W̷a̷w̷a̷S̷e̷b̷ @wawa@nanao.cybtex.fr

The times are a’ changing…for the better in many ways!

Did you realize that we live in a reality where SciHub is illegal, and OpenAI is not?

this is the real trolley problem

TIL that printer cartridges may come with a printer firmware update

"Am I pro-Israel or pro-Palestine? I have no idea.

I'm pro-not-killing-civilians.

I'm pro-not-trapping-millions-of-people-in-open-air-prisons.

I'm pro-not-shooting-grandmas-in-the-back-of-the-head.

I'm pro-not-flattening-apartment-complexes.

I'm pro-not-raping-women-and-taking-hostages.

I'm pro-not-unjustly-imprisoning-people-without-due-process.

I'm pro-freedom and pro-peace and pro- all the things we never see in this conflict anymore.

Whatever this is, I want none of it."

Isaac Saul

The year is 2029. I have lost my job because programmers have been replaced by LLMs and badly paid "fine tuners." So, now I'm selling CDs out of my trenchcoat. On these CDs is a text-only archive of Wikipedia which I downloaded in 2017, burned on an old laptop that has been airgapped ever since. (All other repositories of knowledge have since been irrecoverably corrupted by LLMs.)

For anyone unaware, Google Chrome is currently rolling out an update that track your interests based on browsing history, then share them with 3rd party websites. The notification page makes it sound like they added a new privacy feature, but in actuality they've automatically enrolled you into their tracking system and you have to go and manually opt out.

My annual fees at gandi.net went from 50€ to 300€.. but sure, being bought by a bigger fish "won't change much things" ​

Just in case other vi(m) folks are also a few years late to the following party:

:%!jq

is magical

so, the reddit API protest has taken a different direction, now people are uploading gigabtyes of videos to reddit which are just noise. i cannot stress this enough, do NOT run the command ffmpeg -filter_complex "nullsrc=s=1920x1080,geq=random(1)*255:128:128[vout]" -map "[vout]" -t 46 -c:v libx264 out.mp4 in order to generate one of these large video files then upload them en masse in order to slow down their servers, that totally will not help with the protest

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

Don't forget to use @misp feed overlap matrix. It's a quick way to spot the overlapping/similar feeds from different sources such as external CTI feeds but also the cached MISP instances.

#CTI #threatintel #misp

If you want to check on your instance, it's in /feeds/compareFeeds

Well, #twitter's last move is nuts... ???
https://twitter.com/ericfreyss/status/1604538198054535169

If you want to really make a difference, reactivate your Twitter account and start trying to convince as many people as possible to move over to other platforms. Post articles about which other platforms are better, let everyone know your reasons for leaving, DM your friends and convince them to join in, spam your followers with links to your other social media profiles. Make Twitter as unusable as possible for anything other than migrating to other platforms. If you already deleted your account, you have 30 days (1 year if you're verified) to log back in and your account will be reactivated with all your followers intact. The only way to save Twitter is by destroying it.

Several Mastodon instances (including Newsie) have come under cyber-attack recently by state-level actors.

If you are the admin of a Mastodon Instance that overlaps arts, human rights, civil society, journalism, or democracy and would like FREE cyber security protection from Cloudflare as part of Project Galileo please reach out as Fourth Estate is a long-time Project Galileo partner

See: https://www.cloudflare.com/galileo/

#mastoadmin #mastodon

Finally it is there: A GUI version of PortexAnalyzer🔎

PortexAnalyzer is a free PE parser tailored for malware analysis. It uses the library PortEx.

🔽Download: https://github.com/struppigel/PortexAnalyzerGUI/releases
#PortEx #PortexAnalyzer

The best advice I have for anyone just coming here is to replace the location of the Twitter app on your phone with Mastodon and let your own muscle memory force you into adapting.

This will probably be my last direct post to Twitter. My account may or may not stay active, and I may or may not get to delete old posts. Auto-syncing from @rene_mobile has now been disabled. Please follow me on the Fediverse for further updates.

If you're trying to find journalists on Mastodon, I've created a verified database of several hundred here: http://presscheck.org. Since the backlog has become enormous, the unverified waiting list is now public also: http://presscheck.org/pending

Twitter suspending the official Mastodon account and blocking linking to Mastodon should be the final nail. Streisand effect will do the rest.