Ryan BaumannI don't know who needs to hear this but #TruthSocial, which is running a forked version of Mastodon, does not from the source code appear to have appropriate mitigations in place for CVE-2023-36460, which theoretically allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution https://nvd.nist.gov/vuln/detail/CVE-2023-36460 (probably other CVE's as well, but some rely on federation which Truth Social doesn't use?) #infosec
@johnwhitley
- 27 Followers
- 125 Following
- 282 Posts
christineFor my hackathon project I did try to make CFA (Cat Factor Authentication, using your cat's microchip as a second factor) a thing 😆 The project did win a prize, but more for the experimentation then the actual result https://wpengine.com/blog/hackathon-december-2023/
Maria BustillosAre you mad about the decline of independent journalism (e.g. Pitchfork!)?!
Mass layoffs at newspapers and magazines?
The disappearance of good, fun and sane things to read??
So are we: 60 writers and artists who've formed a cooperative to bring you FLAMING HYDRA, debuting shortly, $3/month subscription, help us get this thing off the ground!
Welcome to Flaming Hydra
coming January 2024 a collective of 60 celebrated writers and artists joining to bring you an ingenious brief cooperatively-owned newsletter with short articles, essays, comics, commentary, and happenings Subscribe here: one year for $36 INCLUDING TREVOR ALIXOPULOS, The New Yorker, Lipstick Traces YEMISI ARIBISALA, Longthroat Memoirs EMILY BELL, Columbia University,
@halide FYI, I just confirmed that the Elgato CamLink 4K appears to work fine at first blush with Orion. (Switch -> Genki Covert Dock -> CamLink -> iPad / Orion) Any recommendations/asks for further testing to inform full compatibility?
Dan GoodinIf you use a Windows or Linux device, it's vulnerable to a new post-exploit attack that can remotely install an undetectable backdoor at the UEFI level. Updates from just about every vendor available today. Impressive work from @matrosov and the rest of Binarly.
Jen GentlemanHow QR codes are made:
Anders BorumThere is a 25% discount on the lifetime unlock of Source Files. This app treats GitHub, GitLab and BitBucket repositories as cloud storage downloading files on-demand and committing as you save.
Fast and lightweight in use but your commit history will get messy.
https://apps.apple.com/app/apple-store/id6450856155?pt=125181172&ct=mastodon&mt=8
‎Source Files - Git Storage
‎Source Files is a faster way to access GitHub, GitLab and BitBucket from the Finder and Files app without having to clone repositories or commit changes. Using REST APIs instead of the traditional Git protocol you will be editing files in even the largest repositories in seconds: • Drag a repositor…
Erin Kissane
Max GladstoneFriends—THREE PARTS DEAD is $1.99 on Kindle and other major ebooks platforms today! Tara Abernathy's necromancy career kicks off with a dead god and a murdered judge. A great chance to catch up on the Craft Sequence before WICKED PROBLEMS in March. http://www.amazon.com/Three-Parts-Dead-Craft-Sequence-ebook/dp/B0085UEQDO/ref=tmm_kin_swatch_0?_encoding=UTF8&qid=&sr=