KarnaSubarna

joined 1 year ago
[–] [email protected] 25 points 7 months ago (3 children)

Definitely state sponsored attack. It could be any nation - US to North Korea, and any other nation in between.

[–] [email protected] 1 points 7 months ago

Ubuntu, 2005

[–] [email protected] 7 points 7 months ago* (last edited 7 months ago) (1 children)

Installed OpenWRT on my NetGear router like 2 years back, and it didn't give me any trouble since then. BTW, the amount of configuration options it offer is mindbogglingly.

[–] [email protected] 48 points 7 months ago* (last edited 7 months ago) (1 children)

There is a work-in-progress version of Firefox for iOS with Gecko engine.

But, there is also a challenge that Mozilla is facing as Apple is still trying to make life of developers of other browsers as difficult as possible.

So, not sure how the whole thing will turn out.

[–] [email protected] 4 points 8 months ago

Ubuntu > Fedora > Ubuntu > Arch > Ubuntu

[–] [email protected] 1 points 8 months ago

Ah! I was not aware of the fact that Alias service can encrypt email before forwarding to actual mailbox.

[–] [email protected] 1 points 8 months ago (3 children)

Email alias indeed helps to avoid spam and helps you to assume separate identity per site, but won't help in any way to stop mail provider/server from processing your email data for user profiling / targeted ad purpose.

Buying email domain and self-hosting is only the full proof way from privacy POV, but it is really difficult target to accomplish. A privacy respecting email hosting + alias should be next ideal choice, IMO.

[–] [email protected] 30 points 8 months ago

Known issues and limitations

Currently, Intel x86_64 is the only supported host platform.
    AMD will most likely work too but is considered experimental at the moment.
Linux is required as a host operating system for building and running VirtualBox KVM.
Starting with Intel Tiger Lake (11th Gen Core processors) or newer, split lock detection must be turned off in the host system. This can be achieved using the Linux kernel command line parameter split_lock_detect=off or using the split_lock_mitigate sysctl.

Source: https://github.com/cyberus-technology/virtualbox-kvm

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

Docker can be run in rootless mode[1]. Ideally that should be the standard mode unless you have specific requirements not satisfied by rootless mode.

[1] https://docs.docker.com/engine/security/rootless/

[–] [email protected] 7 points 8 months ago* (last edited 8 months ago)

In most cases, work laptops have software(s) installed to automatically keep track of these activities, and flag it to security team of your organization. At that point, it will either lead to a formal warning to you, or termination/forced resignation.

From organization point of view, this is to avoid any accidental (or intentional) leak of confidential data, and/or accidentally (or intentionally) infecting your (work) system with malware/ransomware.

The latter had happened in one of my previous organizations, and the person responsible was terminated from job immediately.

 

The Linux DMA-BUF protocol for Wayland is widely used these days and supported by multiple compositors for negotiating optimal buffer allocation parameters between clients and compositors. The current fifth version of linux-dmabuf was marked as stable with it working out well and no need for any other changes before removing the "experimental" tag.

The new transient seat protocol for Wayland is for creating short-lived seats for remote users. These transient seats will be automatically removed as soon as the client disconnects. The transient seat protocol is intended for use with Wayland's virtual input and virtual pointer protocols for remote desktop use.

 

AdGuard Temp Mail’s addresses are temporary and aren’t stored long by design:

Emails are automatically deleted 24 hours after you receive them.
A temporary mailbox is deleted after 7 days of inactivity. But if you keep the page open or come back in a couple of days, it won’t disappear.

AdGuard Temp Mail is currently in beta stage. Here’s what we’re planning to add in the future:

Zero-access encryption
TLS support on the SMTP server side
Image proxying
Security checks for links
 

"The InMarket Apps have been downloaded onto over 30 million unique devices since 2017," reads the FTC complaint against InMarket Media.

"Respondent also makes the InMarket SDK available to third party app developers, and it has been incorporated into more than 300 such apps which have been downloaded onto over 390 million unique devices since 2017."

The FTC complaint says InMarket maintains 2,000 categories of distinct "audiences" which tracked people fall into, including "Christian churchgoers," "wealthy and not healthy," and "parents of preschoolers."

Ultimately, the FTC deems InMarket's five-year data retention policy overly excessive for targeted advertising, significantly elevating the risk of misuse and exposure.

 

Google collects and shares data between its own services by default. Search, advertising, YouTube and several others exchange user data. Users in the EU have to give consent to this form of sharing. By default, data will no longer be exchanged between services. EU users may already manage the Google Services that may or may not exchange data.

EU users who searching with buying intentions, e.g., for a hotel or laptop, will get a new dedicated unit in the search results that shows group of links from comparison sites "from across the web" and "query shortcuts at the top of the search page to help people refine their searches".

Users from the EU will get browser and search engine choice screens on Android and in Google Chrome.

 

The Naz.API dataset is a massive collection of 1 billion credentials compiled using credential stuffing lists and data stolen by information-stealing malware.

Credential stuffing lists are collections of login name and password pairs stolen from previous data breaches that are used to breach accounts on other sites.

Information-stealing malware attempts to steal a wide variety of data from an infected computer, including credentials saved in browsers, VPN clients, and FTP clients. This type of malware also attempts to steal SSH keys, credit cards, cookies, browsing history, and cryptocurrency wallets.

 

Location firm Near describes itself as “The World’s Largest Dataset of People’s Behavior in the Real-World,” with data representing “1.6B people across 44 countries.” Mobilewalla boasts “40+ Countries, 1.9B+ Devices, 50B Mobile Signals Daily, 5+ Years of Data.” X-Mode’s website claims its data covers “25%+ of the Adult U.S. population monthly.”

Fast food restaurants and other businesses have been known to buy location data for advertising purposes down to a person’s steps. For example, in 2018, Burger King ran a promotion in which, if a customer’s phone was within 600 feet of a McDonalds, the Burger King app would let the user buy a Whopper for one cent.

Outlogic (formerly known as X-Mode) offers a license for a location dataset titled “Cyber Security Location data” on Datarade for $240,000 per year. The listing says “Outlogic’s accurate and granular location data is collected directly from a mobile device’s GPS.”

 

Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies. That number varied significantly, with some panelists’ data listing over 7,000 companies providing their data.

 

X’s move to make people pay for a basic form of two-factor is problematic. It also created confusion because the company prompted free users to switch away from SMS two-factor, but then seemingly simply turned off the protection altogether for those who didn’t. This likely left a group of users in a situation where they think they have two-factor authentication on, but actually don’t.

 

To exploit the vulnerability, which the researchers call LeftoverLocals, attackers would need to already have established some amount of operating system access on a target’s device. Modern computers and servers are specifically designed to silo data so multiple users can share the same processing resources without being able to access each others’ data. But a LeftoverLocals attack breaks down these walls. Exploiting the vulnerability would allow a hacker to exfiltrate data they shouldn’t be able to access from the local memory of vulnerable GPUs, exposing whatever data happens to be there for the taking, which could include queries and responses generated by LLMs as well as the weights driving the response.

The researchers did not find evidence that Nvidia, Intel, or Arm GPUs contain the LeftoverLocals vulnerability, but Apple, Qualcomm, and AMD all confirmed to WIRED that they are impacted. This means that well-known chips like the AMD Radeon RX 7900 XT and devices like Apple’s iPhone 12 Pro and M2 MacBook Air are vulnerable. The researchers did not find the flaw in the Imagination GPUs they tested, but others may be vulnerable.

 

Update 1/16 - Adblock has informed BleepingComputer that its engineers fixed the problem and released ABP 3.22.1 and AB 5.17.1 on the Opera and Edge extension stores. The same versions are currently in review on the Mozilla and Chrome add-on stores, and should be made available soon.

 

Even if your distro is using Wayland by default, the Xwayland implementation is probably still used for compatibility with X11 apps, so you still need to patch your systems and make sure that the latest version is installed.

view more: ‹ prev next ›