=== ANCHOR POEM ===
◀─╔═════════════════[BOOST]═══════════════════───────────────────────────────────╗
║ ┌────────────────────────────────────────────────────────────────────────────┐ ║
║ │ PUBLIC SERVICE ANNOUNCEMENT: │ ║
║ │ │ ║
║ │ There is an increase of account takeovers due to insiders at telco firms simply giving control to people paying them/compromised support staff accounts. Do a check on systems where this single factor would permit an account compromise. And change the configuration. These are opportunistic trawling attacks. This is becoming more common as attackers replicate the success. │ ║
║ │ │ ║
║ │ The attacker uses other channels (like people search websites) to enumerate and guess the phone number attached to an online account and then checks against the telco they have control over. │ ║
║ │ │ ║
║ │ The insider only briefly temporarily forwards the victim number to a 3rd party then switches it back to normal once they’re in. This is how they stay quiet since most victims will not have leverage or telemetry to understand how they got hacked. │ ║
║ │ │ ║
║ │ It was their cell phone provider. │ ║
║ │ │ ║
║ │ Make it so account recovery systems require multiple factors and remove telephony-based recovery for VIP accounts entirely. │ ║
║ │ Go check your systems now. Go try to access all your stuff like you forgot your password. │ ║
║ │ │ ║
║ │ I am very serious. This is based on private knowledge but is compelled by the compromise of the SEC. This is common now. │ ║
║ └────────────────────────────────────────────────────────────────────────────┘ ║
╠─────────┐ ┌───────────╣
║ similar │ chronological │ different ║
╚═════════╧═════════════════════════════════───────────────────────────┴───────╝─▶
=== SIMILARITY RANKED ===
--- #1 fediverse/884 ---
══════════════════════════════════════════════─────────────────────────────────────
┌──────────────────────────────────────────────────────┐
│ CW: completely-unfounded-no-evidence-mis-information │
└──────────────────────────────────────────────────────┘
If we make a law that says you can't sell user data, they'll just build an
intentional vulnerability into their system and point it out to specific
people who paid under the table. Then, when they get "hacked", they'll surely
be ashamed and sorry to their users, but hey the data's out there now not like
they can take it back. Oh don't worry we already patched the hole in our
security, that way nobody can get in through the same door that was
intentionally left open for very particular people who've paid, and not for
the people who haven't paid yet, who are still waiting patiently for a door to
be built for them.
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧═══════════════════════════════════════────────────────────────────────────┘
--- #2 fediverse/2605 ---
══════════════════════════════════════════════════════─────────────────────────────
@user-1268
was just wondering what interesting or useful or incriminating data was found
in the heritage foundation hack.
because, like, they could just leave a security vulnerability open for
downloading their like, contact data for customers, and like... that's not too
useful for people attempting to fight them. it's the CONSUMER'S data after
all, not the corporation / organization.
all I saw was the headline that they downloading some gigabytes of
information, I didn't check to see what it comprised
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧═══════════════════════════════════════════════────────────────────────────┘
--- #3 fediverse/239 ---
╔═══════════════════════════════════════════───────────────────────────────────────┐
║ if your computer gets hacked, but nothing was broken or changed... do you │
║ leave it as it is so that anonymous can see you're chill or do you wipe it │
║ because you're afraid it's the feds? │
║ │
║ ehhhh false dichotomy most people are afraid that their system will get borked │
║ or their bank account will be stolen or their email will get spam or that │
║ random icons will turn inside out and their mouse cursor will turn into a │
║ barfing unicorn or they'll finally have to figure out bitcoin to pay a ransom │
║ for their files including the only pictures they have of their niece. whoops │
║ │
║ people are afraid of technology because of what it can do to hurt them. │
║ they're afraid it'll break or stop working, and they'll have to spend time │
║ figuring it out. they like things how they are, but for some reason companies │
║ keep changing things? it's frustrating learning a new system, and every 5-10 │
║ years it feels like you have to learn a new paradigm and ugh it's just so │
║ exhausting. technology is not designed for users... or maybe users get bored. │
╟─────────┐ ┌───────────┤
║ similar │ chronological │ different │
╚═════════╧════════════════════════════════────────────────────────────┴──────────┘
--- #4 fediverse/1038 ---
═══════════════════════════════════════════════────────────────────────────────────
┌──────────────────────┐
│ CW: re: what │
└──────────────────────┘
@user-766
ah yes but then how will my comrades come for my things know where to look? my
precious precious drives may be less safe inside of the computer case but at
least then someone I can about can find them.
or what you're saying is that a basic part of situational awareness is having
a plan for this kind of thing with the people who care about you? Ah, well,
nobody cares about me like that. Just a couple normies who want nothing but
business as usual.
wonder if I can open up my hard drives to "read only" SSH access? Or maybe
I'll just make the important files into a torrent. Or perhaps marking them as
"downloadable locations" on Soulseek? Plenty of options, all of them require
someone to care enough about your junk to want to archive it. Something
something ipfs?
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧════════════════════════════════════════───────────────────────────────────┘
--- #5 fediverse/1994 ---
╔════════════════════════════════════════════════════──────────────────────────────┐
║ @user-1123 │
║ │
║ hi nice to meet you let me just transfer my unencoded public key to you so │
║ that you can sign it and verify that it's definitely the same thing I intended │
║ to send and not a malicious package that plans to execute itself to executable │
║ space and permanently hardwire your machine to continually feed data to an │
║ external site, no siree just a regular ordinary public key that was │
║ transferred over the internet, that place that basically guarantees a │
║ man-in-the-middle via it's communication processes over the lines and cables │
║ connecting ye to thee which are naturally administered and watched over by │
║ your host, AKA the isp. │
║ │
║ ... but yeah trust me bro plug in this flash drive, there's no way that a │
║ secret hacker might install a rootkit or something on my computer just because │
║ I plugged in a flash drive, once, literally just a nugget of information │
║ carried upon a little machine that you can fit in your pocket roughly the size │
║ of a thumb) drive, the kind that is useful for transmitting information by │
║ sneakermail. :) │
╟─────────┐ ┌───────────┤
║ similar │ chronological │ different │
╚═════════╧═════════════════════════════════════════───────────────────┴──────────┘
--- #6 fediverse/3470 ---
════════════════════════════════════════════════════════───────────────────────────
alternatively, when you initiate an SSH session it sends you a randomized
public key whose private key is the password that you need to login. By
decrypting the string of text it sent you and sending it back (plus the
password at the end or whatever) you can ensure secure authentication without
bothering with the passwordless keys which are wayyyyyy more trouble than
they're worth and lack the "something you know" authentication method.
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘
--- #7 fediverse/1261 ---
╔═══════════════════════════════════════════════───────────────────────────────────┐
║ sometimes I run this WoW server with only like, 10 username and passwords. And │
║ they're all public. As far as I can tell nobody's ever tried connecting │
║ (whatever >.> ) but rather than set up a way to create your own │
║ credentials I just said "yeah pick one at random and play whatever someone │
║ else was doing because I like the idea of that" │
║ │
║ somehow, it felt right. │
║ │
║ most of my passwords (not all of them) are hacked and visible on the clear │
║ net. Like you could probably google my usernames and get my current passwords │
║ for things like, social media or my banks or whatever. I kinda like the idea │
║ that "you cannot trust anything I say, so think of the ideas behind my words │
║ and decide whether they hold meaning to you" rather than "execute these │
║ particular thought patterns in your mind as if they came from my voice" │
║ because one implies an exertion of control over the mind of the recipient │
║ -> obey my thoughts as I broadcast them into your mind, that kinda vibe. │
║ And I feel like you have to consent to that kind of thing hehe │
╟─────────┐ ┌───────────┤
║ similar │ chronological │ different │
╚═════════╧════════════════════════════════════────────────────────────┴──────────┘
--- #8 fediverse/3234 ---
╔═══════════════════════════════════════════════════════───────────────────────────┐
║ ┌────────────────────────────────────────────────────────────────┐ │
║ │ CW: ritz-is-fucking-stupid-I-guess-oh-whoops-cursing-mentioned │ │
║ └────────────────────────────────────────────────────────────────┘ │
║ │
║ │
║ my understanding is that anyone with my IP address could make my heart bleed │
║ due to a hardware vulnerability on my motherboard. Though you might have to │
║ get past my decrepit ancient linksys EA 3500 router from 2012 first. │
║ │
║ unrelated, but does anyone want my IP address? I don't have any remote │
║ backups, so if you hate me now would be a great time to show me how despised I │
║ am. Alternatively you could try searching for anything evil to ensure that I │
║ can be trusted. You're gonna find mostly video games and source-code that I │
║ didn't write though. But also all my notes in directories that are │
║ non-standard, meaning you'll have to look around a bit. I leave little notes │
║ everywhere I go, so that I can remind myself how to do things in the │
║ directories I revisit months later. It's so weird how sometimes the things I │
║ wrote stop working after a while even if I didn't update my system lmao │
║ │
║ what is it with artists and self-immolation? "I never thought I'd actually di │
╟─────────┐ ┌───────────┤
║ similar │ chronological │ different │
╚═════════╧════════════════════════════════════════════────────────────┴──────────┘
--- #9 fediverse/2674 ---
══════════════════════════════════════════════════════─────────────────────────────
┌────────────────────────────────────────────────────────────────────┐
│ CW: factually-untrue,-that-never-happened.-this-is-just-gesturing. │
└────────────────────────────────────────────────────────────────────┘
the kind of friendship where you SSH into each other's systems and leave notes
for one another.
as soon as you find one you message the person who left it like "yoooo only
just found this lol" and they're like oooo yeah did you see the bash script I
wrote in that directory "yeah totally I used it on one of my video files just
now - cool filter!"
ahhhh reminds me of all the times hackers have hacked my permanently insecure
system and left me friendly messages like "hey I'm on your side" or "how's
life, friend? I hope it's going well." or "never forget; you are worth all the
fear" y'know cute things like that
oh. right. because leaving vulnerabilities like that can lead to threat actors
affecting your stuff. how lame.
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧═══════════════════════════════════════════════────────────────────────────┘
--- #10 messages/29 ---
═══────────────────────────────────────────────────────────────────────────────────
The reason players don't talk on mics in Overwatch at low ranks is because
nobody else is. So they spend extra effort on tracking the enemy team that
could be supplied by team member call outs. Like "Reaper flanking right" or
"Hog no hook" or heck even "rezzing" and "15 seconds on rez" or "I have
[insert ultimate]"
That's all data they have to gather themselves, so it's extra brainpower that
can't be focused on the game because it's spent in other ways (namely by
listening to team call outs) and if you have 75% of your brain on just staying
alive and winning fights, then you'll have less brain power available both to
communicate and to listen and integrate communication. Like being aware of the
game state and positioning are all cerebral tasks and if your cerebral center
is so focused on short term reflex things like mechanical skill then there's
less available to allocate
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘══───────┴┴───────────────────────────────────────────────────────────────────────────┘
--- #11 fediverse/4946 ---
════════════════════════════════════════════════════════════════───────────────────
I would trust the CIA if they gave me continual access to all surveillance of
myself
-- stack overflow --
what if you made a program which cycled credentials?
like... "give me a random credential for Zoom" because we share all of our
digital resources
did you get banned for account sharing? no you didn't because you routed
through the correct VPN
automagically
[has never had a software job]
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧═════════════════════════════════════════════════════════──────────────────┘
--- #12 fediverse/6110 ---
═══════════════════════════════════════════════════════════════════════════────────
if the paradigm changes, suddenly you might find foes who you share common
collective woes.
this is a nightmare for your foes, the ones who remain your foes, the ones who
always will be your foes, the ones who your foes are currently opposed as they
believe they're doing pizzagate things and snorting child molester bones or
sacrificing transgender children to anubesiris or whatever.
"oh no don't tell me there's a secret cabal of elites that do satan's dark
bidding worship"
look I'm not NOT saying that, I just don't really have insight into that
because it's not my jurisdiction. I'm supposed to talk about computer
programming and being gay and struggling with meniality and revolutionary
praxis in the modern day and all that junk and instead everyone's like "what
if you are chronically interesting and permanently vexxing and seriously
draining and perhaps a little bit caustic (non-toxic crayons) but always a
darling and always eternally fair and righteous and valorous and determined
and also gay"
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧════════════════════════════════════════════════════════════════════───────┘
--- #13 fediverse/1329 ---
╔═══════════════════════════════════════════════───────────────────────────────────┐
║ @user-941 │
║ │
║ well, your computer only has so many 1s and 0s that it can use at once. Like, │
║ having a trillion hands that can each hold a single grain of rice. Every │
║ character in that txt file would be like, 8 grains of rice, minimum, meaning │
║ you'd need at least 8 "hands" (or spots to put a zero or a one) for each │
║ letter! │
║ │
║ Hmmmm that's a lot of bits and bytes if everyone's writing to the same file. │
║ Maybe if we split the file up into smaller sections, then we could just read │
║ part of it at once. Then we could "scroll" through it to make sure we've read │
║ the whole thing, starting from the top and going to the bottom. │
║ │
║ ah but if everyone's SSHing into the same computer and reading it there, then │
║ that computer will have to present different parts of the file at different │
║ times to different people, as they read from the top to the bottom. Maybe we │
║ could just send them the file, so they can read it at their leisure? │
║ │
║ Yeah! And we could use tags to organize it and make it look pretty, like an │
║ HTML file except... wait hang on │
╟─────────┐ ┌───────────┤
║ similar │ chronological │ different │
╚═════════╧════════════════════════════════════────────────────────────┴──────────┘
--- #14 fediverse/1113 ---
═══════════════════════════════════════════════────────────────────────────────────
we should be able to configure our web browsers so that they don't remember to
autofill certain pieces of information. Such as the IP address of our router,
or our bank credentials, or any other forms of passwords that we are using to
authenticate ourselves. That way our infrastructure that we've designed is
less susceptible to cybersecurity threats that involve physical access to the
computer. Or remote control of some kind that is channeled through the UI
(like RDP or SSH) (a terminal is a text based UI in this context)
Unless of course they knew what they were doing. Which most of them don't.
Hence why it'd be a good idea to isolate the capabilities of defeating certain
vulnerabilities to ourselves. Like, a reverse backdoor, only more like a DMZ -
a sector of computing space (sandboxed of course) that is only utilized for
understanding the intent of the message sender.
Doing so would require an analysis of the capabilities of the system, the kind
of analysis that [script kiddies'dve] generated by googl
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧════════════════════════════════════════───────────────────────────────────┘
--- #15 fediverse/2062 ---
═════════════════════════════════════════════════════──────────────────────────────
Society has never been secure. Literally all someone has to do is place
documents alleging that you sold all your shares or refinanced your mortgage
or signed a new will and BAM suddenly the rug's pulled out from your feet. I
don't get why people trust their neighbors so much? You don't know them!
well, I guess it'd be hard to function as a society if you didn't. Sure would
be nice if we had like, a communal Mastodon server run on public
infrastructure owned only by the people who lived in the closest 70 houses.
Sure would be nice if you could connect to one of like, 4 in your area. Then,
if they each held communal events where they meet and hang out with each
other. Only like, 2 or 3 though so you can get a solid grasp of what their
culture's like.
... like imagine if every address had an IP, and every IP address had an HTML
index. We could do whatever we wanted, especially if
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧══════════════════════════════════════════════─────────────────────────────┘
--- #16 fediverse/3469 ---
════════════════════════════════════════════════════════───────────────────────────
you know how SSH password login is deprecated because the password needs to be
transmitted in cleartext or whatever?
what if we just... required two passwords?
the first initiates the conversation, and sets up an encrypted line. It
doesn't matter if anyone sees the first password because they'll get a new set
of encrypted keys, meaning each session automatically is encrypted in a
different, randomized way.
the second password is the one that actually authenticates you.
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘
--- #17 fediverse_boost/3867 ---
◀─╔═══════════════════════[BOOST]════════════════════════────────────────────────╗
║ ┌────────────────────────────────────────────────────────────────────────────┐ ║
║ │ I really hate "two factor" auth. Like, cool, I get it, it let's you pretend you can divest responsibility for security and recovery, but also it means dropping my phone too hard could be a life disrupting event so somehow I don't really feel like this is for my benefit. │ ║
║ └────────────────────────────────────────────────────────────────────────────┘ ║
╠─────────┐ ┌───────────╣
║ similar │ chronological │ different ║
╚═════════╧════════════════════════════════════════════────────────────┴───────╝─▶
--- #18 fediverse/497 ---
═════════════════════════════════════════════──────────────────────────────────────
@user-346
Nobody will get past the login screen on my computer, but if they do they
probably won't know that you need to push alt+p in DWM to start a program. But
even if they push "alt+p firefox" they will only have access to my gmail and
discord, because those are the only two places I've saved my login information.
Most of my data is on my hard disk anyway, so for that they'd have to push
alt+enter and then navigate my filesystem to find it. Shouldn't be too hard if
you're familiar with Linux.
They could always just pull the hard drive and put it into a new computer
though. It's not like it's encrypted, because why would I encrypt it? I want
to share information, not conceal it! Surely nobody would desire to exploit
that vulnerability of mine, that my data should be unencrypted?
If you have a copy of Wikipedia then you're 500% more prepared than 90% of
humanity so good job _^
Sure would be cool if you put it in the documents folder of every person in
your family who solicited tech advice from you
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧══════════════════════════════════════─────────────────────────────────────┘
--- #19 fediverse/2706 ---
══════════════════════════════════════════════════════─────────────────────────────
┌──────────────────────┐
│ CW: politics │
└──────────────────────┘
feds will "break" into your house noiselessly while leaving no trace when
you're confirmed to not be home and photograph EVERYTHING.
if you have in-door camera systems, they can disrupt those and they give you
false confidence.
EDIT: also they're trained to always check after opening a door for any fallen
markers and such - like, leaving a piece of paper between the door and the
frame and if it's fallen when you return home, you know someone has been
through that way - and if they notice anything like that they replace it.
┌─────────┐ ┌───────────┐
│ similar │ chronological │ different │
╘═════════╧╧═══════════════════════════════════════════════────────────────────────────┘
--- #20 fediverse/4879 ---
╔═══════════════════════════════════════════════════════════════───────────────────┐
║ We should be keeping track of who shows up to things │
║ │
║ like... writing their names down at the door │
║ │
║ just because │
║ │
║ just for fun │
║ │
║ or write graffiti to say "I was here since the last time they painted the │
║ bench" │
║ │
║ or just... remember your friends │
║ │
║ unless of course, a human can only know so many friends │
║ │
║ then they gotta start organizing │
║ │
║ and organization implies trust │
║ │
║ what if we had all our actions described to a computer which would use │
║ language analysis to determine if it skewed good or bad? │
║ │
║ and then if someone's bad, a human operator or team will be assigned to figure │
║ out why. if its a simple fix, then that can be applied. Otherwise it must be a │
║ special clause which will require installation like a terminal computer or a │
║ light system in an unusual place. like a convention center or a hotel. │
║ │
║ but, like, the cool kind of hotel, the kind you'd see in movies like The │
║ Witches (scary) or Home Alone 2 (escape from new york) │
║ │
║ ... how long have you been writing tonight, ritz? │
║ │
║ oh, │
║ you know, │
║ just for all of the lastbit │
╟─────────┐ ┌───────────┤
║ similar │ chronological │ different │
╚═════════╧════════════════════════════════════════════════════────────┴──────────┘
|