HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Doe-_

no profile record

comments

Doe-_
·2 lata temu·discuss
What makes you think that? Secure Boot prevents this rootkit from running and is the recommended mitigation:

> Bootkitty is signed by a self-signed certificate, thus is not capable of running on systems with UEFI Secure Boot enabled unless the attackers certificates have been installed.

> To keep your Linux systems safe from such threats, make sure that UEFI Secure Boot is enabled

In fairness, the blog post confusingly says this in the next bullet point:

> Bootkitty is designed to boot the Linux kernel seamlessly, whether UEFI Secure Boot is enabled or not, as it patches, in memory, the necessary functions responsible for integrity verification before GRUB is executed.

However, this would still require Rootkitty to have gained execution already, which it wouldn't be able to if Secure Boot was enabled and the malicious actor's certificates weren't installed.
Doe-_
·2 lata temu·discuss
Certainly true if the target application is running on the same host as Wireshark. But mitmproxy is very helpful when the device or application isn't fully under your control, for example if you can't set a proxy.

Mitmproxy also has a few features which make it a lot easier to use than wireshark alone, even if the aim is only to inspect TLS traffic. Including the wireguard server mode or transparent proxying for example.
Doe-_
·2 lata temu·discuss
The City is also unique in that businesses represent the majority of the voters in its council elections.

Moreover, the council is also the police authority, which could explain a more active copyright infringement force.
Doe-_
·2 lata temu·discuss
The email address wouldn't be in the document directly, only in the SVG. Whether the title of the SVG contains "Email us" or the email address wouldn't affect how it works.

If the scrapper is searching the DOM rather than simply downloading the webpages, then the email will found regardless.
Doe-_
·2 lata temu·discuss
You can bind a device to another, so while you would need the ability to issue the command, a server wouldn't be required to handle the state propagation.

https://smarthomescene.com/guides/how-to-bind-zigbee-devices...
Doe-_
·2 lata temu·discuss
> Take a look at heat geeks.

Is this them? https://www.heatgeek.com/
Doe-_
·2 lata temu·discuss
Exactly. On a bigger scale, the time wasted by people redoing the formatting because it isn't pasted by default would outweigh that wasted by people writing blog posts about having to remove it.

And if they're that animated by it, they're are likely the sort of user that would look for a solution and change the default or learn how to paste in their software of choice without formatting.
Doe-_
·2 lata temu·discuss
Fun!

I wonder if this lets you measure the average attention span of visitors? I'd be curious to see the impact on the average of the various platforms where this is shared.
Doe-_
·3 lata temu·discuss
Interestingly, the privacy policy only says they collect name, email and user ID. It also states that no data is shared with third-parties.

I find this suspicious considering the absence of any mention of privacy on its page.
Doe-_
·3 lata temu·discuss
The location report is signed with a public key advertised by the "lost" device.

To retrieve the device's location and to prevent Apple from knowing who lost the device, all signed in users can download any location report for a given public key.

This is explained better here: https://github.com/seemoo-lab/openhaystack
Doe-_
·3 lata temu·discuss
Or for two other adjacent projects to also do the same, on the same day.

https://github.com/MetaCubeX/Clash.Meta https://github.com/zzzgydi/clash-verge
Doe-_
·3 lata temu·discuss
So has another adjacent project by yet another author, using the same technique: https://github.com/MetaCubeX/Clash.Meta

Which would suggest it's not anodin.
Doe-_
·3 lata temu·discuss
I am equally terrified of Chrome's dominance in the browser market.

I don't agree that forcing WebKit on iOS is the solution, however. The law should seek to break Chrome's monopoly, not enforce another.