Mastodawn

Heladepela Mar 11, 2023

Sheril Kirshenbaum Mar 11, 2023

Mileva Marić Einstein was a physicist born in Serbia in 1875.

We remember her husband, Albert Einstein, as one of the most celebrated physicists of the 20th century, but I suspect most folks haven’t heard of her.

However, Albert & Mileva’s letters & other accounts suggest they worked together on his groundbreaking scientific contributions. They collaborated from the time they met in 1896 until their separation in 1914.

This is her story: https://blogs.scientificamerican.com/guest-blog/the-forgotten-life-of-einsteins-first-wife/?fbclid=IwAR2O8bwlDiEBgJLYbjKo-Kdy_3jhi7tvyCl2edzpzpI_pIcPv7iVOc1zC-E #science #history #HistoryRemix

The Forgotten Life of Einstein's First Wife

She was a physicist, too—and there is evidence that she contributed significantly to his groundbreaking science

Scientific American Blog Network

Heladepela Mar 11, 2023

Kevin Beaumont Mar 10, 2023

PSA: If you use #Veeam Backup & Replication (very common), upgrade. Especially if you face server to internet.

Screenshot from Code White, the API lets you remotely request Windows admin credentials for some reason, no auth request.

In their advisory Veeam claimed these are encrypted... it's base64 (lololol)

#CVE202327532 https://www.veeam.com/kb4424

KB4424: CVE-2023-27532

Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Veeam Software

Heladepela Mar 8, 2023

James Gleick Mar 8, 2023

“Better to talk to people than communicate by tweet.”

The former tech giant known as Twitter has a new company motto.

Heladepela Mar 7, 2023

Jennifer Ouellette Mar 7, 2023

Those of you who are familiar with The Physics Girl YouTube series featuring Dianna Cowern, might not know that she's been battling a scary rare case of Long COVID that triggered a serious condition called ME/CFS. She's been rushed to the ER twice in the last week, and the condition is now life-threatening. She just got married in 2022 and her new husband has become her primary caregiver. Dianna's BFF and fellow YouTube science communicator, Simone Giertz (who builds silly, complicated robots), has issued a plea for contributions to Dianna's Patreon. If you have enjoyed Dianna's videos in the past, please consider contributing. https://www.youtube.com/watch?v=vydgkCCXbTA

An Update On Dianna's Health

If you'd like to support Dianna during her recovery, you can do so here → https://www.patreon.com/physicsgirlWe just wanted to give you an update on Dianna’s...

YouTube

Heladepela Mar 7, 2023

spaf Mar 7, 2023

Each day you get another chance to make a difference, ease some pain, share some laughter, say you love someone, and be loved in return.

To pass up those opportunities is heinous -- because, eventually, our days stop coming. What remains then are the differences we made, the people whose lives are a little better because of what we did, and those who loved us and were loved by us.

Don't bet on "someday." Carpe diem.

Heladepela Mar 7, 2023

Binni Shah Mar 7, 2023

A Vulnerability in Implementations of SHA-3,
SHAKE, EdDSA, and Other NIST-Approved
Algorithms : https://eprint.iacr.org/2023/331.pdf (pdf)

Heladepela Mar 7, 2023

Matthew Green Mar 7, 2023

Someone found a buffer overflow in NIST SHA3 implementations and used it to make hash collisions 🤣 https://eprint.iacr.org/2023/331 h/t my student Aditya

A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithms

This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective. First, we provide Python and PHP scripts that cause segmentation faults when vulnerable versions of the interpreters are used. Then, we show how this vulnerability can be used to construct second preimages and preimages for the implementation, and we provide a specially constructed file that, when hashed, allows the attacker to execute arbitrary code on the victim's device. The vulnerability applies to all hash value sizes, and all 64-bit Windows, Linux, and macOS operating systems, and may also impact cryptographic algorithms that require SHA-3 or its variants, such as the Edwards-curve Digital Signature Algorithm (EdDSA) when the Edwards448 curve is used. We introduce the Init-Update-Final Test (IUFT) to detect this vulnerability in implementations.

IACR Cryptology ePrint Archive

Heladepela Mar 2, 2023

Binni Shah Mar 2, 2023

Attacking and securing Docker containers : https://infosecwriteups.com/attacking-and-securing-docker-containers-cc8c80f05b5b

Attacking and securing Docker containers - InfoSec Write-ups

If you are reading this article I suppose you know how Docker works under the hood, however let’s quickly recap the major concepts: This is the part that is usually more used by users, the client is…

InfoSec Write-ups

Heladepela Feb 28, 2023

Mysk🇨🇦🇩🇪Feb 25, 2023

Just like its #iOS version, this #Android authenticator app sends scanned QR codes to a remote server. It has been downloaded 500K+ times. It's among the top 5 hits when you search for #2FA apps on @GooglePlay.
Spread the word and warn your friends✌️

#Privacy #InfoSec #CyberSecurity

Heladepela Feb 25, 2023

Show thread

Prof. Emily M. Bender(she/her)Feb 25, 2023

That is, the very people in charge of building #ChatGPT want to believe SO BADLY that they are gods, creating thinking entities, that they have lost all perspective about what a text synthesis machine actually is.

I wish I could just laugh at this, but it's problematic because these people living in a fantasy world are also influencing policy decisions while also stirring up the current #AIhype frenzy, which also makes it more difficult to design and pass effective policy.