rylancole

@rylancole@infosec.exchange

I am a Canadian security/software engineer posting about politics, technology, and cybersecurity in Canada 🇨🇦

I’m just here to say that both software & government need responsibility, accountability, fairness, & transparency (RAFT) - is that too much to ask?

BookWyrm: https://books.infosec.exchange/user/rylancole

This profile is from a federated server and may be incomplete. Browse more on the original instance.

rylancole, to privacy

Patricia Kosseim, Information & Privacy Commissioner of Ontario, talking about AI with the federal Privacy Commissioner of Canada, Philippe Dufresne.

> “Not getting a reign over this or the appropriate guard rails - I really worry about the use of these technologies going overboard and really triggering a serious public backlash against them and of course the trust in organizations and governments who use them.”

This podcast is from July 2023, but was still a good listen 8 months later

https://www.ipc.on.ca/podcast/a-casual-conversation-between-two-canadian-privacy-commissioners/

rylancole, to random

I’ve never used a Flipper Zero, but my understanding is they are very useful in security research & help find vulnerabilities we otherwise wouldn’t know about, so it’s disappointing to see the Canadian gov go after a tool like this instead of working on ways to improve cybersecurity in consumer products, like cars

“Canadian authorities may be reacting to numerous videos online, allegedly showing that Flipper Zero can be used to unlock a car remotely […] a New Jersey government agency that found social media has exaggerated the Flipper Zero's hacking capabilities.”

https://www.pcmag.com/news/canada-to-ban-flipper-zero-devices-over-car-thefts

chris, to Canada
@chris@mstdn.chrisalemany.ca avatar

The CRA website is completely offline all weekend?!
🤯🤯🤯 🤯 🤯 😁 😁 😁 😁 😁
😭 😭 😭 😭 😭🤣🤣🤣🤣🤣
This is so on brand. I mean...

https://www.canada.ca/en/revenue-agency/services/e-services/cra-login-services/outage-details.html

rylancole,

@chris Planned maintenance or related to the breach at Shared Service Canada, I wonder

https://www.cbc.ca/news/politics/global-affairs-security-breach-1.7099290

evan, (edited ) to random
@evan@cosocial.ca avatar

Fediverse admins and mods: do you have a plan for dealing with US Presidential election disinformation in 2024?

rylancole,

@evan You never know when the next Canadian election will be though! And election interference is a hot topic 🇨🇦

rylancole, to random

@molly0xfff you may already know this, but you have an impersonator on TikTok that is reaching out to people that follow you

I almost got tricked when it followed me back on TikTok and I thought “wow why would Molly follow me back”, but I double checked the account after they messaged me “hey, how’s it going”

A screenshot of the TikTok profile page for a fake Molly White account with the username “Molly O X FFF” where Molly has 3 L’s. The account uses the same profile picture as Molly’s real accounts and has multiple videos of Molly posted on the page.

ernie, to random
@ernie@writing.exchange avatar

Substack is going to feel the pain from this crisis for a long time.

https://katz.beehiiv.com/p/off-stack

rylancole,

@ernie Is there a list of major newsletters that have dropped the platform? I’m curious what kind of market share they are losing.

ScienceDesk, to Geology
@ScienceDesk@flipboard.social avatar

Balanced boulders on San Andreas fault suggest the 'Big One' won't be as destructive as once thought, Live Science Reports:
https://www.livescience.com/planet-earth/earthquakes/balanced-boulders-on-san-andreas-fault-suggest-the-big-one-wont-be-as-destructive-as-once-thought

rylancole,

@ScienceDesk Seismology is still a young science & what we know will continue to change, but I will choose to believe this piece of information because it makes me feel better

mybarkingdogs, to threads

If you have gotten the official ad with the - save a copy and if possible archive a copy with an archiving service, if you received it.

It is possibly evidence that could be used to sue them in the state of California

rylancole,

@not2b
@mybarkingdogs do you have a screenshot of the ad? Might help Joe understand better

My understanding is you received an ad promoting Threads, like “hey join our new social media service, we have transphobes!”, i.e., this is not an ad published on Threads by someone else (covered by S. 230), this is an ad created & published by Meta promoting a Meta product (probably not covered by S. 230), right?

rylancole,

@not2b @mybarkingdogs Yeah, would need to see the ad itself and IANAA (I am not an American) so I am not sure how the legal process works on that. In Canada, depending on the text, it could be distribution of hate speech which is in the Criminal Code & would be pursued by the Crown, not a private individual

carkner, to vancouver
@carkner@historians.social avatar

I have the option of taking #1 or #4 on the list to get to work 😅
Transit is actually pretty good in compared to a lot of North American cities. But yeah during busy times it can get pretty bad on those routes. Passed up by full bus after full bus, and so on. Skytrain extension that is currently under construction will be a big help.
https://www.cbc.ca/newsinteractives/features/translink-complaints-2023

rylancole,

@carkner Should I be worried that the SkyTrain extension will make the SkyTrain more packed? The Expo Line is already pretty squishy at rush hour

davidpierce, to random
@davidpierce@mastodon.social avatar

Hi friends! It's (kinda) that time again: no Installer coming from me this week, but a HUGE one coming next week on all our favorite stuff from 2023. And to that end: I want to know yours! It doesn't have to be your one single legally binding Favorite Thing Ever, but when you think about this year, what awesome show/movie/app/creator/origami trick do you think of? Tell me one, two, a few! All your favorites, hit me

rylancole,

@davidpierce One of my favourite things to come from 2023 is the creation of @404mediaco

Their podcast is now one of my favourites to listen to every week & it was an easy decision to pay for a subscription to get access to their bonus content

briankrebs, to random

On Dec. 15, a researcher disclosed a weakness in the way many companies have implemented Google OAuth that potentially allows former employees to retain access to SaaS providers like Slack and other platforms. According to the researcher, Google paid a bug bounty for the vulnerability report in October 2023, but still hasn't changed anything to address the issue.

https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/

Today, Nudge Security published a writeup about the issue, noting how their SaaS platform was affected. Nudge's Jaime Blasco provides a helpful tl;dr on the weakness:

"It’s a well-known work email hack: add “+string” to your work email address (e.g., alice+testing@example.com) and you can easily filter any unwanted marketing emails or create multiple different signups for a single app using your work email address."

"However, this same trick can be used to create an entirely new Google account—one that looks like a corporate email address and forwards messages to it, but isn’t actually managed or even visible within your corporate Google organization.

This creates a big problem when it comes to offboarding employees. If a given “shadow Google account” were used to sign up for corporate SaaS accounts like Slack or Zoom using Google OAuth (i.e., “Sign in with Google”), that access could persist even after suspending the employee’s corporate Google account. Effectively, there’s no way for a Google administrator to see or suspend the shadow Google account from their admin console. This could leave a back door for unauthorized access by a former employee or threat actor by compromising the shadow account."

https://www.nudgesecurity.com/post/google-oauth-vulnerability

rylancole,

@chetwisniewski @briankrebs I think what it’s saying is not personal accounts being added, but additional work accounts. So, I have a work email rylancole@company.com that has a Google account, and I also create a Google account using rylancole+shadow@company.com and then I leave the company and all accounts associated with rylancole@company.com are shut down, except that rylancole+shadow@company.com doesn’t get caught for some reason. So now could potentially log in to that Google account still, and even if it emails me a login code, I could’ve set that inbox to forward to my personal address

neurovagrant, (edited ) to DaftPunk
@neurovagrant@masto.deoan.org avatar

deleted_by_author

    •
    rylancole,

    @neurovagrant @pluralistic This stuff is incredibly expensive & it’s amazing how much money must being burned right now by some players to establish a market… but not everybody can become Uber.

    I can see VC money drying up eventually, but I’m curious about the tech giants that are all in on sinking money into this; Microsoft, Meta, Google, & Amazon. The new Meta Imagine image generator is crazy fast compared to others, yet completely free

    These companies want to become platforms for everyone else to run their AI and I think they’ll be willing to run AI services as loss leaders for a very long time, which could subsidize this bubble for years & years unlike something like the crypto bubble

    rylancole, to random

    Exciting to see Canada’s National Observer as one of the first 25 news outlets federating with Flipboard - I am very interested to see how this goes!

    Looks like you can follow them @NatObserver https://flipboard.com/@mike/following-the-fediverse-50uv65adz/-/a-fMQ83SKgS0aRvJ7DsLWvig%3Aa%3A3108515-%2F0

    rylancole, to random

    Radio-Canada has learned that a number of federal departments have been using software that can pull data such as text messages, contacts, photos and travel history from devices (even if password-protected)

    The software was contracted through Shared Services Canada from companies such as Cellebrite & Grayshift. None of the departments using this tech did a Privacy Impact Assessment as required.

    https://www.cbc.ca/news/canada/ottawa/federal-canada-government-department-privacy-1.7041255

    chris, to random
    @chris@mstdn.chrisalemany.ca avatar

    Quick #FollowFriday Post --- These are the people I have on auto-notifications. Some are Canada-specific but they very often post things that I'm sure would be of interest to many!
    @jantafrench - CBC news Alberta
    @LALegault - General News
    @GeoffyPJohnston - Social Justice News/Editorial
    @anderspuck - Ukraine Analysis
    @larryneufeld - Climate related Canadian News
    @GottaLaff - US Politics
    @taylorlorenz - US and Social Media News
    @davidakin - Canadian News (CTV)
    @hanse_mina - Ukraine War Constant Updates
    @breadandcircuses - Climate Related News
    @akurjata - CBC News (Local BC Interior)

    rylancole,

    @chris @jantafrench @LALegault @GeoffyPJohnston @anderspuck @larryneufeld @GottaLaff @taylorlorenz @davidakin @hanse_mina @breadandcircuses @mgeist @akurjata How many notifications do you get a day??

    SwiftOnSecurity, to random

    Me talking to a Helpdesk person being very precise in what they're telling me about an issue, instead of the whole picture of what they’re trying to accomplish because they think I will prevent it. I already know what they’re doing, but I don’t actually care as long as we have a process for it.
    My reply:

    rylancole,

    @SwiftOnSecurity This is also great parenting advice

    chad, to random
    @chad@mstdn.ca avatar

    "Mastodon Canada is Edmonton and Ottawa heavy"

    Then recruit your friends elsewhere. I flew across the country (twice) to advocate for our instance on my own dollar. We saw registrations in Quebec and BC increase.

    Bring your friends on board.

    I'm doing everything I can.

    rylancole,

    @chad @chris @philmoscovitch @mike @PopAlberta It’d be interesting to see a survey of mstdn.ca regional demographics, including those of us on other servers that interact with mstdn.ca

    Us British Columbians are always around even if we don’t speak up much

    rylancole, to random

    Canada is one of 48 countries that has signed a pledge that strongly discourages paying ransomware demands, in an attempt to “undermine the ransomware business model and disrupt criminal activity”.

    On the 2023 CIRA Cybersecurity Survey, 70% of Canadian organizations that had experienced a ransomware attack said they paid the ransom. 22% of these payments were $50k-100k

    @cira

    https://www.cira.ca/en/resources/documents/cybersecurity/2023-cira-cybersecurity-survey/

    rylancole,

    @cira International Statement on Counter Ransomware Initiative Joint Statement on Ransomware Payments

    https://www.canada.ca/en/public-safety-canada/news/2023/11/international-statement-counter-ransomware-initiative-joint-statement-on-ransomware-payments.html

    jerry, to random

    I am working on migrating books.infosec.exchange - it'll likely be down for a few hours while I sort it out. Apologies. Like pixelfed, it's not going well, but unlikey pixelfed, bookwyrm is native docker. A big part of my challenge, I think, it moving from a bare metal install of these apps to the container version - likely much easier if starting fresh.

    rylancole,

    @jerry Looks good so far - thanks for maintaining it!

    carkner, to random
    @carkner@historians.social avatar

    Yep, they were out picketing in my neighborhood today (along Great Northern Way by VCC station where Rogers has a building).

    https://pressprogress.ca/rogers-locked-out-300-workers-in-british-columbia-the-union-says-they-replaced-them-with-scabs/

    rylancole,

    @carkner Fingers crossed on the anti-scab legislation

    rylancole, to privacy

    Jim Balsillie has some pointed complaints about Canada’s proposed Consumer Privacy Protection Act, it contains “a business interest carve-out that allows corporations to put the pursuit of profits above the interests of consumers. Businesses are allowed to determine what constitutes legitimate surveillance and behaviour modification to trample on fundamental rights, but are under no obligation to notify consumers how they are tracking and profiling them."

    He also wants the AI & Data Act scrapped (it really should not be wrapped into this bill, I agree it needs a do-over)

    https://www.itworldcanada.com/article/proposed-canadian-privacy-law-is-like-a-leaky-bucket-balsillie-tells-parliamentary-committee/551177

    rylancole, to random

    Senator Colin Deacon @colindeacon via LinkedIn

    “The Auditor General has just sounded the alarm on federal government inaction in the delivery of effective & cost efficient digital services to Canadians”

    “6 out of 10 applications remain in poor condition because they are running on highly risky, aging infrastructure.“

    https://www.linkedin.com/posts/senatorcolindeacon_digitalgovernment-citizenservices-govtech-activity-7125196822221860864-z1CA

    rylancole, to random

    From IT World Canada “Ottawa is banning the use of the China-based WeChat instant messaging app and Russian-based Kaspersky security products on the mobile devices of federal civil servants, although it isn’t clear how widely they are being used.”

    https://www.itworldcanada.com/article/canada-bans-federal-employees-from-using-wechat-kaspersky-mobile-apps/551048

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • tacticalgear
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • Durango
  • cubers
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • ngwrru68w68
  • kavyap
  • GTA5RPClips
  • provamag3
  • ethstaker
  • InstantRegret
  • Leos
  • normalnudes
  • everett
  • khanakhh
  • osvaldo12
  • cisconetworking
  • modclub
  • anitta
  • tester
  • megavids
  • lostlight
  • All magazines
    •