Hi, I’m Phil Nelson, a writer, developer, and audio-visual maker of stuff. I have been making stuff online for over 25 years. I run RetroStrange and Set Side B. Good to see you.
Blog Archives
This is just all kinds of fucking stupid. Unless you give Discord, a company which leaked 70,000(!) peoples full government IDs less than 6 months ago, now wants everyone’s ID. Don’t do it. Take your community somewhere, almost anywhere, else.
Here’s a good look at some of the top alternatives, ranked by Functionality, Openness, Security, Safety, & Decentralization.
From the perils of surveillance capitalism department:
On Thursday, researchers at Cybernews reported that over 21 million screenshots from WorkComposer, which works with over 200,000 companies worldwide, were discovered in an unsecured Amazon S3 bucket.
Thomas Reed, for MalwareBytes:
Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.
Nothing is safe. Encrypt and delete constantly.
An enraging story from Michael Smith and Polly Mosendz, for Bloomberg:
Taurus sold almost a million handguns that can potentially fire without anyone pulling the trigger. The government won’t fix the problem. The NRA is silent.
Gun manufacturers have long held an unassailable position in American business and politics. They need to be reminded that they aren’t above the law… and we can start by making them follow the same goddamn rules as everyone else.
[This][link] is one of the dumbest and most dangerous bugs I’ve ever heard of. From the KDE security list:
[link]: https://www.kde.org/info/security/advisory-20180208-2.txt “KDE Project Security Advisory”
>When a vfat thumbdrive which contains “ or $() in its volume label is plugged
and mounted trough the device notifier, it’s interpreted as a shell command,
leaving a possibility of arbitrary commands execution. an example of offending
volume label is “$(touch b)” which will create a file called b in the
home folder.
It’s jaw-dropping.
The app is now available for Windows, macOS, Debian-based linux distros. You should be using Signal if you ever talk about anything to anyone.
A very modern situation: [Company does spin control without considering the ramifications, ends up screwing over the already victimized][link2]:
A German email provider has closed the account of a hacker behind the new ransomware outbreak, meaning victims can’t get decryption keys.
The exploit, unofficially named Petya, [uses the same vector as WannaCry][link].
[link2]: https://motherboard.vice.com/en_us/article/new8xw/hacker-behind-massive-ransomware-outbreak-cant-get-emails-from-victims-who-paid “Hacker Behind Massive Ransomware Outbreak Can’t Get Emails from Victims Who Paid – Motherboard”
[link]: https://motherboard.vice.com/en_us/article/qv4gx5/a-ransomware-outbreak-is-infecting-computers-across-the-world-right-now “A Ransomware Outbreak Is Infecting Computers Across the World Right Now”
[What’s that they say about castles built on sand?][link]
>Two researchers on Thursday took down the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, as Pwn2Own, the annual hacking contest that runs in tandem at CanSecWest, wound down in Vancouver.
[link]: https://threatpost.com/all-major-browsers-fall-at-pwn2own-day-2/111731 “All Major Browsers Fall At Pwn2Own Day Two | Threatpost | The first stop for security news”
[Filed under Welcome To 2015][link]:
>”I’m too idealistic,” he told me in an interview at a hacker convention in Germany in December. “In early 2013 I was really about to give it all up and take a straight job.” But then the Snowden news broke, and “I realized this was not the time to cancel.”
>
>Like many people who build security software, Koch believes that offering the underlying software code for free is the best way to demonstrate that there are no hidden backdoors in it giving access to spy agencies or others. However, this means that many important computer security tools are built and maintained by volunteers.
The people who make important stuff get jack shit for their effort, but that how new Uber For Fart Sounds app gets millions.
[link]: http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke?utm_campaign=bt_twitter&utm_source=twitter&utm_medium=social “The World’s Email Encryption Software Relies on One Guy, Who is Going Broke – ProPublica”
