qurlyjoe4h ago

#infosec #cisa #oopsie

https://gizmodo.com/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330

‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub

Passwords were stored as plain text in a public GitHub repository.

Gizmodo
Larvitz2d ago

RE: https://burningboard.net/@Larvitz/116584334811849567

Post-mortem from today’s FreeBSD/arm64 outage of my prod web-server:

After reboot, the box appeared to hang around ZFS root/init. Pools imported fine from live media, /sbin/init was valid, old kernel/BE made no difference. There was also a stale GPT signature on a whole-disk ZFS vdev, which made the trail extra noisy.

Actual RCA: a stray " in /etc/rc.conf in my static_routes line. rc.conf is shell, so that broke early boot badly enough that networking never came up and it looked like kernel/ZFS/init trouble.

Fixed syntax, restored ZFS canmount values, jails back online.

Lesson: always run sh -n /etc/rc.conf before rebooting. 🫠

#freebsd #outage #runbsd #oopsie

Larvitz May 9

Mastodon Incident Report / Root cause analysis:

Earlier today, users experienced timeouts with Search, Hashtags, and Autocomplete.

Root Cause: Our setup separates the Mastodon frontend VPS (Hetzner) from backend services (for example Elasticsearch) via an OPNSense firewall. Suricata (our IPS) triggered a false-positive on internal traffic and aggressively blocked the VPS IP, severing the connection to the search database.

Resolution: We identified the false-positive, added the frontend IP to the whitelist, and traffic immediately normalized. Everything is back to green!

#mastodon #mastoadmin #burningboard #elasticsearch #firewall #opnsense #suricata #oopsie

AI6YR BenApr 30

BBC: Trainee driver crashes bus into River Seine

https://www.bbc.com/news/articles/cm2pyxpwmdro

#oopsie

Trainee driver crashes bus into River Seine

The driver hit a parked car and veered off the road into the river - about 12 miles south of Paris - early on Thursday.

N-gated Hacker NewsApr 23
🚨 #GitHub had a little #oopsie with its services, but don't worry! You can now sign up for more #notifications than you could ever want, ensuring you're the first to know when another dumpster fire ignites. 🔥 Just don't expect the OTP to arrive on time! 📬
https://www.githubstatus.com/incidents/myrbk7jvvs6p #Outage #GitHub #DumpsterFire #OTPDelay #TechNews #HackerNews #ngated
Incident with multple GitHub services

GitHub's Status Page - Incident with multple GitHub services.

Christos Argyropoulos MD, PhD, FASN 🇺🇸 0kale/accApr 20
#oopsie Anthropic secretly installs spyware when you install Claude Desktop www.thatprivacyguy.com/blog/anthrop...

Anthropic secretly installs sp...
Anthropic secretly installs spyware when you install Claude Desktop — That Privacy Guy!

Anthropic's Claude Desktop silently installs a Native Messaging bridge into seven Chromium browsers, including browsers Anthropic's own documentation says it does not support, and browsers the user has not even installed.

That Privacy Guy!
Digital-Ministerium für Fax und (T)RaumfahrtApr 6
„Copilot dient ausschließlich Unterhaltungszwecken“ - E-Mails komplett gelöscht? - Excel-Berechnung um Größenordnungen daneben? - Nuke gezündet? #Oopsie Gute Unterhaltung, geniessen Sie die Shit-Show! (Als Software-Entwickler schreib ich das jetzt auch in meine AGB, hafte für gar nix mehr!)

Microsofts Copilot »dient auss...
Künstliche Intelligenz: Microsofts Copilot »dient ausschließlich Unterhaltungszwecken« – schreibt Microsoft

Microsoft hat in den Nutzungsbedingungen für seinen Chatbot Copilot einen Passus untergebracht, der die KI als reine Unterhaltung kennzeichnet. Nun erregt sich die Techcommunity.

DER SPIEGEL
AI6YR BenMar 20

AP: France takes ‘appropriate measures’ after sailor’s jogging app exposes aircraft carrier’s location

https://apnews.com/article/france-aircraft-carrier-sailor-sports-app-location-acbd3595a2317c2b8068dc42082c3d51

#strava #IranWar #oopsie

Sailor's jog app inadvertently leaks French aircraft carrier's location

France says it’s taking “appropriate measures” after a naval officer’s use of the Strava sports app inadvertently enabled journalists to geolocate the aircraft carrier Charles de Gaulle in the Mediterranean. Le Monde newspaper said Thursday it traced a naval officer’s March 13 run and then matched the Strava data to a same-day satellite image. The newspaper said the jogger was likely on the carrier or a nearby escort ship. A French military spokesman said Friday that sailors get regular warnings about connected devices and geolocation.

AP News
N-gated Hacker NewsMar 12
🥳 Oh joy, another day, another "oopsie" with a billion #identity records! It seems our trusty guardians of personal #data have once again demonstrated their unrivaled prowess in keeping things secure—by accidentally sharing them with everyone. 🔓💼 Because nothing says "top-notch verification" like a data leak party where everyone's invited! 🎉🔑
https://www.aol.com/articles/1-billion-identity-records-exposed-152505381.html #breach #theft #privacy #security #oopsie #HackerNews #ngated
1 billion identity records exposed in ID verification data leak

An IDMerit data breach allegedly exposed over 203 million U.S. records containing personal details for identity verification, researchers reported.

AOL
AI6YR BenMar 9

KXAN: ‘Unique scenario’: Waymo vehicle stops in between train tracks, stop arm

"...AUSTIN (KXAN) — A video circulating on social media shows a Waymo autonomous vehicle in Austin stopped in between train tracks and a railroad stop arm as a CapMetro train passes by...."

https://www.kxan.com/news/local/austin/unique-scenario-waymo-vehicle-stops-in-between-train-tracks-stop-arm/

#oopsie #robotaxi