This is a far larger problem than most people realize (not specifically the GM situation). Password reuse is so pervasive that these password stuffing attacks are usually wildly successful unless the online service mandates 2FA, which many services are hesitant to do because of the negative user experience. https://www.theregister.com/2022/05/25/gm-credential-stuffing-attack/
Use a password manager. Use unique passwords for each site/service, turn on 2FA/two step auth when available.
I just noticed "foreach" on npm is controlled by a single maintainer.
I also noticed they let their personal email domain expire, so I bought it before someone else did.
I now control "foreach" on NPM, and the 36826 projects that depend on it.
Why is the DOS path character "\"?
When the Imposter Syndrome and the Brainweasels of Doubt start running around inside my head, I stop, take my hands off the keyboard, and repeat to myself:
“All I need is a fraction of the self-confidence of a mediocre dumbass.”
@tek Hacking Verizon isn't nesecary. On Android, download termux. Install sshd and run it. Set a password. Run "ssh -N -D 9090 localhost -p 8022" (I think 8022 is the default port, if not, check the sshd config file). Now in your computer connect your phone with adb (run "adb devices" and accept the prompt on ur phone) and run "adb forward tcp:9090 tcp:9090". Now set your browser/OS to use 127.0.0.1 port 9090 as a SOCKS5 proxy. This should be possible with iOS too, use iSH rather than Termux and usbmuxd rather than adb. The commands will be different.
- a microSD card weighs somewhere around 0.4g
- the highest capacity microSD that's easily available is 256GB
- a trebuchet can throw a 90kg projectile over 300m
90kg worth of microSD cards is 225,000 of them
Therefore a trebuchet can throw 57.6PB of data over 300m
This would have the highest throughput of any telecommunications network ever created
Today I learned that unprivileged users can run "systemctl show servicename" to see all the environment variables set in the .service file.
This means if someone sets their AWS_SECRET_ACCESS_KEY in there (or any other secret), it can be read by an attacker even if they don't have read privileges to read the .service file.
For defenders, use EnvironmentFile= instead of Environment= and as long as your environment file has the correct privileges, you will be fine on this front.
We are traumatized by society to believe that no action can be taken unless it is necessary or allowed.
Being told we have a choice in the actions we take triggers intense shame and trauma over all those times we were told throughout our lives that we didn't do the "right" thing.
In order to accept the power we have in our own lives, we must first forgive ourselves, to let go of the shame, trauma, and fear of being "wrong" or being a bad person for making the wrong choices.
Programmer, infosec enthusiast, and producer of TBPITU
A Mastodon instance for info/cyber security-minded people.