"You! Explain what this world is about!"
Seems this sabre has been transported in time to the modern day, and is grumpy about it!
๐ธ @silverfoxwolf
๐ฏ @tungro as Seritus the Sabretooth Tiger
โ๏ธ @madebymercury
๐ 2024-07-20
๐ LondonFurs, London, UK
"IT'S A SWORD, IT'S NOT MEANT TO BE SAFE." My favourite scene from The Hogfather. ___ See how this comic was made here.adi-fitri (Tumblr)
In 2012, an industry-wide coalition of hardware and software makers adopted Secure Boot to protect against a long-looming security threat. The threat was the specter of malware that could infect the BIOS, the firmware that loaded the operating system each time a computer booted up. From there, it could remain immune to detection and removal and could load even before the OS and security apps did.
To this day, key players in securityโamong them Microsoft and the US National Security Agencyโregard Secure Boot as an important, if not essential, foundation of trust in securing devices in some of the most critical environments, including in industrial control and enterprise networks.
On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published whatโs known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.
The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.
โItโs a big problem,โ said Martin Smolรกr, a malware analyst specializing in rootkits who reviewed the Binarly research and spoke to me about it. โItโs basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basicallyโฆ execute any malware or untrusted code during system boot. Of course, privileged access is required, but thatโs not a problem in many cases.โ
Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.Ars Technica
โImagine a house where the drywall, flooring, fireplace, and light fixtures are all made by companies that need continuous access and whose failures would cause the house to collapse. Youโd never set foot in such a structure, yet thatโs how software systems are built.
โItโs not that 100 percent of the system relies on each company all the time, but 100 percent of the system can fail if any one of them fails.โ https://hachyderm.io/@wka/112849901858780783
brittleness is profitable only when everything is working โ Barath Raghavan and Bruce Schneier, โThe CrowdStrike Outage and Market-Driven Brittlenessโ https://www.schneier.Hachyderm.io
Shreddyfox at FWA24
๐ฆ: shreddyfox
๐: FurryWeekend
#Furry #Furries #Fursuit #FursuitFriday #Photography #Anthro #FurryArt #FurryArtist #FWA #FWA24
These oversized american vehicles are getting out of control! How can someone justify buying something big enough to crack the pavement just to pick up groceries or go to their office job?!
I bet this thing has never even seen mud. It's useless for doing any actual work. Its practically designed just for killing pedestrians and I think that shows exactly how much the landlord class in America values the lives of you and me and anyone else they see as beneath them.
Griffin:
Vote .org just announced a nearly 700% increase in daily voter registrations โ more than 38,500 new registrations โ in the 48-hour period following President Biden's announcement.
This figure marks the single largest number of voter registrations over a 48-hour period during the 2024 cycle.
๐๐ผ๐๐ผYounger voters between 18 and 34 accounted for 83% of new registrations.
Fantastic news for those of us who rely on breathing for our daily lives.
Change equivalent to removing 200,000 cars for a year, with capitalโs air quality improving at faster rate than rest of EnglandGwyn Topham (The Guardian)
OpenBSD enthusiast cooks up guide for the technically timid
If you want a simple step-by-step, this is the best we've seen French BSD enthusiast Joel Carnat has written a how-to guide on setting up a laptop with OpenBSD for general use. It's worth a go for the Unix-curious.โฆ
#theregister #IT
https://go.theregister.com/feed/www.theregister.com/2024/07/25/openbsd_for_the_people/
When Sunday made history as the worldwide hottest day on record, it held the top spot for just one day: Monday is now the warmest day of global average temperature
- and Tuesday is second.
Three global temperature records set in three days.
Climate crisis? What climate crisis?
https://apnews.com/article/climate-global-temperatures-10600ef3b2092dfc4d456f0d593ee0de
Global temperatures have dropped slightly after breaking the all-time heat record the two previous days. The European climate service Copernicus says Tuesday's global temperature was 17.15 Celsius, which is 62.87 Fahrenheit. That's just 0.SIBI ARASU (AP News)
Objective To evaluate the personal protective effects of wearing versus not wearing surgical face masks in public spaces on self-reported respiratory symptoms over a 14 day period. Design Pragmatic randomised superiority trial. Setting Norway.The BMJ
It's almost as if our glorious leaders really ought to, y'know, do something about it.
This is pure cartel behavior: Reddit and Google have cut a deal that will freeze out all other search engines from indexing Reddit, where volunteers do essentially all the work.
This should not be legal.
It is VITAL to replace Reddit, and it will take a global village to do it. If we don't, the cartel wins.
And Google should be broken up by Congress, if the antitrust people won't try.
https://www.404media.co/google-is-the-only-search-engine-that-works-on-reddit-now-thanks-to-ai-deal/
DuckDuckGo, Bing, Mojeek, and other search engines are not returning full Reddit results any more.Emanuel Maiberg (404 Media)
It's 2026, McDonald's has partnered with IBM again for verbal order placement in the drive through.
You left your wallet at home, but know tap to pay works with your phone.
You arrive at the takeout window, no one is there. Your food is behind a glass mechanical door. You tap your phone and a voice tells you:
"This payment method is not accepted, please use a trusted device."
You ask what a trust device even means, a voice responds devices without any modification to the Operating System. You don't care what an OS is, you want those chicken nuggets.
You press again and the voice gives an example "Your device may be jail broken." You ask why this gets in the way of paying with your card backed by your connection to BigPhoneOSCorp.
The voice says: "I cannot disclose that information"
You drive away.
The person behind you never gets their food, the voice thinks it is still in a conversation with you until they pay... for your food.
The window won't switch food until the next driver rolls in.
They can't get their food until they pay for the previous persons food.
They never scripted this edge case.
For the next three years this location continues to serve food offset by one customer.
Why are you doing things on my device that require that level of scrutiny?
"Apple/Google pay!"
Then just disable that feature and let me use the card you're storing deets of on your server.
No one cares if a rootkit manages to order 100 mcnuggets on my behalf. They can mcshove it.
If Tesla (the organisation) ceased to exist, how much functionality in a Tesla (the car) would cease to work?
Would it still be driveable, able to charge etc.?
Is the same true of other modern cars?
The exciting news about the R21 malaria vaccine makes me want to point out that malaria is endemic in parts of the world. And it kills about half a million people every year.
You know what's coming.
Say it with me.
All together now:
Endemic does not mean benign.
This one weird trick saved countless hours and stress
https://www.theregister.com/2024/07/25/crowdstrike_remediation_with_barcode_scanner/
This one weird trick saved countless hours and stress โ no, reallySimon Sharwood (The Register)
Third-party (AKA cross-site) cookies are harmful to the web, and must be removed from the web platform. This finding explains why they must be removed, and examines the challenges in removing them.www.w3.org
Basically, a good way to never trust "it's okay, the data is anonymized" again is simply knowing what the "Hemisphere Program" is.
https://www.eff.org/cases/hemisphere
In short, the US government got access to number from, number to, datetime, length and sometimes location information for every call passing through AT&T's network from 1987 to today.
Then they ran an algorithm to de-anonymize every burner phone based on behavior. They did this because maybe some of those burners were used by drug dealers.
For almost 10 years, federal and local law enforcement agencies across the country have engaged in a massive and secretive telephone surveillance program known as โHemisphere.Electronic Frontier Foundation
A web extension that redirects YouTube, Twitter, Instagram, etc. requests to alternative privacy-friendly frontendslibredirect.github.io
More fluff. #TummyTuesday
๐น @Prus & me
#furry #fursuit #LupeSuits #FoxFursuit #BellyFur #belly #CuteFursuit #video #FursuitVideo