Mastodawn

ooqaarx May 29, 2024

Kim Zetter May 28, 2024

My latest for Wired. How researchers hacked time to crack an 11-year-old password protecting $3 million in cryptocurrency. They found a significant flaw in RoboForm's password manager that made its pseudo-random-number generator not so random. The flaw allowed famed hardware hacker Joe Grand to turn back time and cause the RoboForm password manager to believe it was 2013 and spit out the same passwords it generated back then. RoboForm says it fixed the flaw in 2015, but it appears it never told customers about it. This means that if any of RoboForm's current 6 million users are using passwords generated by the password manager prior to 2015, before the company silently fixed the flaw, they may have passwords that can be cracked in the same way .

https://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/

ooqaarx May 15, 2024

Alex May 14, 2024

Hey folks!

I'm the creator of Python @pillow & today is my birthday. Can I ask you for a favor?

I'm looking for a new role & I'd appreciate a boost. Check out my resume here:

- https://aclark.net/resume/

I'm passionate about Python, open source & making a living with open source. What's the next move?

Thank you @willmcgugan for the nudge ❤️

Résumé

ooqaarx Apr 20, 2024

George Takei

🏳️‍🌈🖖🏽Apr 20, 2024

An ally from a young age 👏🏼 https://www.comicsands.com/john-cena-defending-gay-brother-2667766015.html?utm_source=mastodon&utm_medium=infeed&utm_campaign=linkprogram

John Cena Opens Up About Gay Older Brother's Struggles

An ally from a young age 👏🏼

Comic Sands

ooqaarx Apr 9, 2024

Timo Kissel Apr 9, 2024

The problem with #video #content in general is that you're at the mercy of the glacial speed of information flow of human speech, made worse by a fixed timeline.

There's no way I'm going to sit through a video, waiting for the presenter to get to the point, when I can thumb through a presentation deck or a written document in seconds to see if it's relevant to me, and if so, spend a few more seconds pulling out the bits that I need.

So, yeah, #productivity ...
https://www.theverge.com/2024/4/9/24124168/google-vids-video-ai-workspace-app

Google Vids is the latest AI-powered app in Workspace

The new Vids app joins Slides, Sheets, and Docs as Google’s apps for work, as Google tries to embrace an increasingly video-first way of communicating at work.

The Verge

ooqaarx Apr 9, 2024

cynicalsecurity

Apr 9, 2024

Who on Earth thought it was a good idea to call a professional application "Microsoft Teams (work or school)".

Seriously.

ooqaarx Apr 2, 2024

Kyle Rankin Apr 2, 2024

I never realized Amazon's automated checkout technology was just an outsourced, creepy, Mechanical Turk:

"Though it seemed completely automated, Just Walk Out relied on more than 1,000 people in India watching and labeling videos to ensure accurate checkouts. The cashiers were simply moved off-site, and they watched you as you shopped."

https://gizmodo.com/amazon-reportedly-ditches-just-walk-out-grocery-stores-1851381116

#privacy #automation

Amazon Ditches 'Just Walk Out' Checkouts at Its Grocery Stores

Amazon Fresh is moving away from a feature of its grocery stores where customers could skip checkout altogether.

Gizmodo

ooqaarx Mar 30, 2024

Show thread

Not Simon Mar 30, 2024

CISA is aware of a supply chain compromise affecting XZ Utils Data Compression Library, which is being tracked as CVE-2024-3094 (10.0 critical CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H; CWE-506: Embedded Malicious Code). CISA describes XZ Utils as data compression software. 🔗 https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

Red Hat in their security alert states verbatim: https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

...the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access. Specifically, this code is present in versions 5.6.0 and 5.6.1 of the libraries.
PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES for work or personal activity.

Bugzilla 2272210 provides even more information: https://bugzilla.redhat.com/show_bug.cgi?id=2272210

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

#CVE_2024_3094 #backdoor #fedora #xz

ooqaarx Mar 20, 2024

Micah Lee Mar 20, 2024

Some personal news: The Intercept laid me off 🫠, so I'm now in the job market! My current title is Director of Information Security https://micahflee.com/2024/03/the-intercept-laid-me-off/

The Intercept laid me off

Last month, The Intercept laid me off along with fifteen other employees — one-third of the newsroom. I'm officially on the job market. My current title is Director of Information Security. I've been working in media for the last decade, but I'm also open to engineering or security roles in other sectors — as long as I'm working on interesting problems and doing good things for the world. Please tell me about open positions that would be a good fit, or if you want to hire me! You can email me at [email protected].

Micah Lee

ooqaarx Feb 24, 2024