yeroc @yeroc@qoto.org

@realhackhistory No links to any sources like always. I want to believe this, I truly do, but there is no reason why someone wouldn't just post something to paint Twitter in a bad picture. F12 is a thing and isn't hard to use.

It seems to be real after looking it up (the post is gone but the account is suspended), but please people, post sources! And the 77 others who boosted this, I hope you all validated this? You did, right? Right??

"Thesaurus" is okay, but "synonymicon" is cooler.

And if some smartass ever says, "what's another word for 'thesaurus' now you have an answer

Long-time Microsoft employees explain changes in Windows:
https://news.ycombinator.com/item?id=30019307

Designers were handed full control over UX. Engineers who fought for usability over a slick-looking interface burned out and left after repeatedly being overruled.

The New York Times are using the Ruffle WASM Flash emulator to get all of their archived Flash data visualizations to work again, this is so great to see https://flowingdata.com/2024/01/10/nyt-flash-based-visualizations-work-again/

This is an article that took a lot of strength to write and I might take it down again. But I felt like it is an article that is very necessary right now. https://bastianallgeier.com/notes/grandpa

Microsoft says a Russian state-sponsored hacking group known as Midnight Blizzard/Nobelium used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of

"Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself."

https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

Password spraying is low-tech and pervasive. The good news is, you can password spray your own users just like the bad guys can, and then tighten things up.

So how do you make water at the South Pole?

It might seem simple since there are seven million cubic miles of frozen freshwater all around us, but the reality is a bit more interesting.

German law is making security research a risky business.

Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a software that produced way too many log messages. And he discovered that this software was making a MySQL connection to the vendor’s database server.

When he checked that MySQL connection, he realized that the database contained data belonging to not merely his client but all of the vendor’s customers. So he immediately informed the vendor – and while they fixed this vulnerability they also pressed charges.

There was apparently considerable discussion as to whether hardcoding database credentials in the application (visible as plain text, not even decompiling required) is sufficient protection to justify hacking charges. But the court ruling says: yes, there was a password, so there is a protection mechanism which was circumvented, and that’s hacking.

I very much hope that there will be a next instance ruling overturning this decision again. But it’s exactly as people feared: no matter how flawed the supposed “protection,” its mere existence turns security research into criminal hacking under the German law. This has a chilling effect on legitimate research, allowing companies to get away with inadequate security and in the end endangering users.

Source: https://www.heise.de/news/Warum-ein-Sicherheitsforscher-im-Fall-Modern-Solution-verurteilt-wurde-9601392.html

"Go to an old cemetery. See all the baby graves from before the 1950s & 60s? After that, hardly any. That's when people started vaccinating their children against deadly childhood diseases. If you're unsure what to do to protect your kids, the answer is literally written in stone." — Michael Okuda

Without vaccines, many transmissible diseases were once an early death sentence. People are so quick to forget how fortunate we are to have access to them.

Post Canada's #OnlineNewsAct and Meta's ban on Canadian news content, sharing journalism on social media has been tough to say the least.

And yet The Tyee has seen much growth here on #Mastodon.

We want to see how far we can go. If you enjoy coming across Tyee stories on your Mastodon feeds, share our profile with your friends, or repost this toot, to help us get to 6,000 followers. 🐘🌟🗞

Diesel enginemaker agrees to nearly $2 billion in fines with feds and California

More than 600,000 Ram trucks have Cummins engines with software defeat devices.

https://arstechnica.com/cars/2024/01/diesel-enginemaker-agrees-to-nearly-2-billion-in-fines-with-feds-and-california/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

New insider training question coming to your compliance quiz soon:

6 Jan 1789
Bitter cold day again with high wind, it froze in all parts of the House. Sent Ben around my Parish with some Money to the Poor People this severe Weather, chiefly those that cannot work at this time, some 1 Shilling apiece… In all Ben gave for me this Day 1.14.6.

🥇For the 1st time in recorded history, #Calgary's mean temperature was above 0.0°C during a December (December 2023). #YycWx #YYC #ABWx

The funny thing about LLMs is they’re not good for knowledge work because they sometimes make up stuff that doesn’t exist and they’re not good for creative work because they sometimes make up stuff that does exist.

When the weather is terrible, we need to drive slow but never the guy-in-front-of-me slow.

https://www.postfix.org/smtp-smuggling.html

"SMTP Smuggling" vulnerability in Postfix allows to spoof senders even in the presence of some DMARC checks. Configuration workarounds exist.

Also, a wholehearted f* you to SEC Consult, who sat on this since June and disclosed it to some closed-source vendors and MSPs, but could apparently not be bothered to give e.g. Postfix a heads-up, publishing this close to the holidays.

Boosts for awareness welcome.

Please don't make this a new trend. 😕

(issue closed by bot because the user filing the issue has not starred the repository...)

"New Kia vehicles that have arrived from overseas are sitting on a storage lot in Wolverton, Ont., purposely locked up even though customers have been waiting months and months — some well over a year — to get their vehicles.

The new cars are being withheld from Kia's Ontario dealerships — and reportedly from many more across the country — as part of a controversial plan by Kia Canada to game the number of sales in the last six weeks of the year."

https://www.cbc.ca/news/canada/kia-canada-car-sales-1.7063216

#canada #kia #cars

The Verge is such a great website, and the design on their features (especially this one) blows me away. https://www.theverge.com/c/23972308/twitter-x-death-tweets-history-elon-musk