X_Cli boosted

Worst feature ever: Netflix’s brutal automatic preview. It’s so against the user that is clearly designed to be that way.

X_Cli boosted

OK. Just saw someone posting "8 Character Passwords are Dead"

To support this they say how a 2080Ti GPU has passed 100 Billion guesses per second and how that means in 2.5 hours they can try every single possible password.

*Except*

That's in the case of NTLM hash. A notoriously bad hash that has *no* *salt*. Even more ridiculous, because the NTLM hash is just as good as having the password. You don't need to crack the hash.

Yes, 8 character passwords should be dead, but this is bogus.

Mind blown: reset --hard @{u} resets your workdir to the recorded state at the tracked upstream branch.

X_Cli boosted

Privilege Escalation in Ubuntu (CVE-2019-7304):

shenaniganslabs.io/2019/02/13/

– there are multiple methods to obtain root
– affects Ubuntu 18.10, 18.04 LTS, 16.04 LTS, 14.04 LTS
– update snapd according to usn.ubuntu.com/3887-1/

#snapd #ubuntu #privilegeescalation #linux #root #dirtysock

X_Cli boosted

Did you know that #Fedilab has a feature that allows to don't take care about text length. It will automatically split the message in replies and add mentions in each messages. Thus it also works with private messages.
To enable it, just go in your settings.

X_Cli boosted

Which books had the biggest impact on you - personally or professionally?

X_Cli boosted

I created a GoFundMe for helping me to buy the computer at gofundme.com/for-buying-a-new-

It's for a Librem 15 version 4 (Only if I get enough funds otherwise, any other ideas are welcomed). Thanks.

#Fedilab

Oh and the Docker patch was committed on Jan 9, so this has been known for at least a month in some circles. "Nice".

X_Cli boosted

@bortzmeyer
@x_cli
Unfortunately many use cases require some kind of privileges inside the container, starting with privilege drop itself when running a daemon that requires different levels of privilege for listening on a port, writing to logs or serving requests.

User namespaces offer useful features and can hopefully be combined with fine-tuned caps and seccomp to "safely" offer "root" inside the container.

X_Cli boosted

Les trottinettes Bird sont piratables avec un tournevis et 30 € (et la startup n’aime pas qu’on en parle) - Tech - Numerama

[Enquête Numerama] Détourner une trottinette Bird avec un simple kit à 30 dollars ? C'est possible. Parce qu'elle utilise des véhicules Xiaomi M365 standards très populaires, l'entreprise est plus ciblée que d'autres par des usagers mal intentionnés. Et ça l'empêche de trouver des solutions efficaces pour lutter contre ces pratiques.

numerama.com/tech/462006-les-t

X_Cli boosted

Dear @acebit, using AES-ECB is 𝘯𝘰𝘵 "Best possible encryption" - it's pretty broken encryption actually. Maybe you should change the way you describe ? For reference: en.wikipedia.org/wiki/Block_ci 1/5

X_Cli boosted

Read an article today about how Windows 10 is going to start making a 7GB reserve file for updates, just stealing 7GB of your storage space

How about using Debian instead, were the updates FREE UP SPACE ON UR HARD DRIVE

Never use multiprocessing.Pipe if one end of the pipe is untrusted (i.e. for privilege separation). The untrusted end can execute arbitrary code on the receiver.

X_Cli boosted

@maxeddy
Do you have an entity number for "privacy signal messenger, llc"?

And what exactly is the legal personality of "Open Whisper Systems", which appears on the github repo as the copyright holder for 2013-2017 and to whom (since January 2016) contributors assign copyright according to signal.org/cla/?

X_Cli boosted

@maxeddy
What I am pointing out is that the public statements do not square with the facts. Why are they being obtuse as to who is behind it? Open Whisper Systems doesn't exist, as we have seen. It's not even declared as a DBA name for the company that they started earlier this year. Back when you could still see owner information in whois, the domain records for signal.org led to a block of flats in the canary islands, etc.

Too much trust too little verification going on.

X_Cli boosted

@diggity

So I looked up #wire, a messenger that supports video/voice calls.

Sadly, it has built-in tracking and a number of proprietary dependencies, which is why it's not on #fdroid yet. gitlab.com/fdroid/rfp/issues/1

That said, the developers seem very frank when talking about their software and open to cooperation and constructive criticism. They deserve credit for that.

@philippemargery @Purism @maxeddy

X_Cli boosted

@diggity @philippemargery @Purism

Just for the record.

* First things first, the #wikipedia advertised “Open Whisper Systems” does not actually exist. Prove me wrong with an official incorporation document.
* The also #wikihyped “Signal Foundation”, AFAICT does not exist either, according to people who should know, namely irs.gov/charities-non-profits/

See next message for what *does* exist…

X_Cli boosted

Mastodon 2.7.0 :mastodon: introduced an opt-in directory per instance, making it easier to find interesting profiles on the instance:

mastodon.at/explore

To join, go to "settings" → "edit profile" and check "List this account on the directory".

Help others to find interesting profiles.

#mastodon #directory #infosec #security #cybersecurity

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.