Nick @internic@qoto.org

Ars Technica's has a recent article about Ryan Castellucci spending less than hundred bucks breaking a 512-bit key and using it to gain access to an admin account.

https://arstechnica.com/security/2024/08/home-energy-system-gives-researcher-control-of-virtual-power-plant/

And "deployed critical infra with 512 bit crypto in 2024" seem bad, true! But look at this:

"GivEnergy introduced a fix within 24 hours of Castellucci privately disclosing the weakness."

They even have a disclosure notification!

https://givenergy.co.uk/real-world-example-givenergy-security-and-cyberthreat-response/

Within 24 hours!

New, by me: A student in Singapore published details of a bug showing lax security in a widely popular school MDM software called Mobile Guardian, weeks before a cyberattack mass-wiped thousands of student devices.

Singapore's education ministry told me that the bug was fixed prior to Mobile Guardian's cyberattack. But the student said that the bug was so easy to find and trivial to exploit that he fears there are more vulnerabilities of similar exploitability.

More: https://techcrunch.com/2024/08/09/student-raised-security-concerns-in-mobile-guardian-mdm-weeks-before-cyberattack/

Welp, the cat's out of the bag...

https://css-tricks.com/css-chronicles-xlii/

I bet this guy has quite the LinkedIn profile: Feds arrest a 38 y/o Nashville man who allegedly provided a US network presence for a bunch of fake North Korean IT workers trying to raise money for the DPRK's nuclear weapons program:

"According to court documents, Knoot ran a “laptop farm” at his Nashville residences between approximately July 2022 and August 2023. The victim companies shipped laptops addressed to “Andrew M.” to Knoot’s residences. Following receipt of the laptops, and without authorization, Knoot logged on to the laptops, downloaded and installed unauthorized remote desktop applications, and accessed the victim companies’ networks, causing damage to the computers. The remote desktop applications enabled the North Korean IT workers to work from locations in China, while appearing to the victim companies that “Andrew M.” was working from Knoot’s residences in Nashville. For his participation in the scheme, Knoot was paid a monthly fee for his services by a foreign-based facilitator who went by the name Yang Di. A court-authorized search of Knoot’s laptop farm was executed in early August 2023."

"The overseas IT workers associated with Knoot’s cell were each paid over $250,000 for their work between approximately July 2022 and August 2023, much of which was falsely reported to the Internal Revenue Service and the Social Security Administration in the name of the actual U.S. person, Andrew M., whose identity was stolen. Knoot and his conspirators’ actions also caused the victim companies more than $500,000 in costs associated with auditing and remediating their devices, systems, and networks. Knoot, Di, and others conspired to commit money laundering by conducting financial transactions to receive payments from the victim companies, transfer those funds to Knoot and to accounts outside of the United States, in an attempt both to promote their unlawful activity and to hide that transferred funds were the proceeds of it. The non-U.S. accounts include accounts associated with North Korean and Chinese actors."

https://www.justice.gov/opa/pr/justice-department-disrupts-north-korean-remote-it-worker-fraud-schemes-through-charges-and

@pluralistic

I'm old enough to remember bitcoin's early days when there was hope it would be a non-fiat currency.

Then, I gradually saw how people wanted it less as an alternative fungible form of money, and more as a vehicle for a pyramid scheme.

I also didn't know just how much recklessness financial investors liked to get up to, that the SEC would infrequently put a stop to.

Nor did I have any idea of just how much electricity it would use up in pursuit of the scam.

Catching up on university emails and of course our shitty right-wing university BOG basically prohibited anything related to DEI.

I was part of the White House traveling press pool the day of this event in California. Willie Brown was not in the helicopter which did not crash nor did it nearly crash. https://www.nytimes.com/2024/08/08/us/politics/trump-helicopter-willie-brown.html?smid=nytcore-ios-share&referringSource=articleShare&sgrp=c-cb

#FactCheck

#Trump: “We should have paper ballots, we should have voter ID & we should have proof of citizenship.”

Trump is (again) implying that #undocumented #immigrants are #voting.

FALSE

Every single federal election voter, in every state, in every district is required to be a citizen of the United States.

It is the law.

The Illegal Immigration Reform & Immigrant Responsibility Act of 1996, explicitly prohibits noncitizens from voting in federal elections. It

#TrumpLies

The United States has dropped to fifty-fifth place on the Reporters Without Borders World Press Freedom Index, the country's lowest-ever rank.

https://progressive.org/magazine/the-way-democracy-crumbles-whitney-20240807/

I just renewed my passport online through the relatively new system for doing so. It took under 10 minutes, and I was able to do it from the comfort of my couch. Really great work by everybody involved! https://travel.state.gov/content/travel/en/passports/have-passport/renew-online.html

It's always amazing when I go back to reference something out of my textbook and go "this is really clever -- who wrote this?"

Hey folks,

My wife asked a favor of me since I happen to have quite a few acquaintances through broadly gestures

She's a first grade teacher, in a title 1 school district. I don't know if you have a spouse or loved one who works in public, primary school, but if you do, you're aware that the school district doesn't supply nearly enough to keep a school room running.

Much of the time that which the district supplies, and that which you need to handle the needs of a class of (this year, 29 first graders) is a significant gap.

We're no stranger to opening our own wallets to buy supplies, snacks for the kids, ink for printing, and so on and so forth.

So... that brings me to this, my wife's Amazon wish list.

https://www.amazon.com/hz/wishlist/ls/15VJ5NDYNE4WG?ref_=wl_share&tag=amzfinder-20

If you're feeling generous and want to help her out, we would both appreciate it, and I'm 100% sure the students of her classroom will appreciate it as well.

If you can't spare anything, or have teachers in your life you already have to worry about raiding the dollar store, the aldi's aisle of shit, or the dollar bins at target, or you just can't, don't worry about it, thank you for taking the time to read this.

“Google conducted a quality degradation study, which showed that it would not lose search revenue if [it] were to significantly reduce the quality of its search product"... a company that can make its product worse “without concern of losing consumers, is proof of monopoly power” https://www.scientificamerican.com/article/what-the-google-search-monopoly-ruling-means/

Mendenhall River neighbors recount narrow escapes after record-breaking glacial outburst flood hits Juneau

https://www.ktoo.org/2024/08/06/juneau-residents-recount-narrow-escapes-after-record-breaking-glacial-outburst-flood-hits-mendenhall-valley/

I did a bunch of interviews today and something really stuck with me - being told that a lot of politicians are trying to decide if climate change or infrastructure cybersecurity is more pressing.

Climate change deeply impacts geopolitics and military policy. Therefore it is a cybersecurity issue. The DoD has always understood this. You can’t look at the “APTs” and terrorist orgs we deal with and not consider how climate impacts will continue to motivate them.

Mozilla’s system only measures the success rate of ads—it doesn’t help companies target those ads—and it’s less susceptible to abuse, EFF’s Lena Cohen told @FastCompany. “It’s much more privacy-preserving than Google’s version of the same feature.” https://www.fastcompany.com/91167564/mozilla-wants-you-to-love-firefox-again

Twitter/X is attempting to sue companies refusing to advertise on Twitter/X. Does that mean I can sue RedHat/IBM or Suse or Canonical for never sponsoring my blog that often covers #Linux and #opensource apps? ¯\_(ツ)_/¯

What is this 🐂💩, #arxiv? #astrodon

Remarkable news that Muhammad #Yunus will be interim prime minister in #bangladesh

He was awarded the Nobel Peace Prize in 2006 for pioneering the use of microcredit to help impoverished people, particularly women and is a highly respected person in the environment, development, and equity world.

https://www.aljazeera.com/news/2024/8/6/nobel-laureate-yunus-to-lead-bangladesh-interim-govt-presidents-office

NPR: Cindy Nava could become one of the first former DACA recipients to win during a general election in the U.S. She already won the primary race earlier this year for a state senate seat in New Mexico.#news #NPR https://www.npr.org/2024/08/06/nx-s1-5014133/a-former-daca-recipient-cindy-nava-is-running-for-public-office-in-new-mexico