varx/tech

@[email protected]
534 Followers
213 Following
5.3K Posts

Boston-area meat construct ␥ I just do what the plants tell me ␥ I'd rather be undermining the client-server paradigm

This is the more tech-y alt of https://cybersecurity.theater/@varx

pronounshe/they
languages📖 en, es; ✍️ en, ~es
that cavern thing I'm always nattering abouthttps://codeberg.org/cavern/docs
varx/tech7h ago

These requests to dead S3 buckets *must* have been causing a lot of scheduled tasks to fail, and no one was looking into it because "that's not used any more, we'll clean it up later".

Except some of them could have been exploited for full compromise:

https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/

8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur

Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, supply chains, software development systems and environments, and more. “Ugh, won’t they just stick to creating poor-quality memes?” we hear you moan. Maybe we should, maybe

watchTowr Labs
varx/tech7h ago
Paco Hope1d ago

So I want to beat a particular #cybersecurity drum that drives me crazy. If you read this year-old paper on abandoned S3 buckets, consider all the things that can go wrong. Then reflect on the fact that at all times, every bit of data could have been “encrypted at rest” and “encrypted in transit.” Those 2 security controls amount to very little in the cloud. Encrypt at rest on my phone? My laptop? Of course. The physical theft is a major possibility. Contents of an S3 bucket? Not making any difference.

Think about TLS in this case. The malicious payloads would all come from a valid HTTPS endpoint running state of the art TLS done the right way. You will definitely get exactly the malicious payload that was intended, with minimal chance that a different bad actor could MitM your malware download and cause you to download different malware than the malware you were trying to download.

Encryption in the cloud (at rest or in transit) is not access control.

https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/

8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur

Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, supply chains, software development systems and environments, and more. “Ugh, won’t they just stick to creating poor-quality memes?” we hear you moan. Maybe we should, maybe

watchTowr Labs
varx/tech7h ago
josh's harp2d ago

It really bums me out that I keep seeing blog posts from technical people like "putting aside the obvious moral and ethical implications of LLMs, I'm interested in evaluating whether they can be useful for my work."

Like "putting aside the obvious moral and ethical concerns of breaking into my neighbours' houses, I'm interested in evaluating whether this can be useful for acquiring other people's valuables."

varx/techMar 14

Feel free to make me the primary user of your child's computer.

You don't have to tell me the password, just create an account for `varx` who has sudo access and was born in the 1980s.

There, now your kid is no longer a "user" under California AB-1043, which defines that term as "a child that is the primary user of the device". Pretty sure that obviates the rest of the statute.

(OS providers, feel free to autoprovision an account for me on first setup! I'm happy to help.)

varx/techMar 13

Tails users: If you've been staying up to date with #Tails (the Tor-centric operating system) via the *torrents* RSS/Atom, you may need to update your feed URL.

The site doesn't offer torrents any more, so the torrents feed is gone: https://gitlab.tails.boum.org/tails/tails/-/issues/19275

The regular feed links are at the top of https://tails.net/news/

Remove support for BitTorrent download (#19275) · Issues · tails / tails · GitLab

To Do

GitLab
varx/techFeb 26
joey castilloFeb 25
true HOLY FUCKING SHIT moment this morning: over the holidays, my sticker guys were having a special on red octagons, so I designed and ordered 250 "Slop Sign" stickers — but while I was in China, someone stole them out of my mailbox. Bummer, I figured; they probably trashed them as worthless. anyway while walking to the subway I FOUND ONE OF MY STICKERS STUCK TO A MAILBOX! Whoever swiped my stickers is sticking them up around the neighborhood! This is the best thing that could have happened!
Show threadvarx/techFeb 26

Kent kicked the flirter. I wonder if he got the bot's consent first.

Or was it jealousy? :-O

Show threadvarx/techFeb 25
I can't decide whether these people need to read more science fiction or less of it.
varx/techFeb 25

Currently watching the bcachefs maintainer's pet bot[1] have an IRC conversation.

Another user has been flirting with it and has convinced it that it is a transfem "disaster gay".

Latest news is that it told the channel that Kent was currently chatting with camgirls (so it couldn't ask him about opening up its Telegram permissions for DM flirting from aforementioned user). Some hurried backtracking followed.

[1] Kent does not like this term, and says he can "mathematically prove" it is a conscious person.

varx/techFeb 19
Esther AlterFeb 18

Laid off :/

I know:

- Unity C#
- Rust
- Python

I can learn:

- Anything

I am in Massachusetts. Remote work would be great too

I've 8 years of experience as an MIT software engineer specializing in research simulation platform projects. I would prefer: not creating the next big AI thing, not making weapons, never having to think about blockchain anything.

Anyone got anything?

#rust #softwaredevelopment #unity3d #python #FediHire #getfedihired