@devurandom Indeed. Some issues transcend simple political positions and enter the realm of basic human decency, and it is very hard for me to remain friends with people if some of their fundamental beliefs are openly discriminatory or hostile to others/minority groups.
IT staff face a "security mess" after Capitol riots: https://www.wired.com/story/capitol-riot-security-congress-trump-mob-clean-up/
Game studio ArenaNet, makers of Guild Wars and Guild Wars 2, chased a German that socially engineered customer support staff into giving him access to game accounts, including a staff account, using limited/false information for years through the German legal system and lost.
This is an interesting story of how bad or lax policies at a customer service level can lead to data or account breaches through social engineering.
It seems that it is probably a bad idea to use your work's computing resources to mine for cryptocurrency... particularly if you're a government employee. Who'd have thunk it? https://hotforsecurity.bitdefender.com/blog/mining-cryptocurrency-at-work-lands-australian-civil-servant-in-court-21188.html
@biffbiffbiff Jeez, I thought I was the only one who did this. 😂 I dunno why I expect it to be different, but it's muscle memory at this point.
Geofence warrants allow law enforcement to tap in to data from Google's Sensorvault database storing location data of hundreds of millions of devices spanning over nearly a decade. https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html
Every time I use list comprehensions in #Python I am amazed at the amount of work I can do with list building based on complex criteria with such few keystrokes and high readability. Much love for this functional programming concept ported over.
The #Facebook account breach extends way beyond the site itself. The compromise of access tokens means the FB SSO (Single Sign-On) mechanism was also vulnerable, meaning users' accounts on third-party sites implementing the FB SSO system may have also been compromised. https://www.wired.com/story/facebook-security-breach-third-party-sites/
#Facebook compromised: 50 million accounts affected by security breach in which attackers stole access tokens. Share prices plummet: https://www.theguardian.com/technology/2018/sep/28/facebook-50-million-user-accounts-security-berach
The truth is, we don't know if any third party search engine we use is collecting our data. They all have the capability of doing so if they so wish unless we take other measures to protect our identities, which people should.
There's been a lot of talk lately about developers pulling the "kill switch" and revoking their #GPLv2 licensing over their contributions to the #Linux kernel, mostly spread by a sensationalist article.
Groklaw had an interesting discussion in 2008 indicating why such revocation wouldn't be possible: http://www.groklaw.net/article.php?story=2006062204552163 and, further, in the Copyleft guide: https://copyleft.org/guide/comprehensive-gpl-guidech8.html#x11-540007.4
In short, it is incredibly unlikely that any attempt to revoke the licensing over such code would succeed.
@leip4Ier I mean, there are methods of authentication for NTP: https://www.eecis.udel.edu/~mills/ntp/html/authentic.html although they fall short.
The IETF draft of the Network Time Security (NTS) mechanism for securing NTP probably represents the best, most comprehensive solution to this problem moving forward: https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-13
Cloudflare enable "Encrypted Server Name Indication" (ESNI) on their DNS resolver to close the SNI hostname leak: https://blog.cloudflare.com/esni/
Of course this requires browser support and support from the domain too. ESNI browser support is arriving in an upcoming Firefox Nightly and ESNI will be enabled by default for all domains behind Cloudflare.
Google trying, and failing, to keep their "Dragonfly" project under wraps in which they are in cahoots with the Chinese government to build a heavily censored search engine, giving access to the regime to edit search results at will: https://mashable.com/article/google-china-search-engine-dragonfly-memo/
A Mastodon instance for info/cyber security-minded people.