Pinned toot

@fluffy @angristan @rotawerx
More to the point, if someone needs to be pre-emptively shielded from all negativity, they may wish to put the computer away.

Nick Jr., Noggin, and Sprout are still broadcasting for their convenience.

r000t boosted
r000t boosted
r000t boosted

Btw, while a social engineer had control of teslamotors.com DNS

Nobody could start or lock/unlock their $45,000+ cars.

A teenager called up and asked Network Solutions very nicely for control of the domain. And got it. And grounded hundreds of thousands of vehicles.

This company wants you in a self driving car.

Show thread
r000t boosted

University banned from kernel development after professor and students repeatedly intentionally introduce security vulnerabilities into the Linux kernel.

Then they pull the inclusivity card when they're called out on it.

If you were wondering why Microsoft and all the rest are *really* big on Codes of Conduct and other shit that enables this sort of attack....

r000t boosted

Celebrate pissed somebody off.

Say what you will about signal but Moxie knows how to make a drop.

signal.org/blog/cellebrite-vul

r000t boosted

Custom user agents. Cloak yourself as an instance that is trusted, and scrape undiscovered. Combine with some proxies to truly blend in.

Monitor an uncooperative instance automatically; fediEngine will automatically sit on the public streams of instances they peer with and import matching statuses.

Hey 4ocean:

Making mask braces out of the recycled plastic is neat. Know what would be neater?

Turn that shit into 3D printer filament. Make repeat sales.

Right now, people don't have any particularly good reason to not get the cheapest brand of a given material filament. And I guarantee you that's virgin plastic.

I know I'd pay a premium for 100% (or even just "mostly") recycled filament.

r000t boosted
r000t boosted
r000t boosted

DO NOT USE eval()
DO NOT USE exec()

For the use case mentioned here ("you don't know what the variable name could be"/"you need to dynamically change the name) use getattr() instead.

DO NOT USE eval()
DO NOT USE exec()

If you use eval() and/or exec() in your code, you are literally begging your application to get hacked. You've taken out a billboard saying "please RCE my face"

DO NOT USE eval()
DO NOT USE exec()

For the use case mentioned here ("you don't know what the variable name could be"/"you need to dynamically change the name) use getattr() instead.

DO NOT USE eval()
DO NOT USE exec()

If you use eval() and/or exec() in your code, you are literally begging your application to get hacked. You've taken out a billboard saying "please RCE my face"

r000t boosted

If you're ever wondering "How the hell does my company find customers", remember that there's a place that says...

"Our company specializes in the design of a variety of equipment to thicken the ice on lakes and rivers for commercial and industrial purposes," Rossington noted. "We undertake contracts to build ice all across Canada."

If the ice thickeners found a market, you can, too.

thedrive.com/news/39914/saving

Man I wish I was a woman so anything negative said to me was automatically considered harassment and anybody actually gave a damn.

Show thread

Please compare: The "harassment" Molly White claims to have received (no screens tho 🤔)

And the real actual threats of physical violence I've received.

Cry me a fucking river, Molly.

The rms-open-letter hardcodes the signatures into index.md and asks signers to put the name in the correct alphabetical order like chumps doing error-prone work that is better suited for a computer.

The rms-support-letter people instead ask you to add a unique file and then a 1-line script in a template sort it.

An support letter for RMS is literally more sensible software than an open letter against him.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.