around with it to see what keyboard buttons your browser can detect.

When I press 7 on the top row of my keyboard, the key is 7 and the code is Digit7.

But when I press 7 on my number pad, the key is 7 but the code is Numpad7.

The JavaScript on the website was rejecting any key code which wasn't a "Digit"!

Perhaps I am a weirdo for insisting on both having and using my numpad? Perhaps developers need to test on something other than MacBooks? Perhaps JavaScript was a mistake and the Web would be better without it?

Either way, don't be like that website. Let users type in using whatever keys they like.

https://shkspr.mobi/blog/2024/04/i-cant-use-my-number-pad-for-2fa-codes/

#HTML #javascript #security #ui #ux

nixCraft, to linux
@nixCraft@mastodon.social avatar

Web server fingerprinting is the process of figuring out what type and version of web server a target is using. This page explains various techniques to identify the software and version of a remote web server https://www.cyberciti.biz/faq/find-out-remote-webserver-name/

metin, to security
@metin@graphics.social avatar
Jeremiah, to security
@Jeremiah@alpaca.gold avatar

TIL from @cigitalgem that the US government cut NIST’s budget for the first time ever and this has had rippling effects on the world’s software security reporting since February.

When we talk about security not getting enough budget priority, NIST’s entire budget request was $1.6 billion. For comparison, the US military’s budget request was $850 billion.

https://www.scmagazine.com/news/update-delays-to-nist-vulnerability-database-alarms-researchers

ramsey, to security
@ramsey@phpc.social avatar

I just received word that someone found code in ramsey/uuid on their server that had been compromised to provide a back door into their system. The good news is that ramsey/uuid itself has not be affected. This appears to be a hacker who gained access to their system and modified code (locally) in ramsey/uuid to provide a back door.

I’m asking for more details to share, and I’ll update this thread, as I’m able.

sjvn, to security
@sjvn@mastodon.social avatar

Meet the System Package Data Exchange: SPDX 3.0, with Profiles: https://thenewstack.io/introducing-spdx-30-and-profiles/ by @sjvn

With 3.0, you can track not just software packages, but pretty much anything and everything. It's a game-changer.

osjobhub, to python
@osjobhub@fosstodon.org avatar

Are you looking for a remote role in open source? Browse more than 500 positions now on #OSJH https://opensourcejobhub.com/jobs/?q=remote #RemoteWork #jobs #career #Python #kernel #Linux #sales #developer #engineer #marketing #security

campuscodi, to random
@campuscodi@mastodon.social avatar

Security researcher Shantanu Ghumade has published CVENotifier, a tool that parses CVE RSS feeds and sends Slack notifications based on certain vulnerability keywords.

https://github.com/dark-warlord14/CVENotifier

Snowshadow, to news
@Snowshadow@mastodon.social avatar

We had the same problem in Canada.

Telehealth firm Cerebral fined $7 million over ‘careless’ privacy violations
🇺🇸
The FTC accused it of sloppy data handling and sharing patient data with third parties like TikTok without consent

https://www.theverge.com/2024/4/16/24131881/ftc-fine-cerebral-telehealth

gbraad, to security
@gbraad@mastodon.social avatar

The kids who hacked the CIA: cracks with attitude

https://youtu.be/PmtFtWVrxFE

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag4
  • InstantRegret
  • DreamBathrooms
  • khanakhh
  • magazineikmin
  • mdbf
  • Youngstown
  • slotface
  • thenastyranch
  • osvaldo12
  • Leos
  • ethstaker
  • kavyap
  • rosin
  • relationshipadvice
  • cubers
  • normalnudes
  • tacticalgear
  • everett
  • Durango
  • anitta
  • GTA5RPClips
  • cisconetworking
  • lostlight
  • modclub
  • provamag3
  • tester
  • HellsKitchen
  • All magazines