We are planning to release critical security patches for versions 3.5, 4.1, 4.2 and nightly this Thursday, Feb 01, at 15:00 UTC. We encourage server administrators to plan for a timely upgrade to ensure their Mastodon server is protected.

Microsoft is trying to get all email users, including governments, to migrate to their cloud-based solutions. This makes their email cloud _THE_ prime target for nation-state/state sponsored hackers. Yet Microsoft appears to be leaving gaping security holes in the setup of their email services: https://arstechnica.com/security/2024/01/in-major-gaffe-hacked-microsoft-test-account-was-assigned-admin-privileges/

Just read @pluralistic 's blog post about the difficulty that @2600 is having, both with its publication and producing the #HOPE con. This is tragic - I've never attended HOPE, but I've seen many videos and read so many recaps and articles inspired by it. Support 2600 today!

https://pluralistic.net/2024/01/19/hope-less/#hack-the-planet

https://www.hope.net/
https://store.2600.com/products/tickets-to-hope-xv

iOS vs Android Security

https://patchfriday.com/54/

RIP the man who was the absolute incarnation of XKCD's "one random dude holding up the entire internet". You may never have heard of David Mills, but your entire goddamn world depends on what he did.

https://en.m.wikipedia.org/wiki/David_L._Mills

For my hackathon project I did try to make CFA (Cat Factor Authentication, using your cat's microchip as a second factor) a thing 😆 The project did win a prize, but more for the experimentation then the actual result https://wpengine.com/blog/hackathon-december-2023/

#catsofmastodon #mfa #hackathon #wpengine

Is remote code execution in UEFI firmware possible? Well, yes it is.

Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers.

Full details by @fdfalcon and @4Dgifts in our new blog post:

https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

This blog post comes from deep inside the world of advertising, from people trying to move away from cookies. And along the way offer a VERY rare insight into the dark technology behind advertising and tracking ("hashed offline passbacks", "first and multi-touch attribution"), stuff you almost never read about. https://blog.sentry.io/we-removed-advertising-cookies-heres-what-happened/

After the takeover by Broadcom, VMware is in total chaos when it comes to orders and license renewals. Here is a status overview.

https://borncity.com/win/2024/01/13/order-license-chaos-for-vmware-products-after-broadcom-takeover-jan-2024/

@pervognsen Did u see that the RAD Debugger has been released :O ? https://github.com/EpicGames/raddebugger

"OpenAI says it’s “impossible” to create useful AI models without copyrighted material"

10 years ago three dudes from Sweden were hunted by FBI, Interpol and their own government for challenging copyright laws and seeking a fresh approach without ever profiting from it. 🏴‍☠️

Now venture capitalist-backed corporations will sell us our own copyrighted material at a premium. Working tirelessly to embed it in every product designed from now on so you will not be able to avoid it. 💰

So apparently starting with Linux 5.18, ASLR is weakened for 64-bit executables, and absolutely BROKEN (i.e. not present) for 32-bit executables when the library is 2MB or larger.
Oops? 🤦‍♂️
https://zolutal.github.io/aslrnt/

FTC bans major data broker from selling invasive location tracking details https://www.theverge.com/2024/1/10/24032966/ftc-bans-outlogic-location-data-sales-tracking-settlement?utm_content=buffer92d43&utm_medium=social&utm_source=bufferapp.com&utm_campaign=buffer

Did you realize that we live in a reality where SciHub is illegal, and OpenAI is not?

80 character column limits in code are a legacy from 80 column text displays which are a legacy of IBM's 80 column punch cards which are a legacy of Roman chariots which had two side-by-side 40 column horses

#Firefox has a new hidden setting auto-rejecting #cookie banners (not just hiding them eg Brave). Piloting in 🇩🇪 in Private Browsing but anyone can enable:
Go to the URL about:config
Set cookiebanners.ui.desktop.enabled ->True
Go to Settings->Privacy, turn on Cookie Banner Blocker.

It's probably obvious to most of you, but a big difference between the commercial social media platforms and the fediverse is that as those commercial platform grow, they get additional revenue from ads, from selling personal information, and otherwise monetizing their users. While that is turning out to not actually pay the bills for them, in the fediverse, just about every instance is run by volunteers and funded by donations or out of the volunteers' pockets. It's a labor of love and a hope for a better future. When traffic grows, we need to expand our capacity.

That is why I am asking, if you are able, please consider donating to the instance you on to help keep the fediverse ecosystem going. Typically the /about web page will have details on how to donate.

Note: I am well aware that many of you are not in a financial position to donate - and that is OK. We are here to serve you as well. Donations are completely optional.