Mirko Adam @elshid@librem.one

Gilt zu jeder Wahl

If you don't know what to do to make the world a better place this morning, consider a donation to the UNRWA, which provides healthcare, food and emergency services to Palestinian people in Gaza.

https://donate.unrwa.org/-landing-page/en_EN

Close Guantanamo.

Horrified and heartbroken at the barrage of attacks by Hamas upon civilians in Israel. Innocent people suffer the consequences of violent extremism, and this kind of terrorism only produces deeper, more intractable problems. My thoughts and hopes are for peace, and for democracy for all people in the region, but such a future is proving ever more elusive, I fear.

Merkwürdige Weltenpaare im Orionnebel entdeckt https://www.derstandard.at/story/3000000189745/merkwuerdige-weltenpaare-im-orionnebel-entdeckt?ref=mastodon

Mastodon pilot has a chance to win open source award

At the beginning of this year, SURF and its members started the pilot project social.edu.nl. There is a growing need for a social community platform of and for the whole of Dutch education and research. At the same time, we want this platform to be based on the public values we ourselves advocate.

https://www.surf.nl/en/news/mastodon-pilot-has-a-chance-to-win-open-source-award

Vote:
https://joinup.ec.europa.eu/collection/open-source-observatory-osor/osor-community-award-2023-voting#vote

trendy

HEY Infosec Mastodon! Wanna help me out?
I'm looking for screenshotable quotes about pentesting. Wanna respond to any of these questions? If you do you may be included in my next talk!

What's the biggest pitfall a pentester can make?
What makes a good pentest?
What makes a bad test?
Vuln scan versus pentest - which one is "better"?

Or just whatever you want. I will include any memes I get, so reply away.
Boosts help :)

I keep hearing people say that Microsoft has finally come clean and provided an honest reckoning of the mistakes that led to the breach.

Allow me to push back on that HARD.

Wednesday's update is the first time Microsoft disclosed that hackers connected to Storm-0558 were inside the corporate network. In journalism parlance, Microsoft (intentionally?) buried the lede.

This allowed the company to omit key details we need to fully assess the damage these hackers did. How long were the hackers inside Microsoft's network? Did they access other data beside the crash dump? Were any other employee accounts hacked? How did they get in? Has Microsoft remediated whatever weakness or vulnerability made the network breach possible?

Storm-0558 is among the world's most skilled hacking outfits. As Microsoft observed: "The actors are keenly aware of the target’s environment, logging policies, authentication requirements, policies, and procedures. Storm-0558’s tooling and reconnaissance activity suggests the actor is technically adept, well resourced, and has an in-depth understanding of many authentication techniques and applications." In short, Storm-0558 has telemetry into Microsoft's network that's a par with Microsoft's own telemetry.

Storm-0558's technical tradecraft prowess is on full display by its ability to suss out a signing key in a crashdump made two years prior to the hack. It's further bolstered by the hackers' success in exploiting the failure of a Microsoft API to validate signatures properly.

So Microsoft reveals for the first time on Wednesday that Storm-0558 was inside its network. It provides no other details and doesn't respond to reporters' emails seeking them. And people say Microsoft has finally put the issue behind it?

Er, no. This should be the very beginning of the inquiry. We need to press Microsoft to answer these questions.

Wie genial ist das denn? Unter dem Motto "Weil Appelle nicht mehr reichen – Wer blockiert, muss mit fast dreimal höherer Strafe als bisher rechnen" Ab sofort kostet in #Wien das Falschparken im Gleisbereich der Tram oder auf der Busspur so viel ... wie eine Jahreskarte: 365 Euro. Das sind verkehrspolitische Zeichen - in Deutschland undenkbar.

Kinderarzt: "Lehrpersonal muss sensibler werden und sollte adipösen Kindern den Sport nicht vermiesen" https://www.derstandard.at/story/3000000186032/kinderarzt-lehrpersonal-muss-sensibler-werden-und-sollte-adipoesen-kindern-den-sport-nicht-vermiesen?ref=mastodon

I ordered a gorgeous #lateart of #peppercarrot from @davidrevoy at Reissue Cafe in Tokyo.

It also felt cool that I was probably one of the only customers asking to reproduce a drawing they were formally allowed to use thanks to #CreativeCommons ❤️

Was gerade passiert, ist prägend für den Sport Fußball und die Gesellschaft. Ich bin froh und habe riesigen Respekt vor den Frauen, die jetzt dagegen aufstehen, um sich zu nehmen, was sie verdienen: Anerkennung, Respekt, Gleichberechtigung. Volle Solidarität mit ihnen. Wir als privilegierteste Gruppe der Gesellschaft (weiße Männer) dürfen das nicht ignorieren. Wir dürfen nicht wegsehen. Wir müssen realisieren, dass das die Regel und nicht die Ausnahme ist. Wir können etwas ändern.