The richest man on the planet became this way by building a warehouse and shipping behemoth that... Somehow carried on for 20 years without necessarily knowing who their suppliers were.


I sent this statuses from two places at the same time with

r000t boosted
Something is going on with email lately. Huge uptick in attempts to crack some very specific accounts on my mail server.

The accounts in question can't actually be hacked: they are one-off aliases created per-service, but like, some kinda troubling ones. Like "adobe@", which is an email only Adobe would know exists. They're not trying adobe@every-domain-on-the-server, just adobe@one-specific-domain, and a few other aliases at different domains, like one was an alias made for The Lady so that she could run an Instagram account for the dog for like a month before losing interest, and it's been completely unused for about two years.

To be clear, this isn't spam directly, probably they're trying to get into the account to *send* spam, but to stem the tide of individual hosts getting blocked, I killed off all traffic from a handful of subnets and it's still coming in.

Here's a graph of unique hosts that tried to brute-force on a given day. About 30 happened while I was writing this post, so that graph shows 957 today but it's 990 now. As you can see, it's usually close enough to zero that it doesn't matter, then consistently around 100 this week, 325 yesterday, and it'll hit 1k today at this rate. Keep in mind, all the hosts that tried this yesterday are blocked, so it's 1k *new* IPs trying to do this, so there's some kind of moderately large botnet.

(FSE is the usual subject of graphs here, but this doesn't affect FSE.)
r000t boosted

I dislike working with garbage collected languages bc what if the garbage collector decides to come for me next

I've been waiting on a FOIA request from Jefferson Parish since March.

I didn't know covid made it impossible to query a database. Also, it sure as shit didn't take them 3 months to plant drugs on a dude

racism, violence 

Suspect description, picture, cross streets... M0ar information helps make directed statements to prosecutors

Any news links?

Has covid killed coworking spaces yet?





r000t boosted
I forced an AI to read the x86 reference manual alongside 1000 programs to produce a program on its own. This is the result.

$ ./a.out
Segmentation fault (core dumped)
r000t boosted

PSA: cloth and paper masks worn to help prevent spread of Coronavirus (and other diseases) do not need to form a seal to be effective.

They do two things:
a. capture most of the droplets you exhale/cough/sneeze out
b. slow down (and thus reduce the range of) any droplets not caught

If you have two layers of fabric covering your nose and mouth, you are wearing a fabric mask correctly.

If breath reflects off of them and escapes around the edges, that is just fine -- the bulk of the droplets were caught, and those few that leave around the edges are slowed a ton. Mission accomplished.

Misinformation on this point (most of which seems to be repeating proper fit and donning for PPE masks, which do need to form a seal) is leading people to not wear masks because they believe they are difficult or impossible to wear correctly.

r000t boosted

the gargron community is dying, rt if you're a real eugenicist

r000t boosted

One wonders if Snowden regrets throwing away his life to warn ungrateful Americans about unconstitutional NSA wire-tapping.

r000t boosted
r000t boosted

That's a good question!

The first big vuln with a name and logo was heartbleed. This made it easier to sell to news media, which in turn made patching easier to sell to executives.

The name and the logo make the vulnerability seem serious. Unfortunately, after the first one that does this, now managers won't authorize a maintenance window for any bug that doesn't.

So now every bug needs marketing.

r000t boosted

why do security vulnerabilities have names and logos

r000t boosted

"Edison Mail rolls back update after users reported they could see strangers' emails. The company says the issue was caused by a bug, not a security breach."

WELL, in that case there is no need to worry, I guess? 😂🤦

The "quantum" marketing hype machine is here.

An upcoming Samsung phone is reportedly using "entropy from a quantum source" as an RNG for certain cryptographic operations. And this makes it "the first phone with quantum technology"

hi, yes, hello, if this conversation continues for very much longer, I just might blow my fucking brains out

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.