Mastodawn

LineageOS: what breaks? Banking. I have a fairly robust risk appetite, but rooting a device to install a closed-source fork of Magisk that hides itself well enough that I can spoof Play Integrity so my bank's app will run is a few steps too far in the wrong direction. So choose what you prefer: access to your money, or some amount of control over your digital leash.

I see no way forward after September that doesn't involve having two phones: one that mostly lives at home for the applications that absolutely won't run without maximum verification, and one for daily use. At that point, I might as well get a used iOS device for the banking stuff.

This fucking sucks.

talldavek Mar 19

Chad

Mar 19

It's not often you see a CVE perfect 10.

Anyone with a #Ubiquiti #Unifi network needs to update their Network controller immediately.

#SysAdmin #HomeLab #MastoAdmin #security #cyberSecurity

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

talldavek Mar 11

Aral Balkan Mar 11

When you post things on Instagram, Facebook, and X, this is what they look like to people who don’t use those platforms.

talldavek Mar 3

VessOnSecurity Mar 3

Slots machine vs vibe colding.

talldavek Mar 3

It's FOSS Mar 3

Very true 🤣

#winslop #windows #copilot

talldavek Mar 2

Oh wow. Dempsey and Makepeace on ITV4. That's my lunchtime sorted.

talldavek Feb 26

Cassandrich Feb 26

PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

The CEO of Persona responded to this post, saying they wanted to clarify about the identity verification process. They said:

"The only subprocessors (8) used are: AWS, Confluent, DBT, ElasticSearch, GCP, MongoDB, Sigma Computing, and Snowflake

All biometric personal data is deleted immediately after processing.

All other personal data processed is automatically deleted within 30 days. Data is retained during this period to help users troubleshoot.

No personal data processed is used for AI/model training. Data is explicitly used to confirm your identity.

The subprocessors used do NOT include Anthropic, Groqcloud, or OpenAI. The referenced subprocessor list is the superset of subprocessors used across all customers which is unfortunately misleading - we are updating our documentation to make this clearer going forward (thank you for helping us realize this). Our customers select which products are used which determines which subprocessors are used."

talldavek Feb 18

BleepingComputer Feb 18

Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/

Microsoft says bug causes Copilot to summarize confidential emails

BleepingComputer