⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️ @falken@qoto.org

COPYPARTY MEMORIES 💾
Track #6 👉 https://fanlink.tv/homearcade

May 5, 2025: Microsoft has skyped out

Microsoft laid Skype to rest on May 5, 2025. This marks the end of a piece of network culture – The Group offers an alternative with Teams.

https://www.heise.de/en/news/May-5-2025-Microsoft-has-skyped-out-10372003.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IT #Messaging #Microsoft #Mobiles #Skype #MicrosoftTeams #VoIP #news

This thing works by generating fake vulnerability reports. Here are some of the qualities of the HackerOne report 3125832 sent to #curl:
- It looks convincing at a glance, especially if you're not a subject matter expert.
- It's vague about actual repro steps. It makes it impossible for the victim project to reproduce the issue. For example, it makes up fake patches against non-existent, imaginary code.
- It refers to functions and methods that do not exist (in case someone tries to look for them). When confronted, the attacker refer to some old or new versions of components, using non-existent commit hashes.
- The report makes up some convincing functionality or names that are novel, but don't really exist.

An expert’s look at the report shows the number of discrepancies, but finding them takes time and effort. It requires attention from a subject matter expert, with limited resources.

The real exploit here is that the attacker (evilginx) exploits the fact that the victims (the orgs who paid the attacker money) don't have the capacity to perform thorough analysis and rather just pay up. TL;DR: It's cheaper to pay the bug bounty than hire an expert to perform true analysis.

Why didn't it work against the #curl project? The attacker miscalculated badly. Curl project is not a company and has far greater capability in security response than your average org. Also they can smell #aislop miles away.

We need to go further and regulate to ban touchscreens in cars (except for non-driver entertainment consoles). Screens for status and navigation displays can stay for now (but more research on distraction potential is needed). But you should be able to control your vehicle by tactile feedback, without taking your eyes off the road.
https://mastodon.social/@br00t4c/114454550823262407

I’ve been using Recall for a few weeks now on my daily driver.

It scooped up my credit card statements after I logged into online banking - both screenshots (text indexed) of the PDFs, transaction history from the website, and my name, date of birth and security question reminders.

Sensitive filtering mode only kicked in when I viewed my cards CVV number.

Worth excluding bank websites from Recall’s options, if you see it enabled.

@alex yeah they really made us think “oh it’s another harmlessly conspiracy theorist who ends up killed or sees his life ruined by aliens” before it’s revealed that no, he’s the other kind of conspiracy theorist, the 2020s type.

LMAO they really just did their Tommy Robinson episode. Subtle as a brick, but still highly entertaining

Drops a point for forgetting about the Doctor for nearly an entire episode (again - but hopefully the only time this season)

#DoctorWho #Spoilers