Posts
2506Following
576Followers
1284Heretek of Silent Signal
repeated
Kagi HQ
kagihq@mastodon.social
Google is required to include any search engine that meets specific criteria, such as having an app with over 5,000 installs, in the default list for Android and Chrome.
We'd love it if you install the Kagi app and help us meet the criteria! We're almost there:
https://play.google.com/store/apps/details?id=com.kagi.search
0
1
0
repeated
buherator
buheratorhttps://nastystereo.com/security/cross-site-post-without-content-type.html
0
0
1
buherator
buheratorShow content
https://bsky.app/profile/mrose.ink/post/3lbwpud2mes2n
"One enduring complication with all this is that scraping happens all the time for reasons that people *don’t* find inherently objectionable, and in fact support—the Wayback Machine, all kinds of public health and extremism research, etc. The mistake was assuming that goodwill transfers.
A key problem in the Disc Horse (and policy to a lesser extent) is reminding people that scraping as a technological process is Important, Actually, for all the things You Think Are Good, and any proposed solutions to curtail GAI training uses need to be VERY narrowly tailored to not impact those.
All the proposed solutions so far have had some critical flaw that makes them unworkable.
Manual consent? Ok, how do we implement that at scale? robots.txt style flags are fine, but they’re also not legally binding—and that’s good! If they were, Wayback wouldn’t be able to index!
So exclusion protocols can be ignored, For Good Reason. “What if we give an exclusion protocol the force of law for this specific use?” Closer, but there’s active debate in the courts about whether this is all a fair use, and if the answer is “yes,” then it doesn’t matter
…then best case scenario the tags are rendered null (because you can’t legally override fair use), and worst case you’ve just recreated a DMCA 1201 style lockout trick, and we have spent the last 25 years seeing just how incredibly those fuck up everything around them."
0
2
1
repeated
polprog68k
gorplop@pleroma.m68k.church
0
3
0
repeated
bert hubert 🇺🇦🇪🇺
bert_hubert@fosstodon.org23 years old, and if you replace a few hyped things with today's equivalents, the article is 100% fresh. Things have gotten even worse since then it appears. https://www.joelonsoftware.com/2001/04/21/dont-let-architecture-astronauts-scare-you/
0
3
0
repeated
Baldur Bjarnason
baldur@toot.cafe“CrowdStrike Earnings: Cybersecurity Firm Posts Higher Revenue Amid Swing to Loss - WSJ”
So, I've long argued that all of software dev's dysfunctions can be traced to the fact that business outcomes do not depend on software quality, design, or reliability. As long as this dynamic continues the software we use will only get worse
2
3
0
buherator
buheratorRE: https://infosec.exchange/@josephcox/113551853623942786
1
1
3
buherator
buheratorShow content
1
1
7
repeated
/r/netsec
_r_netsec@infosec.exchangeNew PE Vulnerability in Windows OS! https://ssd-disclosure.com/ssd-advisory-ksthunk-sys-integer-overflow-pe/
0
1
0
repeated
bert hubert 🇺🇦🇪🇺
bert_hubert@fosstodon.orgEarlier post, but in recent talks I'm encountering more and more organizations that are losing their last technical people. You can outsource a lot, but most places have a core thing that they should really own. And once your own technical department is no longer viable, you are hosed. The longer story: https://berthub.eu/articles/posts/your-tech-my-tech/
1
2
0
repeated
✧✦✶✷Catherine✷✶✦✧
whitequark@mastodon.socialthesis: numbers stations are a form of microblogging
4
4
0
repeated
Insinuator
Insinuator@infosec.exchangeNew post: Vulnerability Disclosure: Command Injection in Kemp LoadMaster Load Balancer (CVE-2024-7591) https://insinuator.net/2024/11/vulnerability-disclosure-command-injection-in-kemp-loadmaster-load-balancer-cve-2024-7591/
0
2
0
buherator
buheratorSo much for "personalized experience"...
RE: https://infosec.place/objects/0fe974a7-6345-4ccc-a9a4-5dce0da786a9
0
0
2
repeated
The Meteoriks
meteoriks@icosahedron.websiteWhat, it's already this time of the year again?! Yes, 'tis the season of reviewing and selecting our top picks from around 3.000 #demoscene productions - and we would love to have you on the team as a juror! Sign up now:
https://2025.meteoriks.org/taking_part/juror/
0
2
0
buherator
buheratorhttps://blog.mantrainfosec.com/blog/16/hacking-barcodes-for-fun-profit
Old friend hacking Hungarian bottle recycling machines :) #DRS
0
1
0
buherator
buheratorhttps://srcincite.io/blog/2024/11/25/remote-code-execution-with-spring-properties.html
#frombsky
1
5
7
repeated
RE//verse
reverseconf@bird.makeup
CFP window ends this friday! We have ~50 submissions so far -- competitive but not so busy that a high quality talk can't rise to the top, make sure to get your submission in soon.
0
2
0
repeated
Not Simon 🐐
screaminggoat@infosec.exchangeMicrosoft: "we had one #PatchTuesday yes, but what about second Patch Tuesday?"
- CVE-2024-49053 (7.6 high) Microsoft Dynamics 365 Sales Spoofing Vulnerability
- CVE-2024-49035 (8.7 high) Partner.Microsoft.Com Elevation of Privilege Vulnerability (EXPLOITATION DETECTED FLAG)
- CVE-2024-49038 (9.3 critical) Microsoft Copilot Studio Elevation Of Privilege Vulnerability
- CVE-2024-49052 (8.2 high) Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability
Only CVE-2024-49053 has any substantial information in their FAQ section. CVE-2024-49035 is "not exploited" but "exploitation detected" 🤔 (analyst comment: likely a gaffe). The rest are Not Exploited, Not Publicly Disclosed, and Exploitation Less Likely.
#microsoft #vulnerability #CVE #infosec #cybersecurity #copilot #dynamics365 #azure
3
2
0