HackerTrans
TopNewTrendsCommentsPastAskShowJobs

vasuki

no profile record

Submissions

Hackers are spreading ransomware as a distraction – to hide their cyber spying

zdnet.com
2 points·by vasuki·4 anni fa·0 comments

Psychological and Emotional War: Digital Transnational Repression in Canada

citizenlab.ca
2 points·by vasuki·4 anni fa·0 comments

Dependabot Alternative for Clojure

github.com
2 points·by vasuki·4 anni fa·0 comments

List of Ransomware Vulnerabilities being actively targeted

securitythreatnews.com
1 points·by vasuki·5 anni fa·0 comments

comments

vasuki
·4 anni fa·discuss
I can relate to that very much. Your former friend sounds exactly like one of my friends with whom I am trying to not end friendship and be as empathetic and helpful as I can be.

> while at the same time those same sources get used easily for their own arguments

100% this!

Telegram channels and Substack seem to be super popular for this sort of propaganda. I also did a technical analysis of many of the websites shared in these channels and found:

- they use very heavy trackers

- keylogging for webpages is common

- they all use privacy shields for `whois` info

- third party cookies

You can find some of these if you want to take a look in https://github.com/Langer81/Summer-REU-Research
vasuki
·4 anni fa·discuss
Do you have any go-to public tools for fact-checking or any internal tools that you might have had access to in the past?

More generally speaking, how do you defend yourself against PsyOp in this age with heavily degraded trust in the government and judiciary system in the west particularly?
vasuki
·4 anni fa·discuss
I have not responded without listening to what he said, I followed him for quite some time to see what exactly he had to say.

I do not like censoring by big tech as well, but when they take down outright lies which actually get viral and change people's opinions, I am no longer sure. Nuanced facts, data does not go viral. Tweets with controversial information do.

Serious side-effects, risk-benefit calculations, are very nuanced and take much more effort to bring up and share [1]. He presents a very one-sides story, every single day. That is not helpful.

He took very selective parts of news which aligns with his opinions and tweeted just that. Thanks to twitter's censoring, I can't even share those :facepalm: but you can look up archived data [2]. It is not even a single person, they have a pretty good group doing it every single day (Peter McCullough, I am sure you heard of him) [3] [4].

Also look at how viral this stuff gets [5].

1. https://news.ycombinator.com/item?id=29749381

2. https://childrenshealthdefense.org/defender/mrna-technology-...

3. https://www.reuters.com/article/factcheck-pilot-vaccinefalse...

4. https://twitter.com/P_McCulloughMD/status/148679283709416244...

5. https://www.trendsmap.com/twitter/tweet/1486792837094162442
vasuki
·4 anni fa·discuss
It is misinformation because it is outright wrong. Follow Malone for a couple of weeks and you will see he has nothing else to share but: Vaccines are bad, Vaccines are killing people.

- https://www.politifact.com/article/2022/jan/06/who-robert-ma...

- https://factcheck.afp.com/http%253A%252F%252Fdoc.afp.com%252...

> As we prevent three deaths by vaccinating, we incur two deaths.

> "Are we headed for the situation where the ~30% unvaxxed will be devoting their lives to operating whatever is left of the economic infrastructure and serving as caretakers for the vaxxed?"

This is what got him banned from twitter.

Why don't you try to investigate a bit yourself? People with credentials can have no other motive to spread misinformation and all the motive to "save the humanity" ? Sad to see this on HN.
vasuki
·5 anni fa·discuss
WHO: "As a matter of global equity, as long as many parts of the world are facing extreme vaccine shortages, countries that have achieved high vaccine coverage in their high-risk populations should prioritize global sharing of COVID-19 vaccines through the COVAX facility before proceeding to vaccination of children and adolescents who are at low risk for severe disease."

- https://www.who.int/news/item/24-11-2021-interim-statement-o...

Germany: "Since children and adolescents have a relatively low risk of getting seriously ill with COVID-19, the risk-benefit assessment of illness or vaccination is different than for adults. Therefore, the STIKO has not issued a general recommendation to vaccinate all children from the age of 12, but recommends that children and adolescents with certain underlying conditions who are particularly at risk get the coronavirus vaccination"

- https://www.zusammengegencorona.de/en/corona-schutzimpfung-a...

France: "In the light of these elements and taking into account the evolution of the epidemic, the HAS considers that the individual benefit of the vaccination has been established for children aged 5 to 11 years with comorbidities and who are at risk of severe forms of Covid-19 and death. In total, this concerns a little over 360,000 children in France."

- https://www.has-sante.fr/jcms/p_3302411/fr/covid-19-la-has-r...
vasuki
·5 anni fa·discuss
This is definitely not precise. I confirmed that the lookup is also performed by Proton servers for mails sent to third party mail services, not just from third party mail services. Are they also scanned?

Source IP I got in my test: 185.70.43.80

```

# whois.ripe.net

inetnum: 185.70.40.0 - 185.70.43.255

netname: CH-PROTONMAIL-20140915

mnt-by: protonmail-mnt

org-name: Proton AG

```

From privacy policy https://protonmail.com/privacy-policy

> We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to ProtonMail are scanned for Spam and Viruses to pursue the legitimate interest of the protection of our users.

very disappointing.
vasuki
·5 anni fa·discuss
It might be because of path normalization by your http client. For example, with `curl` you will also need to use `--path-as-is` to correctly test traversal. Another reason could be path normalization by the reverse proxy/WAF.

> --path-as-is

> Tell curl to not handle sequences of /../ or /./ in the given URL path. Normally curl will squash or merge

> them according to standards but with

>this option set you tell it not to do that.

> Added in 7.42.0.
vasuki
·5 anni fa·discuss
Thank you for the detailed writeup. This is a topic which I think is not discussed much.

> We will split public-facing CI from release infrastructure and internal CI infrastructure. (teleport#8268)

Did you also consider some form of out-of-band approval mechanism for production environment access? (via a chatbot / push notification etc). I think something like that might work technically, but scalability might be a challenge. It might be easier to manage in comparison to a self-managed complete second CI system though. I have been pondering over it for some time to be able to utilize Gitlab CD without providing Gitlab all keys to the kingdom.