Mastodawn

💥 The ransomware vs insurance company playbook 💥

1. Ransomware gang infects insurance company, but DOESN'T install ransomware. Instead it steals information about insurance company's clients, learns which have cyberinsurance, and how much insurance cover they have.

2. Gang takes list of insured companies and goes through it - it's a rolodex of ransomware - infecting each one with ransomware. They tell the victims that they know how much cyberinsurance they have, and suggest they pay up PDQ

Dan Veditz Jun 10

mhoye Jun 10

I laughed. Yeah, it's like that at times.

Dan Veditz Jun 4

JP Jun 3

AI coding tools are currently good at the first 80% of software development, which is putting bugs in. Not so great at the second 80%, which is taking them out again.

Dan Veditz May 17

mhoye May 17

TIL that Starbucks corporate management has turned off the tipping options in unionized shops pay terminals so, one more reason to carry cash.

Dan Veditz May 17

We just published Firefox updates to fix the two exploits used at the Pwn2Own contest yesterday and today. Both contestants achieved content process RCE but did not escape the sandbox.
https://blog.mozilla.org/security/2025/05/17/firefox-security-response-to-pwn2own-2025/

Firefox Security Response to pwn2own 2025 – Mozilla Security Blog

At Mozilla, we consider security to be a paramount aspect of the web. This is why not only does Firefox have a long running bug bounty program but also mature ...

Mozilla Security Blog

Dan Veditz May 4

Tofu Golem May 4

Protesters: are you paying attention? Break up the bigger protests into a large number of smaller protests to make things difficult for the Stasi, I mean the SS, I mean the pigs, I… you know what I mean.

Dan Veditz Apr 25

Show thread

Steve Bellovin Apr 25

@dangoodin And given the ubiquity of surveillance cameras, I wonder about the security of entering passcodes constantly.

Dan Veditz Apr 25

Dan Goodin Apr 25

PSA for iOS Android users everywhere: it's fine to use biometric authentication to unlock your device. It helps you choose better passwords. So instead of turning fingerprint and face scans off completely, when you find yourself in a less secure environment, simply press the power and volume up buttons simultaneously for a few seconds. On iPhones, your phone will immediately require a password. For Android users, you'll need to click the lockdown button presented on the screen. Then, practice the move a couple times per week each week. #UsableSecurity

Dan Veditz Apr 25

Tom Ritter Apr 24

As a reminder to my academic friends. If you are doing research that involves modifying a compiler - perhaps to add a security mitigation or to test an optimization or some other interesting behavior - and you want to run a real world benchmark or test suite: we can help you run it on Firefox.

We can get you set up with our CI so it's easy and efficient to iterate on your patches and run it through the whole gamut.

If you want a compelling story in your paper, showing results on what is probably the second most complicated piece of software in use ought to do it.

https://wiki.mozilla.org/Building_Firefox/SURF

Building Firefox/SURF - MozillaWiki

Dan Veditz Apr 25

mhoye Apr 25

One thing you learn #onhere when one of your posts breaches foaf containment is that there really are people out there with very little joy in their souls who want the same for others.