Holy hell this sounds bad. Go is usually quite a robust language and I usually expect good things. This seems very bad. https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
My 14 year old son just told me how he hacked his online Spanish assessment to get it to translate all the questions into English. He opens Firefox dev tools and disables some client-side javascript that tries to prevent him. Finally a child I can be proud of.
Then we have to have the conversation about how—while it's cool—make sure you actually learn the material. Don't cheat yourself out of an education...
I look at incident announcements like this, (https://www.blackbaud.com/securityincident) where they had an on-prem environment and 2 different clouds. The on-prem environment was attacked with ransomware and data was disclosed. You don't see anyone saying "see! see! this is why you use the cloud! it's more secure!" Because that would be stupid. But when you see these same articles and the cloud environment is the only one breached, you see the reverse all the time. "See, the cloud is not secure."
OK. Time to vent. I was checking out a MUD toolkit (Evennia, anyone know others?). I went to their demo instance. I am using TELNET. T.E.L.N.E.T! Typing a password in the clear, echoed back to my terminal over an unencrypted connection. And you want to tell me my password is not strong enough!? I'm dead.
This is a great reason why I use duckduckgo instead of google. https://themarkup.org/google-the-giant/2020/07/28/google-search-results-prioritize-google-products-over-competitors
Quick tip. If you're trying to download really old versions of macOS, they're hard to find (e.g., El Capitan, etc.). You can find lots of dodgy sites that you don't want to deal with, but it's hard to find legit Apple web sites. The trick is to search for "enterprise". Then you can find pages like this, which has a legit link to an Apple DMG. https://support.apple.com/en-us/HT206886
One of the more obscure and least understood #security principles is "psychological acceptability." Nobody spends any time on it. Just google a phrase and see that everyone plagiarizes everyone else. Search for "principle that aims at maximizing the usage and adoption of the security functionality"
Simply put, #BlackLivesMatter more than #infosec or all the other things I usually toot about. I did a little bit this weekend to help. Trump sent me $2500 I didn't need in the CARES Act. I've given every last cent of it to people he wouldn't have given it to, and who need it more than I do. https://blog.paco.to/2020/black-lives-matter/
RT @scihub_love
The latest Sci-Hub working domain(Last check time:Fri, 17 Apr 2020 17:13:01 GMT)
https://sci-hub.tw
https://sci-hub.se
https://sci-hub.im
https://lovescihub.wordpress.com
Please retweet to your friends,help us become stronger!
Some people might call this "parody". In my world, it's a bit more like "Tuesday". https://www.youtube.com/watch?v=JMOOG7rWTPg
I had a non-delivery notification from my personal mail server to outlook.com. It said "your ISP's network is on our block list.' My ISP is AWS and the network is a /14. It's bonkers.
It's like living in a 500-unit apartment complex and a company says "unit 402 didn't pay for their purchases last month, so we're not selling anything to anyone in that complex any more."
#spam #isp #email #smtp
If you have some spare compute cycles and you want to donate them to fighting #covid19, there's a medical research programme called "Folding@Home" which is similar to SETI@Home, but for medical research: https://foldingathome.org/2020/03/15/coronavirus-what-were-doing-and-how-you-can-help-in-simple-terms/
This is a fascinating C2 vector. But I gotta admit: it's hard to take it seriously with this diagram. https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
Cloud Security Consultant at AWS. Based in London. Opinions are my own, etc.