Follower Tab has been with us for a couple of months, and as it's often the case, we can't imagine life without this feature 😍 Super handy for:

- Evaluating alternative options while shopping
- Keeping your research tidy without being dragged down the rabbit hole

If you haven't started using this yet, this video is for you!

You can watch it on YouTube: https://www.youtube.com/watch?v=RIxaXHdFX_s

...or Vimeo: https://vimeo.com/1191154236/f19658ab3e

#browser #features #organization

Excellent post on the correct SI unit for (HTTP or not) request rate: https://entropicthoughts.com/si-units-for-request-rate

The world needs more blog posts like this.

> The trick is in the subject line, not the email
>
> When most people think "phishing email," they picture sketchy senders, broken English, and links to weird domains. This scam is the opposite. The email passes every authenticity check — SPF, DKIM, DMARC, all green. It comes from PayPal's actual mail servers. The fonts are right. The footer is right. The unsubscribe link works. If you forwarded it to a security expert and asked "is this really from PayPal?" they'd have to say yes.
>
> So how is it a scam?
>
> Scammers have figured out that PayPal lets anyone send small amounts of money to anyone else, and that PayPal will dutifully email the recipient a notification. The scammer sends you a payout of, say, one Hungarian forint — about a quarter of a cent. PayPal's system then automatically generates and sends you a real, legitimate, fully-authenticated email confirming the transaction.
>
> Here's the catch: the email's subject line is whatever the scammer typed when they set up the payout. PayPal doesn't sanitize it. So they write something terrifying like "Pending charge of USD 987.90 — call this number with questions" and PayPal's servers cheerfully deliver that subject line straight to your inbox, wrapped in a perfectly legitimate-looking notification.
>
> The actual transaction in the email body is for 1 forint. There is no $987.90 charge. There never was. But by the time most people read carefully enough to notice that, they've already dialed the number.

https://www.tedcromwell.com/blog/that-pending-paypal-charge-email-is-a-scam-even-though-it-really-came-from-paypa

RIPE NCC made session tokens for the entire member portal available to over 1000 third parties, by design. Full access to the RPKI dashboard, the RIPE Database, and everything else. RIPE NCC had placed strangers under the same domain as their most critical systems.

The RIPE NCC SSO cookie is scoped to `*.ripe.net`, so browsers send it to any HTTPS server under that domain. Atlas anchor hosts and RIPE meeting attendees all had assigned hostnames under that domain, and nothing stopped them from requesting a valid TLS certificate for those hostnames. A single link click was enough to leak the token.

The impact went further than my publication from last week with XSS+CSRF: this allows full session access, including adding admin users and API keys that persist silently.

Full write-up: https://mxsasha.eu/posts/ripe-ncc-sso-cookie-exposure/

Resolved about 3 months after my report, by adding two DNS records. RIPE NCC has not published any acknowledgement of this vulnerability, nor credited me as the reporter on their own channels.

Chrome looks set to ship an LLM Prompt API to the web platform. At Mozilla, we oppose this API.

We feel it has a large interoperability risk, and Google imposing T&Cs on a web API sets a dangerous precedent.

Full details: https://github.com/mozilla/standards-positions/issues/1213#issuecomment-4347988313

Following California implementing a law raising its minimum wage to $20 for more than 500,000 fast-food workers in the state in 2024,
Christopher Thornberg, founding partner of research firm Beacon Economics, offered a warning about the state raising its minimum wage.

“California’s well-intended push to reduce income inequality via wage floors is beginning to have a significant negative impact on some of our most vulnerable workers
—our youth, particularly those from lower-income households,”
he wrote earlier this year.

His concerns echoed those of fast-food franchise owners, one of whom told Fortunein 2024 that higher wages would be unsustainable for smaller chains with slim margins.

But nearly two years after the law’s passage, economists are seeing very different results than what was initially feared.

A working paper from University of California at Berkeley released this month found the policy increased average weekly wages for eligible workers by 11% and did not reduce employment.

Prices increased modestly, about 1.5%, or the equivalent of about six cents for a $4 item.

“The results are nowhere as dire as predicted,”
Michael Reich, the study author and chair of the Center on Wage and Employment Dynamics at UC Berkeley, told Fortune

https://finance.yahoo.com/news/economists-warned-california-not-raise-110500084.html?guccounter=1