Techbros: self driving cars are inevitable!

Also techbros: prove you are human by performing a task that computers can’t do, like identifying traffic lights.

#software #unexplained

I hope everyone is having a great weekend!

This is my periodic reminder to support your instance - nearly all instances are free and rely on donations to pay the bills. I very much appreciate donations to Infosec.exchange, and I know that some other instances may be struggling financially. If you are in a position to donate to your instance, especially for those people on other instances, please consider donating. You can usually find the link to donate to your instance on the instance’s about page (such as Infosec.exchange/about).

My thanks to everyone who does support their instance. And there is zero problems (for me at least) with those that can’t afford it. These are tough times for many, and I think it’s vitally important to provide a reliable and useful social network outlet that is available to everyone.

Thank you!

Exactly 20 years and 20 minutes ago, this happened.

A man in Saudi Arabia has been sentenced to death for his tweets, and surprise: Elon Musk is NOT funding his legal bill as promised because there's a good chance that the necessary data to identify this man came from the second largest shareholder of Twitter: the Saudi prince Alwaleed bin Talal.

Musk has been awfully silent about this as you can't really make your “freedom of speech!!” argument when you assist with killing a retired teacher for the regime critic posts they made on your platform, only possible because that regime owns a huge chunk of “your” platform.

A colleague spent his 6-month internship reversing Starlink's dish.
Here are the results and the tools he built. Nice work on nicely engineered hardware.

https://blog.quarkslab.com/starlink.html

#infosec at it's finest.

A renegade certificate is removed from Windows, then returns. Confusion ensues."

https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/

I updated my WordPress plugin that warns your site's visitors if they don't have an ad-blocker installed.

https://wordpress.org/plugins/detect-missing-adblocker

EDIT: You can now fully customize the note, including links to plugins and browser extensions you want to suggest.

By default, a link to my blog with a list of popular options will be shown.

https://stefanbohacek.com/project/detect-missing-adblocker-wordpress-plugin/#resources

Happy to get more recommendations!

#wordpress #webdev #WebDevelopment #ads #AdBlocker #OpenWeb #IndieWeb

Full text search has been merged in #Mastodon `main` branch, and will be in the next (and final?) 4.2.0 beta 🎉

It is opt-in, so it will take some time to be filled with people content as they enable their profile to be indexed, but this was one of the most wanted Mastodon features for some time.

We plan to deploy it to mastodon.social and mastodon.online in the coming days to have a bit more feedback on it and see how it behaves in the wild.

This is wild…

#Java: Possible #RCEs in X.509 #certificate validation [CVE-2018-2633][CVE-2017-10116]

https://mbechler.github.io/2018/01/20/Java-CVE-2018-2633/

Right now if you search for "country in Africa that starts with the letter K":

- DuckDuckGo will link to an alphabetical list of countries in Africa which includes Kenya.

- Google, as the first hit, links to a ChatGPT transcript where it claims that there are none, and summarizes to say the same.

This is because ChatGPT at some point ingested this popular joke:

"There are no countries in Africa that start with K."
"What about Kenya?"
"Kenya suck deez nuts?"

Google Search is over.

message to all reverse engineers and hackers of fedi: when youre figuring out some really obscure thing and you finally crack it PLEASE document it somewhere on the web. maybe youre the first to ever walk this path, maybe youre the first person to care. but i promise you are not the last, and there will be a day when some lone hacker follows the path you took years or decades ago and they will find what you wrote and they will be eternally grateful and wont forget it ever. and thats so beautiful

Now the Washington lawyers want to destroy digital collections of scratchy 78rpm records, 70-120 year old, built by dedicated preservationists online since 2006.

Who benefits?

https://www.reuters.com/legal/music-labels-sue-internet-archive-over-digitized-record-collection-2023-08-12/

hate when this happens to me

Friend: No this makes sense, it's a chain of dependencies. Every teams channel is a SharePoint folder

I think god is dead for sure

This essay is an utterly brilliant take on #AIhype. I'll put a few excerpts here, but you should definitely go read the whole thing:

https://karawynn.substack.com/p/language-is-a-poor-heuristic-for

>>

Use the Defcon Wifi (new blog)

Many security professionals, especially on social media, have an unfortunate tendency towards what we might call performative security. It’s where people broadcast their security measures to show how aware they are, and they suggest others follow their lead. It’s the inverse of security theater where ineffective security is imposed on us by organizations. It’s often ineffective, inconvenient, or both.

And today’s bad advice is “Don't use the defcon wifi.”

The #Defcon and #Blackhat networks are some of the most monitored networks anywhere. No one's going to blow an 0-day by using it on either network. This assumes everything's up to date and fully patched, and that you join the official networks, which are listed on signage around the venues. It also assumes that all your apps are using TLS everywhere. In contrast, there is a never-ending parade of warnings about malware in telecom infrastructure. There are routinely reports of extra base stations around Las Vegas. (I’ve heard numbers on the order of an extra 50, of which I’d guess many are simply just-in-time capacity from authorized suppliers.) The lack of authentication of base stations is apparently a ...feature... that’s never going to be fixed.

Now, there’s another way to interpret this, which is to put your devices in airplane mode or a Faraday cage, and that’s not awful advice. Disconnect. Be present. Enjoy the events. Talk to the people around you. If you want to disconnect, a well-constructed Faraday cage is safer than airplane mode, which let bluetooth and wifi work.

When I was at Microsoft, some of my co-workers made a big deal of how they locked down their laptop, or bought a burner for Defcon. Me? I asked why our products weren’t safe enough to use in that environment, given that they’re certainly used in more dangerous places.

https://shostack.org/blog/use-the-defcon-wifi/