A battle in the fight against has been lost yesterday: The has been passed by the Parliament. However, is suspended until there is a method that works sufficiently well.

Thanks for the tips.

With "bombarding" I meant calls by many people, so we as community show that we really mean it.

Any more tips to share?

When I am in a thread, I get all toots two times. That annoys me.

Mirko Adam boosted

HEY Infosec Mastodon! Wanna help me out?
I'm looking for screenshotable quotes about pentesting. Wanna respond to any of these questions? If you do you may be included in my next talk!

What's the biggest pitfall a pentester can make?
What makes a good pentest?
What makes a bad test?
Vuln scan versus pentest - which one is "better"?

Or just whatever you want. I will include any memes I get, so reply away.
Boosts help :)

Well, it does not *really* work, I use it to select MEPs to "annoy" and not to phone MEPs as this feature (which is the main one) does not work yet, at least not reliably. Still, I hope that they fix it soon, as the idea is great and the project is a great asset for our campaign to stop Chatcontrol.

Mirko Adam boosted

I keep hearing people say that Microsoft has finally come clean and provided an honest reckoning of the mistakes that led to the breach.

Allow me to push back on that HARD.

Wednesday's update is the first time Microsoft disclosed that hackers connected to Storm-0558 were inside the corporate network. In journalism parlance, Microsoft (intentionally?) buried the lede.

This allowed the company to omit key details we need to fully assess the damage these hackers did. How long were the hackers inside Microsoft's network? Did they access other data beside the crash dump? Were any other employee accounts hacked? How did they get in? Has Microsoft remediated whatever weakness or vulnerability made the network breach possible?

Storm-0558 is among the world's most skilled hacking outfits. As Microsoft observed: "The actors are keenly aware of the target’s environment, logging policies, authentication requirements, policies, and procedures. Storm-0558’s tooling and reconnaissance activity suggests the actor is technically adept, well resourced, and has an in-depth understanding of many authentication techniques and applications." In short, Storm-0558 has telemetry into Microsoft's network that's a par with Microsoft's own telemetry.

Storm-0558's technical tradecraft prowess is on full display by its ability to suss out a signing key in a crashdump made two years prior to the hack. It's further bolstered by the hackers' success in exploiting the failure of a Microsoft API to validate signatures properly.

So Microsoft reveals for the first time on Wednesday that Storm-0558 was inside its network. It provides no other details and doesn't respond to reporters' emails seeking them. And people say Microsoft has finally put the issue behind it?

Er, no. This should be the very beginning of the inquiry. We need to press Microsoft to answer these questions.

Show thread

@auschwitzmuseum Thank you, Auschwitz Memorial that you transform the stats of all the people killed during Holocaust back into the single tragedies. Just as a man that was responsible for other mass killings, Stalin, said: The death of one person is a tragedy, the death of thousands in statistics.

Mirko Adam boosted

Wie genial ist das denn? Unter dem Motto "Weil Appelle nicht mehr reichen – Wer blockiert, muss mit fast dreimal höherer Strafe als bisher rechnen" Ab sofort kostet in #Wien das Falschparken im Gleisbereich der Tram oder auf der Busspur so viel ... wie eine Jahreskarte: 365 Euro. Das sind verkehrspolitische Zeichen - in Deutschland undenkbar.

Mirko Adam boosted

Let's stop ! The showdown in the European Parliament is near! So, bombard your MEPs with phonecalls. You may phone them from Monday till Thursday. Together, we can stop this law.

If you don't know how to reach them, are afraid of high call fees or don't like to phone people, go to chatcontrol.dearmep.eu. These guys made an app that makes callinh MEPs easy.

@canleaf @tagesschau Dass potentielle Gewinne eines Unternehmens des Staates / mit Beteiligung des Staates, angefangen bei Stadtwerken bis hin zu Großunternehmen zumindest teilweise dem Staatshaushalt zur Verfügung gestellt werden und der Staat bei Problemen einspringt, ist IMHO auch nicht das Problem.

Das Problem ist, dass bei der Bahn der Profit an erster Stelle steht und der grundlegende Auftrag der Bahn vernachlässigt wurde und wird. Hier liegt der Kern des Übels.

@canleaf @tagesschau Das @bmf schreibt auf seiner Website: "Seit ihrer Gründung im Jahr 1994 ist die Deutsche Bahn (DB AG) eine Aktiengesellschaft und hat entsprechend eine duale Führungs- und Kontrollstruktur. Sie befindet sich zu 100 Prozent im Eigentum des Bundes." Quelle: bundesfinanzministerium.de/Con
Außerdem ist die Deutsche Bahn AG eben NICHT an der Börse, siehe z.B. hier: drivest.de/3753/wem-gehoert-di
Wie die Finanznachrichten auf einen Börsenkurs kommen, weiß ich auch nicht.

@tagesschau Den Teil mit der teureren Variante für Menschen, die nicht in DE wohnen, das könnte der @Curia kippen, möglicherweise. Wenn du das aus dem Vorschlag streichst, wäre ich dabei.

@ankedb Borja Iglesias (Stürmer bei Betis Sevilla und der spanischen Nationalmannschaft) hat sich dem Streik angeschlossen. Mal schauen, wie viel folgen.

@tagesschau Es ist ja nicht so, dass ein Mann es generell nicht dürfe. Die geküsste Person muss es halt auch wollen. Würdest du es wollen, einfach so von irgendwem aus Freude ungefragt auf den Mund geküsst werden?

Mirko Adam boosted

I ordered a gorgeous #lateart of #peppercarrot from @davidrevoy at Reissue Cafe in Tokyo.

It also felt cool that I was probably one of the only customers asking to reproduce a drawing they were formally allowed to use thanks to #CreativeCommons ❤️

Show more
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml