Ethan Black @golemwire@librem.one

Well, that sounds absolutely horrific.

https://www.businessinsider.com/larry-ellison-ai-surveillance-keep-citizens-on-their-best-behavior-2024-9?op=1

Today in error messages from the void

Wait, someone beat #Zelda #EchoesofWisdom already?

Now I'm mad :) https://video.hardlimit.com/videos/watch/ca3d51bc-50b0-4883-b6b1-443099f126e0

Who knew that it's possible to boot straight into UEFI setup by just running "systemctl reboot --firmware-setup"? 🤯

It makes all those times I was mashing F12 as soon as the computer started booting utterly pointless — especially after getting Linux installed.

Well, at least I know about it now.

@GrahamDowns
Here are three 1977 computers. I briefly used a TRS-80 Model I. Learned BASIC.

File:Home or Personal Computers from 1977 - Commodore PET 2001, Apple II, TRS-80 Model I, together called 'Trinity77' (edited image).jpg
https://en.wikipedia.org/wiki/File%3AHome_or_Personal_Computers_from_1977_-_Commodore_PET_2001%2C_Apple_II%2C_TRS-80_Model_I%2C_together_called_%27Trinity77%27_%28edited_image%29.jpg

Scoop: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today.

https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/

For today’s pet photo, here’s my dog Nell in #Zelda #TearsoftheKingdom! Just had to edit her pic into the Hyrule Compendium lol!

#pets #dogs #dogsofmastodon #mondog

Try out our new desktop environment, COSMIC. It’s still in alpha, so expect bugs! Reports, theming, and configuration screenshots are welcome :) https://s76.co/qGr4qNLt

🔥 1 day until the COSMIC alpha 🔥

So earlier this year I wrote about this cybercrime rapper named Punchmade Dev, who wears outlandishly gaudy and expensive stuff around his neck and croons in videos in front of stacks of cash at ATMs, talking about how to do wire fraud, cashout PayPal and Cash App accounts, etc. The story showed how this Punchmade character seems to be a 22-year-old guy in Lexington, Ky named Devon Turner who operates multiple web stores that sell apparently compromised payment cards and identity information (alongside check printing software and tutorials on....wait for it...OPSEC!).

On a hunch that maybe Punchmade's lack of opsec might have caught up with him, I checked PACER and found instead that he recently sued his bank, alleging they discriminated against him for his race over his denied request to transfer $75,000 out of his account. Incredibly, Mr. Turner signed his pro se complaint filed in a Kentucky court with the same phone number and email address that are tied to the Punchmade domain names that are selling products like "ID+ High Balance CC, ID front/back, SSN, and 7$k-10k CC, for $80"

Here's the story:
In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade's social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. Now the Kentucky native is suing
his financial institution after it blocked a $75,000 wire transfer and froze his account, citing an active law enforcement investigation.

https://krebsonsecurity.com/2024/08/cybercrime-rapper-sues-bank-over-fraud-investigation/

#Ventoy Security Concerns (please boost for visibility)

Ventoy is a popular utility for making USB drives containing multiple operating systems in the form of bootable image files. While very useful in theory, the source tree contains numerous binary blobs without source code. This issue has been brought up to the authors multiple times, have not been corrected, and have even gotten worse (more blobs have been added to the code over time). This is a potential malware vector, similar to the "test files" in the xz-utils backdoor catastrophe.

Recently the author has ignored a very lengthy thread raising security concerns because of these binary blobs. Given the amount of attention the thread has gotten, this seems strange, especially given that the authors have been active since then. https://github.com/ventoy/Ventoy/issues/2795

Stranger yet still, a video by Veronica Explains (@vkc) on how to create bootable USB flash drives got flooded by comments heavily suggesting the use of Ventoy and even being somewhat accusing because Veronica didn't advertise Ventoy. This is... not anything I've seen users of ANY open-source project do, and it feels similar to the social engineering done against Lasse Collin that convinced him to add Jia Tan as a maintainer, thus compromising xz-utils. See the comments of https://www.youtube.com/watch?v=QiSXClZauXA&t=3s

If you're using Ventoy, you may want to consider ceasing its use for the time being out of an abundance of caution. If you truly need its functionality, you might look into something like the IODD SSD Enclosure (https://www.iodd.shop/HDD/SSD-Enclosure) which can emulate an optical drive and allows you to select an ISO saved to the drive to boot from.

#linux #boot #security #malicious #backdoor