Today, February 19, in 1998, hacker Trinity fends off two units of police officers and faces off with sinister sentient computer programs known as Agents (The Matrix, 1999)

#Movies #Film #Cinemastodon #Letterboxd #TheMatrix

Just analyzed a spyware sample that bypasses Android 13 Restricted Settings so as to drop another malware with full access to Accessibility API.
+ use of malformed ZIP to break apktool and other tools.

https://cryptax.medium.com/android-spynote-bypasses-restricted-settings-breaks-many-re-tools-8791b3e6bf38

#SpyNote #SpyMax #Android #malware #accessibility #ZIP

So someone dumped a ton of internal Chinese gov’t docs, and I’m working on translations here. From what I can tell, the company An Xun International has been dropping spyware in its products? More to come.

https://github.com/mttaggart/I-S00N/blob/main/README-en.md

This week, Super Bowl 2024 shattered records, with the #NFL championship broadcast on CBS becoming the most-watched televised event in #US history.

Also riding high from the big game? #Elon #Musk's #X.

A whopping 75.85 percent of traffic from X to its advertising clients' websites during the weekend of the Super Bowl was fake.

https://mashable.com/article/x-twitter-elon-musk-bots-fake-traffic

#Ukraine #Russia

The (edit:) CURRENT beta version of #Signal is version 7.0.0.
There's a good reason for the round number. This will be the first version where usernames and phone number privacy are available outside of the staging environment.
From this version on, you'll be able to talk to people on Signal without revealing your phone number, and also, you may use Signal without revealing to people who have your number saved that you do.
This is huge.
https://github.com/signalapp/Signal-Android/compare/v6.47.4...v7.0.0

#Privacy #FOSS #OpenSource #PNP

This is fantastic and I think it's going to fuck up software engineering so much.

https://www.theverge.com/2024/2/15/24074214/justice-in-forensic-algorithms-act-democrats-mark-takano-dwight-evans

This was honestly super hard to write. The subject has been bugging me all day. I'm worried that people are going to hate my guts for saying it, but everything feels right to me.

https://wedistribute.org/2024/02/tear-down-walls-not-bridges/

I guess this stuff is plenty obscure, huh?

So, folks, there's a new browser engine dropped (a while ago, actually). It isn't based on WebKit and it isn't based on Firefox, it is written from scratch for a hobbyist operating system SerenityOS by some awesome/crazy people. The browser, called Ladybird, actually can be compiled for Windows, Linux, Mac, OpenIndiana and Android.

It can pass Acid3 and render Github page well (note that Firefox and Chrome circa 2018 cannot do that!), and it has decent JS and afaik wasm support.

Edit: the project seems to be not great in terms of ethics, so I removed the link.

Dear @mozilla
Please, please, please put the RSS indicator back in Firefox.

People need to know about this technology which empowers users over greedy, controlling corporations.

Update: As many have pointed out, you *can* use @thunderbird as an RSS feed reader, and there are many #firefox add-ons to restore the RSS indicator (one of which I'm already using). But my point is that Firefox needs to lean into RSS as an answer to all the crap that is the modern web, and help educate users about it

no centralised social network could ever produce "the taliban deleted my account". that's a mastodon special.

@bynkii @saraislet I haven’t seen any real data on this, but if we assume the avg corp worker receives ~100 biz-related emails per day during the work week, that’s approx 26k per year. Let’s assume 50% have links.

If they click on 1 malicious email link in a year, that’s a ~0.008% “fail” rate to them.

Even if they click on 100 malicious links, that’s only ~0.8%.

It’s entirely rational to click the damn links; spending even 1 min on scrutinizing each email adds up to 217 hours per year!

The 0day dumpster fire that is the security hardware industry rn continues unabated this week.

From Rapid7:

"Critical Fortinet FortiOS CVE-2024-21762 Exploited
Feb 12, 2024

On February 8, 2024 Fortinet disclosed multiple critical vulnerabilities affecting FortiOS, the operating system that runs on Fortigate SSL VPNs. The critical vulnerabilities include CVE-2024-21762, an out-of-bounds write vulnerability in SSLVPNd that could allow remote unauthenticated attackers to execute arbitrary code or commands on Fortinet SSL VPNs via specially crafted HTTP requests.

According to Fortinet’s advisory for CVE-2024-21762, the vulnerability is “potentially being exploited in the wild.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21762 to their Known Exploited Vulnerabilities (KEV) list as of February 9, 2024, confirming that exploitation has occurred."

https://www.rapid7.com/blog/post/2024/02/12/etr-critical-fortinet-fortios-cve-2024-21762-exploited/

https://www.cisa.gov/news-events/alerts/2024/02/09/cisa-adds-one-known-exploited-vulnerability-catalog

Broadcom Ends Support For Free ESXi Vmware Hypervisor https://tech.slashdot.org/story/24/02/12/1816248/broadcom-ends-support-for-free-esxi-vmware-hypervisor?utm_source=rss1.0mainlinkanon

Meanwhile in Canada

Updated #radare2 #cheatsheet

Okay, so I did a quick dive into sudo in Windows and here are my initial findings. https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html

The main take away is, writing Rust won't save you from logical bugs :)

Again, as a computer scientist, I believe computers should be in fewer things

I gave #linkedin an honest try, for a year or more, in terms of finding #work. It's a cesspool of #toxicpositivity and fake job postings.

Now I'm asking, with all urgency -- to anyone who has anything #tech to offer, please consider a guy who has:

- 30 yrs of exp
- out of work 20 mo
- 3 kids, one approaching her 1st birthday
- a track record for secure systems
- a month before eviction
- low salary reqs

CV: https://jrlenz.com/files/cv-2023-12.pdf

US citizen | PH resident

#GetFediHired #Remote

Shout out to the Security Research Legal Defense Fund for helping us go public about our train research! We're honored to have been their first grantees.

Without their financial assistance we would've had to crowdfund our legal bills, or even worse, stay quiet about the locks we've found in Impuls trains.

If you're facing legal threats (or even anticipate the possibility of such threats) as the result of security research we definitely recommend reaching out to them.

https://www.securityresearchlegaldefensefund.org/

google has unleashed ungodly AI nightmares beyond my comprehension

so awhile ago, i've set up screen call on my android phone, because it's pretty useful for stopping robocalls from annoying me, since usually they just hang up, or google knows it is just a scam call.

well. i got another call in, but it couldn't get the transcript. so, i played the audio back.

to my fucking horror, GOOGLE IS USING MY OWN VOICE TO ANNOUNCE IT'S PRESENCE AS THE VIRTUAL ASSISTANT.

nowhere, i mean fucking NOWHERE did they ever tell me this was a thing they'd do. in fact, i'm not able to find a single fucking thing about this online!

i don't even have the fucking option set for them to preserve my voice history, the fact they have audio recordings of my voice, and enough of them to make a fucking AI-generated version of my voice, without my god damn consent, is... i don't even know how to put it.

google, i sincerely hope someone burns down all your data centers