=== ANCHOR POEM === ══════════════════════════════════════════════───────────────────────────────────── ┌──────────────────────────────────────────────────────┐ │ CW: completely-unfounded-no-evidence-mis-information │ └──────────────────────────────────────────────────────┘ If we make a law that says you can't sell user data, they'll just build an intentional vulnerability into their system and point it out to specific people who paid under the table. Then, when they get "hacked", they'll surely be ashamed and sorry to their users, but hey the data's out there now not like they can take it back. Oh don't worry we already patched the hole in our security, that way nobody can get in through the same door that was intentionally left open for very particular people who've paid, and not for the people who haven't paid yet, who are still waiting patiently for a door to be built for them. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════────────────────────────────────────┘ === SIMILARITY RANKED === --- #1 fediverse_boost/3948 --- ◀─╔═══════════════════════[BOOST]════════════════════════────────────────────────╗ ║ ┌────────────────────────────────────────────────────────────────────────────┐ ║ ║ │ There is no such thing as a backdoor for good guys. Once you place a backdoor, you compromise the safety and privacy of all your users. A third party or bad guys will get access to it and abuse it further. The concept of a "backdoor for good guys" is fundamentally flawed and dangerous. It sets a dangerous precedent. Security and privacy should be absolute. There's no safe way to create a backdoor that can't be exploited by malicious actors. #privacy #security #infosec │ ║ ║ └────────────────────────────────────────────────────────────────────────────┘ ║ ╠─────────┐ ┌───────────╣ ║ similar │ chronological │ different ║ ╚═════════╧════════════════════════════════════════════────────────────┴───────╝─▶ --- #2 fediverse/1113 --- ═══════════════════════════════════════════════──────────────────────────────────── we should be able to configure our web browsers so that they don't remember to autofill certain pieces of information. Such as the IP address of our router, or our bank credentials, or any other forms of passwords that we are using to authenticate ourselves. That way our infrastructure that we've designed is less susceptible to cybersecurity threats that involve physical access to the computer. Or remote control of some kind that is channeled through the UI (like RDP or SSH) (a terminal is a text based UI in this context) Unless of course they knew what they were doing. Which most of them don't. Hence why it'd be a good idea to isolate the capabilities of defeating certain vulnerabilities to ourselves. Like, a reverse backdoor, only more like a DMZ - a sector of computing space (sandboxed of course) that is only utilized for understanding the intent of the message sender. Doing so would require an analysis of the capabilities of the system, the kind of analysis that [script kiddies'dve] generated by googl ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════───────────────────────────────────┘ --- #3 fediverse/2605 --- ══════════════════════════════════════════════════════───────────────────────────── @user-1268 was just wondering what interesting or useful or incriminating data was found in the heritage foundation hack. because, like, they could just leave a security vulnerability open for downloading their like, contact data for customers, and like... that's not too useful for people attempting to fight them. it's the CONSUMER'S data after all, not the corporation / organization. all I saw was the headline that they downloading some gigabytes of information, I didn't check to see what it comprised ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════════════────────────────────────────┘ --- #4 fediverse/2674 --- ══════════════════════════════════════════════════════───────────────────────────── ┌────────────────────────────────────────────────────────────────────┐ │ CW: factually-untrue,-that-never-happened.-this-is-just-gesturing. │ └────────────────────────────────────────────────────────────────────┘ the kind of friendship where you SSH into each other's systems and leave notes for one another. as soon as you find one you message the person who left it like "yoooo only just found this lol" and they're like oooo yeah did you see the bash script I wrote in that directory "yeah totally I used it on one of my video files just now - cool filter!" ahhhh reminds me of all the times hackers have hacked my permanently insecure system and left me friendly messages like "hey I'm on your side" or "how's life, friend? I hope it's going well." or "never forget; you are worth all the fear" y'know cute things like that oh. right. because leaving vulnerabilities like that can lead to threat actors affecting your stuff. how lame. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════════════────────────────────────────┘ --- #5 fediverse/4218 --- ═══════════════════════════════════════════════════════════──────────────────────── there are plenty of pieces of linux that are insecure in some way. Including x11, if I remember correctly. It is purely convention to not abuse these insecurities, and whenever you use someone else's binary software you trust that they won't betray you in some way. pre-built binaries are privacy violations and should be illegal. They are security threats because the model they're built upon is necessarily insecure. Computers will never be completely secure because of how they are built, and so we should use locally compiled software and interpreted scripts. Unless they're too long, or impossible to read. Who reads EULAs these days? At least those are written in english. maybe computers aren't worth it. Maybe computers will solve all our problems. Who can say, maybe you should ask an oracle like me though do remember that anything you hear can and will be used against you, monkey's paw style. So maybe, like... don't? unless you're into magic or schizophrenia or something I wnt 2 be cute and tch cpus ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════════════════───────────────────────┘ --- #6 fediverse/497 --- ═════════════════════════════════════════════────────────────────────────────────── @user-346 Nobody will get past the login screen on my computer, but if they do they probably won't know that you need to push alt+p in DWM to start a program. But even if they push "alt+p firefox" they will only have access to my gmail and discord, because those are the only two places I've saved my login information. Most of my data is on my hard disk anyway, so for that they'd have to push alt+enter and then navigate my filesystem to find it. Shouldn't be too hard if you're familiar with Linux. They could always just pull the hard drive and put it into a new computer though. It's not like it's encrypted, because why would I encrypt it? I want to share information, not conceal it! Surely nobody would desire to exploit that vulnerability of mine, that my data should be unencrypted? If you have a copy of Wikipedia then you're 500% more prepared than 90% of humanity so good job _^ Sure would be cool if you put it in the documents folder of every person in your family who solicited tech advice from you ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════─────────────────────────────────────┘ --- #7 fediverse/239 --- ╔═══════════════════════════════════════════───────────────────────────────────────┐ ║ if your computer gets hacked, but nothing was broken or changed... do you │ ║ leave it as it is so that anonymous can see you're chill or do you wipe it │ ║ because you're afraid it's the feds? │ ║ │ ║ ehhhh false dichotomy most people are afraid that their system will get borked │ ║ or their bank account will be stolen or their email will get spam or that │ ║ random icons will turn inside out and their mouse cursor will turn into a │ ║ barfing unicorn or they'll finally have to figure out bitcoin to pay a ransom │ ║ for their files including the only pictures they have of their niece. whoops │ ║ │ ║ people are afraid of technology because of what it can do to hurt them. │ ║ they're afraid it'll break or stop working, and they'll have to spend time │ ║ figuring it out. they like things how they are, but for some reason companies │ ║ keep changing things? it's frustrating learning a new system, and every 5-10 │ ║ years it feels like you have to learn a new paradigm and ugh it's just so │ ║ exhausting. technology is not designed for users... or maybe users get bored. │ ╟─────────┐ ┌───────────┤ ║ similar │ chronological │ different │ ╚═════════╧════════════════════════════════────────────────────────────┴──────────┘ --- #8 fediverse/3051 --- ═══════════════════════════════════════════════════════──────────────────────────── @user-1437 @user-1438 you poor thing, don't delete your toots! don't delete your account! you are wanted here, this is the fediverse! it's for all of us. I personally like cyber-sexual exploitation more than cyber exploitation. I wouldn't have thought about it unless you said something. there are a lot of ways to exploit someone in a digital medium, and adding "sexual" focuses the term to specifically the non-consentual sharing of sexual digital media - which is exactly what the term "revenge porn" describes. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════════════───────────────────────────┘ --- #9 messages/181 --- ══════════════════════════════════════════════───────────────────────────────────── I know you don't want to hear this, but there is a chance that there will come a time where your life depends on your ability to debug a computer without the internet. To set up an SSH server. To install Linux. To program in C. To do something else that I'm not prepared for... If StackOverflow didn't exist because network connectivity has been lost, could you remember syntax? Maybe it's a good idea to set up a local LLM that can answer basic questions about technology. Maybe it's a good idea to set up on your parents computer, just in case you have to hide out there for a couple months. Maybe it's a good idea to download wikipedia, just in case. If I need to use a mac, I'm screwed ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════────────────────────────────────────┘ --- #10 fediverse/3470 --- ════════════════════════════════════════════════════════─────────────────────────── alternatively, when you initiate an SSH session it sends you a randomized public key whose private key is the password that you need to login. By decrypting the string of text it sent you and sending it back (plus the password at the end or whatever) you can ensure secure authentication without bothering with the passwordless keys which are wayyyyyy more trouble than they're worth and lack the "something you know" authentication method. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #11 fediverse/3469 --- ════════════════════════════════════════════════════════─────────────────────────── you know how SSH password login is deprecated because the password needs to be transmitted in cleartext or whatever? what if we just... required two passwords? the first initiates the conversation, and sets up an encrypted line. It doesn't matter if anyone sees the first password because they'll get a new set of encrypted keys, meaning each session automatically is encrypted in a different, randomized way. the second password is the one that actually authenticates you. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #12 fediverse/4946 --- ════════════════════════════════════════════════════════════════─────────────────── I would trust the CIA if they gave me continual access to all surveillance of myself -- stack overflow -- what if you made a program which cycled credentials? like... "give me a random credential for Zoom" because we share all of our digital resources did you get banned for account sharing? no you didn't because you routed through the correct VPN automagically [has never had a software job] ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════════════──────────────────┘ --- #13 fediverse/3234 --- ╔═══════════════════════════════════════════════════════───────────────────────────┐ ║ ┌────────────────────────────────────────────────────────────────┐ │ ║ │ CW: ritz-is-fucking-stupid-I-guess-oh-whoops-cursing-mentioned │ │ ║ └────────────────────────────────────────────────────────────────┘ │ ║ │ ║ │ ║ my understanding is that anyone with my IP address could make my heart bleed │ ║ due to a hardware vulnerability on my motherboard. Though you might have to │ ║ get past my decrepit ancient linksys EA 3500 router from 2012 first. │ ║ │ ║ unrelated, but does anyone want my IP address? I don't have any remote │ ║ backups, so if you hate me now would be a great time to show me how despised I │ ║ am. Alternatively you could try searching for anything evil to ensure that I │ ║ can be trusted. You're gonna find mostly video games and source-code that I │ ║ didn't write though. But also all my notes in directories that are │ ║ non-standard, meaning you'll have to look around a bit. I leave little notes │ ║ everywhere I go, so that I can remind myself how to do things in the │ ║ directories I revisit months later. It's so weird how sometimes the things I │ ║ wrote stop working after a while even if I didn't update my system lmao │ ║ │ ║ what is it with artists and self-immolation? "I never thought I'd actually di │ ╟─────────┐ ┌───────────┤ ║ similar │ chronological │ different │ ╚═════════╧════════════════════════════════════════════────────────────┴──────────┘ --- #14 messages/1172 --- ════════════════════════════════════════════════════════════════════════════════─── the danger is not that the LLM will generate poor, vulnerable, or malicious code. the concern is that someone else might inject something into the codebase that you're not reading. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════════════════════════════──┘ --- #15 fediverse/624 --- ═════════════════════════════════════════════────────────────────────────────────── You know, there's no guarantee that Youtube or Gmail has to show you the EXACT SAME video or message that your friend shared with you. Or did they even share it at all? So hard to tell when they know all the communication you've ever had, because you only know each other online on their platforms, [read: US government observed platforms] [like, HTTPS] surely there's no room for someone to sneak in and edit your conversations. Surely the only way to securely communicate is to send pure PGP encrypted bytes to another target, wrapped in a TCP/IP header, with unknown intent or expression. Worst they could do then is just, y'know, block it entirely. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════─────────────────────────────────────┘ --- #16 fediverse/4013 --- ╔══════════════════════════════════════════════════════════────────────────────────┐ ║ ┌──────────────────────┐ │ ║ │ CW: AI-"art" │ │ ║ └──────────────────────┘ │ ║ │ ║ │ ║ you would think artists would celebrate the ability for people to better │ ║ communicate their goals when being hired, but, well, here we are. │ ║ │ ║ Everyone's so upset because they've been told they've been stolen from, but │ ║ patting their pockets they'll find that nothing is missing. More than that, │ ║ the things that are claimed to be created in their place are... Not great. │ ║ Easily spotted as forgeries by anyone who cares. │ ║ │ ║ Why is everyone so upset over new technologies? Why must we be the luddites │ ║ this time around? It's like we invented a better printing press and the │ ║ nations of the world are pissed because we can make counterfeit dollars │ ║ easier. Maybe we shouldn't put so much emphasis on something so easily │ ║ circumnavigable? Maybe artists should be paid for their time and creativity, │ ║ rather than the amount of pieces they create? Just spitballing here, somehow │ ║ it seems easier to reform society and slay capitalism than to put the │ ║ generative art genie back in the cracked bottle which is going to break soon │ ║ anyway. │ ╟─────────┐ ┌───────────┤ ║ similar │ chronological │ different │ ╚═════════╧═══════════════════════════════════════════════─────────────┴──────────┘ --- #17 fediverse/1994 --- ╔════════════════════════════════════════════════════──────────────────────────────┐ ║ @user-1123 │ ║ │ ║ hi nice to meet you let me just transfer my unencoded public key to you so │ ║ that you can sign it and verify that it's definitely the same thing I intended │ ║ to send and not a malicious package that plans to execute itself to executable │ ║ space and permanently hardwire your machine to continually feed data to an │ ║ external site, no siree just a regular ordinary public key that was │ ║ transferred over the internet, that place that basically guarantees a │ ║ man-in-the-middle via it's communication processes over the lines and cables │ ║ connecting ye to thee which are naturally administered and watched over by │ ║ your host, AKA the isp. │ ║ │ ║ ... but yeah trust me bro plug in this flash drive, there's no way that a │ ║ secret hacker might install a rootkit or something on my computer just because │ ║ I plugged in a flash drive, once, literally just a nugget of information │ ║ carried upon a little machine that you can fit in your pocket roughly the size │ ║ of a thumb) drive, the kind that is useful for transmitting information by │ ║ sneakermail. :) │ ╟─────────┐ ┌───────────┤ ║ similar │ chronological │ different │ ╚═════════╧═════════════════════════════════════════───────────────────┴──────────┘ --- #18 fediverse/308 --- ════════════════════════════════════════════─────────────────────────────────────── when tech people are hurt by technology they say "how can I fix this? what do I need to install? what configuration should I use? is this company ethical, or are they going to hurt me in the future? could I make something that fixes this myself?" when non-tech people are hurt by technology they say "okay" because they don't have the bandwidth to figure it out. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════──────────────────────────────────────┘ --- #19 fediverse_boost/622 --- ◀─╔═════════════════[BOOST]═══════════════════───────────────────────────────────╗ ║ ┌────────────────────────────────────────────────────────────────────────────┐ ║ ║ │ PUBLIC SERVICE ANNOUNCEMENT: │ ║ ║ │ │ ║ ║ │ There is an increase of account takeovers due to insiders at telco firms simply giving control to people paying them/compromised support staff accounts. Do a check on systems where this single factor would permit an account compromise. And change the configuration. These are opportunistic trawling attacks. This is becoming more common as attackers replicate the success. │ ║ ║ │ │ ║ ║ │ The attacker uses other channels (like people search websites) to enumerate and guess the phone number attached to an online account and then checks against the telco they have control over. │ ║ ║ │ │ ║ ║ │ The insider only briefly temporarily forwards the victim number to a 3rd party then switches it back to normal once they’re in. This is how they stay quiet since most victims will not have leverage or telemetry to understand how they got hacked. │ ║ ║ │ │ ║ ║ │ It was their cell phone provider. │ ║ ║ │ │ ║ ║ │ Make it so account recovery systems require multiple factors and remove telephony-based recovery for VIP accounts entirely. │ ║ ║ │ Go check your systems now. Go try to access all your stuff like you forgot your password. │ ║ ║ │ │ ║ ║ │ I am very serious. This is based on private knowledge but is compelled by the compromise of the SEC. This is common now. │ ║ ║ └────────────────────────────────────────────────────────────────────────────┘ ║ ╠─────────┐ ┌───────────╣ ║ similar │ chronological │ different ║ ╚═════════╧═════════════════════════════════───────────────────────────┴───────╝─▶ --- #20 fediverse/1247 --- ═══════════════════════════════════════════════──────────────────────────────────── so wait is there any guarantee that the "releases" on github actually have the same code as that which is in the repository? Or could they just... put their own binary, with it's own strange rules and vulnerabilities, or am I just fearmongering? ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════───────────────────────────────────┘ |