deliverator

@[email protected]
36 Followers
126 Following
1.7K Posts
deliverator2d ago
FrederikMar 19

Today I learned about flare.io, a company that provides other companies with detailed intel about data leaks affecting them.

Here's the catch: Unlike @haveibeenpwned or even intelx, they store everything that they can get their hands on. During a live demo, they proudly pulled up all email/password pairs that they have for a company that is not one of their customers, showed off how it saves not just the combo but everything the infostealer got, including all browser cookies and a screenshot of the personal machine of an affected employee.

So many things wrong with this..

  • We just told them which company to look up, no verification at all.
  • Bringing a demo laptop logged in to a "full admin" account that can see all data that they have access to, to a conference stand
  • Storing a screenshot of a personal machine from an employee is absolutely not okay.
  • and so much more...

When asked about legalities, they claim "it's based on needing to know this information for the companies" and falsely claimed "haveibeenpwned does the same thing, they also sell access to the combos" 🫨

Anyway, i sent a GDPR request for my data (and subsequent deletion), let's see what happens.

#infosec #insomnihack #privacy

ETA: to be clear, this wasn't a one off demo, they do this demo for everyone that walks up to their stand, and we have strong reasons to believe that the cleartext passwords that they show anyone that asks are real passwords and not demo data.

deliverator5d ago
nixCraft 🐧6d ago
curl > dev/sda: How I made a Linux distro that runs `wget | dd` https://astrid.tech/2026/03/24/0/curl-to-dev-sda/
curl > /dev/sda

How I made a Linux distro that runs `wget | dd`

astrid dot tech
deliveratorMar 23
MostlyHarmlessMar 22
deliveratorMar 20
Chris Alemany🇺🇦🇨🇦🇪🇸Mar 20

This is an excellent a-political explainer about why the actual act of Alberta, or any province, "separating" from Canada is a very difficult, maybe impossible, prospect.

It's worth the time (14 minutes) Including if you're not Canadian and want a relatively quick summary of some of the very Canadian history and processes.
#Canada #Separatism #Alberta #USA #CanPoli #CdnPoli #TheAmericanFascist #USA #CBC

https://www.cbc.ca/player/play/video/9.7136155

Why Alberta’s separation from Canada is almost impossible | About That

Alberta's separatist sentiment has resurged in recent months amid the Trump administration's comments about the province's future, coupled with economic and political tensions with the Canadian government. Andrew Chang explains what it would actually take to grant sovereignty to a Canadian province, and why it's so difficult to achieve. Images provided by The Canadian Press, Reuters, Adobe Stock and Getty Images

CBC
deliveratorMar 19
Dave Wilburn Mar 19

There's apparently a CVSS 10 path traversal vulnerability in UniFi gear because good old ../ devours everything.

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

#infosec

deliveratorMar 18
MostlyHarmlessMar 18
deliveratorMar 18
Show threadjwzMar 17

"It's like having a reference librarian!"

My Brother in Taxonomy, it is the farthest thing from that.

A reference librarian is a person with feelings, motivations and ethics, who has a goal of helping you find the answer to your question.

The chatbot is a clockwork mechanism that extrudes text optimized to make you *think* your question has been answered.

It is also a machine built by fascists with the goal of creating a dependent, de-skilled, submissive populace and ending Democracy. HTH.

deliveratorMar 16
Marit StilesMar 16
I don't think China wants your text messages, Premier, but the people of Ontario certainly want to know what government business you're conducting on your personal phone and what it means for their tax dollars... https://t.co/LpSnzHqEFm https://twitter.com/MaritStiles/status/2033602957602590919
Laura Stone (@l_stone) on X

Asked about the FOI changes, Ford defends the need to keep his cell phone records private. Then he adds: “We’ve got to protect ourselves against the Communist Chinese that are infiltrating our country, Canada, the US, everything.”

X (formerly Twitter)
deliveratorMar 16
Show threadnils_bergerMar 16
@d_stepanovic it is even scarier, since no assumption is being made, no thinking is done:
It rather is "... the next plausible-sounding token predictors data-distribution salted with some randomness which gets shipped..."
Show threaddeliveratorMar 15
@motoridersd and Father Ted!