I noticed that #Zed automatically downloads a NodeJS binary from nodejs.org without asking or even informing the user about it. Right after starting it and opening a file, without doing anything else. Then it installs some packages from npmjs via npm. And there’s no option to disable it.
THIS IS ABSOLUTELY UNACCEPTABLE! I can’t stress enough how bad this is from #security point of view. And not just that, consider users on metered connections
Na koncie PAP pojawiła się fałszywa depesza o powołaniu 200 tysięcy polskich żołnierzy do walk na Ukrainie. Już ją zdementowano, uspokojono, że to nieprawda i podano, że to prawdopodobnie efekt rosyjskiego cyberataku.
Just spent a week grinding through THM, got some certs out of it... are these any good? I don't know, but I have learned a bunch of interesting things.
Haven't had a job since December, and I'm nearing on 7 months here. I'll take anything that's remote.
I learn fast, I'm diligent, and I don't take shortcuts.
I grok computers good.
Po zobaczeniu cudownej bramki w meczu Wisła Puławy - drugi zespół Lecha Poznań chciałem sprawdzić coś na stronie internetowej Wisły Puławy. Niestety, nie działa, co się zdarza (a w weekend nie oczekuję, że ktoś to naprawi), ale... Jezu, nie róbcie tak. Zabezpieczajcie ekrany o błędach na serwerze produkcyjnym.
Szybka historyjka, co działo się w ciągu ostatnich kilkunastu godzin (czy raczej kilkunastu miesięcy?) w świecie open-source.
Istnieje sobie otwartoźródłowy projekt o nazwie “xz” autorstwa Lasse Collin[1].
Od około dwóch lat jednym ze współtwórców tego projektu jest użytkownik o pseudonimie “JiaT75”[2].
Cześć! Jestem najzwyklejszym użytkownikiem Mastodona. Na wszystkich swoich komputerach używam #Linux i pluję na #Windows. Umiem trochę Javy, którą ostatnio zaniedbuję na rzecz Rusta. Gram w #Minecraft, #Fortnite i #Warframe i #Cyberpunk 2077. Nie jestem neurotypowy, więc często zachowuję się dziwnie i nie łapię sarkazmów czy przenośni. Używam głównie oprogramowania #FOSS i selfhostuję swoje usługi, bo jestem paranoikiem prywatności. Siedzę trochę w #cybersec. To chyba tyle o mnie :blobcathearthug:
Hey #cyberSec nerds, would anyone have some time to offer #advice about getting into the field? I've been seriously thinking about that direction but I have 0 clue how that side specifically runs.
Bonus points if your experience is from #Canada.
Jack Posobiec (White supremacist that believes in conspiracies such as the white genocide conspiracy)
Jim Jordan (One of the main players to planning Jan 6th)
Matt Gaetz (A pedophile and operated a sex ring, but never was charged (fuck you justice department))
Steve Bannon (The fraudster that scammed trump supporters for a fake company to build Trump's wall)
-Vivek Ramaswamy (New face, but is young and likable. Dropped out of presidential nominee bid, but probably got a promise of a cushy job position in Trump's administration, from looks of things)
JD Vance (Didn't originally like Trump, but changed his opinion in 2018 and started spewing out many points from The Heritage, The Family Leader, etc)
Tommy Tuberville (One of the senators that helped to overturn the presidential election in 2020 and closely allied with Trump)
Kristi Noem (Governor of South Dakota, that is a terrible governor and well... I don't want to go into too much right now)
All seem to possibly be conspiring to overthrow the government. Articles are here:
This is all going off of this screenshot, which is a direct threat and should be taken seriously. I quickly put together this and uploaded what I could grab.
someone on a Japanese hacker forum decided it was a good idea to spam the entire Fediverse because they wanted to cancel a minor that DDoSed a Discord bot which apparently made them lost millions (what?)
A Discord bot. I can't make this shit up man.
The real culprit seems to be someone who goes by mumei in the ctkpaarr.org forums, whose first post was literally a threat to ap12, that if they don't delete their "Kuroneko Server" Discord bot, they will spam every blog, forum and SNS and cancel him.
This shit is ridiculous.
The ap12 account from mastodon-japan was actually fake, and this dude impersonated a minor to get all of the Fediverse (us) to bully him.
I'm doing some funny OSINT stuff and... I have found some funny stuff.
I looked him up on Google, Found a Discord report about him with his real email attached.
Looked up his email, and found a post on the ctkpaarr forums (the one he's advertising the discord) of him being currently flamed for this current ongoing incident.
The best part? He bought the script using a PayPal account. With his real name and identity.
He is a real skid. He just bought an off-the-shelf script and decided to piss off a lot of people, even the dude he bought it from with his antics. Bro snitched on himself and his entire community LMEOW
For the sake of my own job, my rep and legal security I'm not gonna tell where exactly I found this, but you guys can find it yourself. Figure it out.
This guy is making me dying out of laughter 💀 Our team @hq is hysterical right now at this horrible opsec.
There's currently an incident involving some kind of Japanese skids who call themselves the "Kuroneko" organization.
They seem to be attempting to commit DDoS attacks on Misskey servers, constantly creating new accounts on compromised instances and spamming advertisements for their hacking services.
Admins who are federating with these compromised servers, while they might not get compromised themselves, may be affected by the sheer amount of traffic volume from their spam.
Admins are advised to #fediblock or temporarily stop sending requests to affected servers for now, if they don't want to get secondhand DoS'd
IMO I never expected them to be Japanese out of all things, kinda funny. They also host VOICEROID and VOICEVOX TTS bots on their Discord apparently. Kinda a weird flex I guess.
Funkcja przypomnienia hasła jest bardzo specyficzna - z jednej strony niepozorna, z drugiej wymagająca dobrych zabezpieczeń, a więc szalenie ważna. Dlatego jest to też fragment systemu, na których uwagę zwracają audytorzy cyberbezpieczeństwa. A warto powiedzieć, że nie trzeba dużo, aby poprawnie ochronić tę część procesu - wystarczy trzymać się reguł, które wymienia choćby Niebezpiecznik.
"Deliberately grounded on a tiny reef in the #SouthChinaSea, part of an island chain claimed by the two Asian countries, the #BRPSierraMadre is now the unlikely base for a detachment of Filipino marines who stand guard over the atoll, scanning the turquoise waters for Chinese ships." #AyunginShoal#SecondThomasShoal#Philippines
Earlier, the PCG said that its X account had been “compromised.”
Posts on the PCG’s X page and its reply tabs were empty, although the “like” reactions were kept – however, most of the “likes” came from a particular account promoting cryptocurrency. #Philippines#WestPHSea#PHCoastGuard#CyberSec