Show more
Ethan Black boosted
Michal Kohutek  

Unironically loving the granularity of setting in the #Ubuntu 's reimagining of Windows UAC. All the more reasons to prefer #snap over legacy .deb packages.

1+
Ethan Black  

@tylnesh I guess you have a point; that's the power of open-source there!

0
Ethan Black  

@tylnesh That makes sense security-wise. But on principle I believe one should be able to add/remove software repositories. I could see a distro having a Snap repo to itself for distro-specific apps, for example. I've noticed that a lot of software repositories end up with distro-specific software. That's just an example, though, I'm thinking of the principle.
Nonetheless, Snap is a good idea in many ways; I just believe they should have the option for freedom's sake.

1
Ethan Black boosted
racheltobac :verified:  

I just live hacked Arlene Dickinson
(Dragons' Den star - Canada's Shark Tank) by using her breached passwords, social media posts, an AI voice clone, & *just 1 picture* for a deepfake live video call. Thank you Elevate Conference and Mastercard for asking me to demo these attacks live!

youtube.com/watch?v=ysu7vEkZdN

What are the takeaways from this Live Hack video with Arlene?

1. Stop reusing passwords - when you reuse your password and it shows up in a data breach, I can then use that password against you everywhere it's reused online and simply log in as you stealing money, access, data, etc.

2. Turn on multi-factor authentication (MFA) - turning on this second step when you log in makes it more obnoxious for me to takeover your accounts. I then have to try and steal your MFA codes from you (or if you use a FIDO MFA solution like a Yubikey etc, I'm likely just plain out of luck and have to move on to another target)!

3. Recognize that AI has made attacks more believable and scalable - will every or even most hacks involve AI? Nope! Most attacks are simple and leverage your breached passwords to log in as you or they attack via phishing over email, text, call, etc.
That being said, it's important to realize that some attackers will attempt to leverage AI, especially if you have an high threat model. Arlene is a star with millions of followers around the world, because of this she has to be extra politely paranoid about those that reach out with sensitive requests!
If someone with a high threat model (in the public eye, job is to wire money, lots of followers on social media, activist/being targeted, etc) receives a call and they're requesting sensitive info or a wire transfer, recognize that the attacker could believably use a voice clone in that call and could even build a believable deepfake for a live video call.
This is not how all attacks work but it's especially important for those with elevated threat models to recognize that AI can be leveraged in attacks to up the believability with voice clones, deepfake video, etc.

What do I mean "be politely paranoid" in this video?
I recommend verifying that people are who they say they are before taking sensitive actions.
- If you have a high threat model and someone calls you and asks for a wire transfer, use another method of communication to confirm it's them before taking action. Chat them, signal message, email, call them back to thwart spoofing using the number you have on file. This catches me 9 times out of 10 when I'm hacking! This is relevant for your work, when you're buying a house, pretty much anytime you need to send money!
- If you receive an email from a board member asking for a copy of a sensitive document, verify that board member is who they say they are with another method of communication before sending over a document with sensitive work details listed on it.

Stay politely paranoid, folks!

1+
Ethan Black boosted
Ethan Black  

@tylnesh I've tried both Flatpak and Snap, and I rejected because you couldn't really change your snap repository away from Canonical's repository; that's really bad and is strictly against the Unix and Linux way.

I don't remember Snap's containerization being very versatile anyway, but this is a big step up in that regard since I last tried it. If they fix the Canonical-repo-only flaw, I'd like to try it again actually. I have to use Flatseal to edit file access permissions with Flatpak.

1+
Ethan Black  

(Yess, hit the 500 limit exactly :)

0
Ethan Black  

@tylnesh I've tried both Flatpak and Snap, and I rejected because you couldn't really change your snap repository away from Canonical's repository; that's really bad and is strictly against the Unix and Linux way.

I don't remember Snap's containerization being very versatile anyway, but this is a big step up in that regard since I last tried it. If they fix the Canonical-repo-only flaw, I'd like to try it again actually. I have to use Flatseal to edit file access permissions with Flatpak.

1+
Ethan Black  

@system76 Oh that's nice!

0
Ethan Black boosted
internetarchive  

Latest update from @brewsterkahle: "Wayback Machine running strong (yippie!).

Still working to bring archive.org items & other services online safely.

@internetarchive
team spirits high, but tired."

1+
Ethan Black  

@bigolifacks I really need to try out RivalsOfAether. But I really like Smash Bros, and personally I'm hoping the next one is Ultimate Deluxe: SSBU but less extreme.

0
Ethan Black  

I got top 8 at my college's monthly tourney! I've been competing for two years, and it is amazing to see all the practice begin to pay off. I'm Golemwire, down there.

0
Ethan Black boosted
internetarchive  

Latest update on the DDOS attack from @brewsterkahle (Oct 11 @ 10:22am PT):

"The data is safe.

Services are offline as we examine and strengthen them. Sorry, but needed. @internetarchive staff is working hard.

Estimated Timeline: days, not weeks.

Thank you for the offers of pizza (we are set)."

1+
Ethan Black boosted
BrianKrebs  

Meanwhile, at a site I visit daily

1+
Ethan Black boosted
never obsolete  

The Solid State of Storage
PC Mag - November 2007
books.google.com/books?id=n-X7

1+
Ethan Black  

@CM30 Breaking it already ;P

0
Ethan Black boosted
addie  

Wow, .io domains are going away. That's huge news... every.to/p/the-disappearance-o

1+
Ethan Black boosted
never obsolete  

Dell XPS M2010
PC Mag - August 2006
books.google.com/books?id=HBF2

1+
Ethan Black  

I just wish I could justify the purchase right now :j I might be able to get it sometime. Thanks!

0
Ethan Black  

@CM30 Oh man....

1
Ethan Black  

@CM30 Whoa.
So without any spoilers, how was the storyline? I like games that have a story I can get immersed in.

Were the dungeons good in your opinion?

1
Show more

Ethan Black's choices:

smashbros

19

ssbu

17

mastodon

8

music

5

privacy

5

gamedev

4

fediverse

3
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml