Show more

Scoop: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today.

krebsonsecurity.com/2024/08/na

For today’s pet photo, here’s my dog Nell in #Zelda #TearsoftheKingdom! Just had to edit her pic into the Hyrule Compendium lol!

#pets #dogs #dogsofmastodon #mondog

It takes good taste in simplicity to craft well a complex design.

Try out our new desktop environment, COSMIC. It’s still in alpha, so expect bugs! Reports, theming, and configuration screenshots are welcome :) s76.co/qGr4qNLt

So earlier this year I wrote about this cybercrime rapper named Punchmade Dev, who wears outlandishly gaudy and expensive stuff around his neck and croons in videos in front of stacks of cash at ATMs, talking about how to do wire fraud, cashout PayPal and Cash App accounts, etc. The story showed how this Punchmade character seems to be a 22-year-old guy in Lexington, Ky named Devon Turner who operates multiple web stores that sell apparently compromised payment cards and identity information (alongside check printing software and tutorials on....wait for it...OPSEC!).

On a hunch that maybe Punchmade's lack of opsec might have caught up with him, I checked PACER and found instead that he recently sued his bank, alleging they discriminated against him for his race over his denied request to transfer $75,000 out of his account. Incredibly, Mr. Turner signed his pro se complaint filed in a Kentucky court with the same phone number and email address that are tied to the Punchmade domain names that are selling products like "ID+ High Balance CC, ID front/back, SSN, and 7$k-10k CC, for $80"

Here's the story:
In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade's social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. Now the Kentucky native is suing
his financial institution after it blocked a $75,000 wire transfer and froze his account, citing an active law enforcement investigation.

krebsonsecurity.com/2024/08/cy

#Ventoy Security Concerns (please boost for visibility)

Ventoy is a popular utility for making USB drives containing multiple operating systems in the form of bootable image files. While very useful in theory, the source tree contains numerous binary blobs without source code. This issue has been brought up to the authors multiple times, have not been corrected, and have even gotten worse (more blobs have been added to the code over time). This is a potential malware vector, similar to the "test files" in the xz-utils backdoor catastrophe.

Recently the author has ignored a very lengthy thread raising security concerns because of these binary blobs. Given the amount of attention the thread has gotten, this seems strange, especially given that the authors have been active since then. github.com/ventoy/Ventoy/issue

Stranger yet still, a video by Veronica Explains (@vkc) on how to create bootable USB flash drives got flooded by comments heavily suggesting the use of Ventoy and even being somewhat accusing because Veronica didn't advertise Ventoy. This is... not anything I've seen users of ANY open-source project do, and it feels similar to the social engineering done against Lasse Collin that convinced him to add Jia Tan as a maintainer, thus compromising xz-utils. See the comments of youtube.com/watch?v=QiSXClZauX

If you're using Ventoy, you may want to consider ceasing its use for the time being out of an abundance of caution. If you truly need its functionality, you might look into something like the IODD SSD Enclosure (iodd.shop/HDD/SSD-Enclosure) which can emulate an optical drive and allows you to select an ISO saved to the drive to boot from.

#linux #boot #security #malicious #backdoor

I will say, though, at least the highest GSP I've gotten (9.6mil) is with my main (Sheik) and not some rando like Ganondorf....

Show thread

(But really, I think there's a thing with people around my level ranking online better with some random character as opposed to their actual main)

Show thread

Meanwhile, I go offline and play against a level-9 I used to struggle hard against, Terry, and succeed with two stocks to spare and no stress.

I used to try to climb the GSP ladder and used to be ranked better but I'm moreso just using online as practice. There's a SSBU club at my college, and a local not to far away from where I live while not at college; *that's* where I want to do well. And get to meet people IRL, make friends, and have fun together.

Show thread

So I've been practicing Sheik a lot lately. I generally don't like playing online, but I decided to go back online and play some and I feel like I'm getting better -- using more Sheik tech, having more toe-to-toe matches and holding my own a lot better -- but I'm only like at about 6mil -ish GSP. (We're not gonna even mention that my Ganondorf is above 7mil...)

A man designs and builds a racecar that is supposed to win a particular race, and another man drives it and wins that particular race. Did the driver do the most to win or did the designer+builder do the most to win?

Well, rarely; it doesn't do it every time. It's pretty strange

Show thread

Waiting for the day Firefox fixes the bug where touchpad pinch-to-zoom on Wayland opens the search bar and changes your search engine... 🙂 weird.

Found it, part of my ASCII.s stdlib. Came up with a change, which compiles to about 24 bytes, compared to about 55 bytes, but uses a loop. These print out the tenths, hundredths, and thousandths places of a decimal number; I think I'll keep the former code, since it is branchless, I/O aside, and since I might want to remove the thousandths place anyway (since Q16+8 numbers aren't quite that precise).

Show thread

Yeah, definitely appears to be part of that function. That's modulo code for sure, too.

Show thread

I'm finding this sequence multiple times; part of it or exactly this keeps on appearing in my compiler's output. I think it's performing a modulo by the Q16+8 value 10.0, then converting the number to ASCII then printing it. Part of the Q16+8 decimal print function, I think.
(Also - 0x30 is ASCII '0', not 'H')

Show thread
Show more

Ethan Black's choices:

Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml