svavar

svavar, 26 days ago to Iceland

Meanwhile, in #Iceland they've opened a centre to support #refugee families from #Palestine.

#Kindness

Article in English via Google Translate.

https://www-ruv-is.translate.goog/frettir/innlent/2024-04-23-skola-og-fjolskyldumidstod-fyrir-flottafolk-fra-palestinu-opnud-410987?_x_tr_sl=is&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp

GottaLaff, 1 month ago to random

Trump now owns the RNC. The GOP Fascist Party is in full swing.

Via NYT—Donald #Trump will attend a high-dollar fund-raising dinner in Palm Beach, Florida, on Saturday that is expected to raise at least $25 million for a new joint fund-raising account for Trump’s presidential campaign, the #RNC and roughly 40 state parties.

RickiTarr, 1 month ago to random

If the amount of "justice" you receive is based on how good the lawyers you can afford are, then "justice" is only for the rich.

malwaretech, 3 months ago to random

I asked ChatGPT to generate C code to covert a string to base64. Who can spot the vulnerability?

(Posted this on LinkedIn but still nobody has found it yet).

briankrebs, 8 months ago (edited 8 months ago) to random

This is a terrifying and sobering write-up by Retool on so many levels. It's about about a recent spear-phishing via SMS attack on employees, followed by voice phishing attack that deepfaked an employee's voice.

Retool said just one of its employees fell for it, which is of course all it takes. Here's the scary part:

"The voice was familiar with the floor plan of the office, coworkers, and internal processes of the company. Throughout the conversation, the employee grew more and more suspicious, but unfortunately did provide the attacker one additional multi-factor authentication (MFA) code.

The additional OTP token shared over the call was critical, because it allowed the attacker to add their own personal device to the employee’s Okta account, which allowed them to produce their own Okta MFA from that point forward. This enabled them to have an active GSuite session on that device. Google recently released the Google Authenticator synchronization feature that syncs MFA codes to the cloud. As Hacker News noted, this is highly insecure, since if your Google account is compromised, so now are your MFA codes.

Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option. In our corporate Google account, there is also no way for an administrator to centrally disable Google Authenticator’s sync “feature”. We will get more into this later."

https://retool.com/blog/mfa-isnt-mfa/

emptywheel, 8 months ago to random

Aileen Cannon Working Hard to Protect Stan Woodward; Doing Nothing to Protect Walt Nauta or Carlos De Oliveira

https://www.emptywheel.net/2023/08/26/aileen-cannon-working-hard-to-protect-stan-woodward-doing-nothing-to-protect-walt-nauta-or-carlos-de-oliveira/

davidho, 9 months ago to random

Form Energy is building its iron-air battery at a site in West Virginia that used to be a steel mill, thanks to incentives created by the IRA.

https://www.theguardian.com/us-news/2023/aug/14/weirton-west-virginia-battery-plant-steel-mill

georgetakei, 9 months ago to random

Justice Elena Kagan must be rolling her eyes so hard right now. She once told her friends not to send her free bagels and lox because she'd have to report the gift.

Meanwhile, Clarence Thomas is a one-man pay-to-play shop for billionaires with private jets and luxury vacas.