evilstevie @evilstevie@mastod1.ddns.net

Halliburton are still trying to recover from their ‘cyber incident’, day 18. #threatintel

Universal Cereal Bus

@Em0nM4stodon
That EU law does not require a #CookieBanner unless the web site wants to track your clicks or sell your data.

Because people do not understand this, they think "stupid EU law" instead of...

- "website owner has no respect for consumer rights"
- "website owner has no solid business plan and just hopes for a few bucks from the advertisement industry"

#GDPR

I was just thinking to myself "How? How can I be associated in any way with orange demagogues?" & an image popped into my head, alongside the question "hang on - did I make a wotsit man in a red tie & wig?"

Anyhow, I am dashing off again now but I'm kind of glad I found this first 😆

New strap line for the website "mocking orange politicians since 2005".

#animation #silly #nonsense

"The modern era of AI calls for a risk-based approach to regulation"

No it doesn't. It calls for a consequences approach to regulation.

If your system harms someone, you decided to build and deploy it and so you are liable for damages and redress proportionate to the harm. Same as if it was a tractor. Or a cow.

Cisco security advisories includes a zero-day:

Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability
CVE-2024-20430 (7.3 medium) incorrect handling of directory search paths (CWE-427: Uncontrolled Search Path Element) to EoP
Cisco Smart Licensing Utility VulnerabilitiesCVE-2024-20439 (9.8 critical) Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2024-20440 (9.8 critical) Cisco Smart Licensing Utility Information Disclosure Vulnerability
Cisco Identity Services Engine Command Injection Vulnerability
CVE-2024-20469 (6.0 medium) insufficient validation of user-supplied input to authenticated command injection (the attacker must have valid Administrator privileges)The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.
Cisco Expressway Edge Improper Authorization Vulnerability
CVE-2024-20497 (4.3 medium) inadequate authorization checks for Mobile and Remote Access (MRA) users could allow an attacker to intercept calls or make phone calls spoofing another phone number
Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability
CVE-2024-20503 (5.5 medium) improper storage of an unencrypted registry key could allow an authenticated, local attacker to view sensitive information in cleartext

cc: @campuscodi @briankrebs @mttaggart @deepthoughts10 @cR0w @regnil @bschwifty @arinc629 @Cali @wvu @hrbrmstr @avoidthehack @bieberium @TheDustinChilds @dreadpir8robots (make sure to remove all the mentions to avoid ReplyAll madness)

#zeroday #cisco #patchtuesday #vulnerability #CVE_2024_20469 #cve

asking linux to be quiet: ssh

@SwiftOnSecurity Watch where they get wet when they see a guillotine.

I figured some people here might be interested in knowing that very long range keyboard and braille is possible over the mobile network to a windows computer without much work. I've known this to be possible in itself for some time, but I just found a way to do it without significant work beyond program installation. It was a bit of a headache before, you needed port forwarding, setting up a VPN server, having the VPN server on the same LAN as the PC which was to be controlled and which was to send out braille, having a dynamic DNS/static IP, and so on. That's no longer needed. basically, it can now be done by just installing two programs and paying $50 for one of them. The programs combined are Virtual Here www.virtualhere.com (the $50 program), and Tailscale www.tailscale.com I am using a Raspberry Pi 4, but would be surprised if a 3 wouldn't work. The steps are basically nothing special. Just image the pi with your favourite imager and make sure the unit has a connection to the internet somehow. Install tailscale on the Windows machine and the PI https://tailscale.com/kb/1017/install and then install VirtualHere Server on the PI https://www.virtualhere.com/usb_server_software Finally, run the Virtualhere client on your Windows machine https://www.virtualhere.com/usb_client_software After everything is installed and with both devices connected to the internet, in the VH client, hit shift+f10 and go to "specify usb servers". Hit add, type in your VH server's tailscale IP (the one which starts with 100 and which you can get from the Pi itself or from tailscale on the web), and hit OK. It should see your hub in the treeview. BTW, for some weird reason, both NVDA and Jaws occasionally don't see the contents of the treeview, just alt+tab to another window and alt+tab back and you should be able to see everything. Go down to the name of the server in your client, hit shift+f10, and hit "autouse all on this server. Now, plug your keyboard and braille display into your PI. What should happen is that the device gets detected, drivers installed, and it should generally be like you're plugging directly into the PC. Keyboards you can use right away, of course, but braille displays may need to be looked for/refreshed as you normally would with your reader of choice. I realize that VH allows one USB device free, but you can't install the client as a service and use the free server. You'll probably want to install the client as a service because you'll want your keyboard up and running as soon as you reboot the Windows device. Also, if you're using a keyboard and braille display at the same time, that's seen as two devices. Finally, I haven't tried this on Linux but it should work. It should work on OSX as well, but the VH client is not accessible with VO, the author knows about this and may fix it after the Sequoia release. As I said, the benefit here is easy and continual connectivity over very long ranges.

This is neat

https://ismy.blue/

omg

Because of the Twitter/X ban, many people from Brazil are moving to Mastodon, including Artists, so let's do an Art Share for them only! Let's help them get the boost they need around here!

ARTISTS FROM BRAZIL
- In the comments, introduce yourself and show your art!

PEOPLE NOT FROM BRAZIL
- Boost this post and the ones from brazilian artists in the comments!

Não fala inglês? Confira a primeira resposta abaixo!

#Brazil #ArtShare #Art

Lookit @b0rk 🫶

#SteveSilberman #RestInPeace

Companies should treat user data as toxic waste rather than as something they want to gather and hoard for business models like targeted advertising. It's not a good thing to have a bunch of sensitive data which could be obtained by adversaries or requested by a government.