Mastodon Feed
Reblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
dredmorbius@toot.cat ("Doc Edward Morbius ⭕") wrote:
tired: Oxford
wired: 0xF04D
inspired: 0x4D
Mastodon FeedMastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
trabern@mas.to ("18 USC 241") wrote:
Live your life such that the only gripe about you with traction is your age
Mastodon Feedjsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
huh, this looks good.
trust me: doing a decent job of teaching design is *hard*
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
antlerboy ("Benjamin P. Taylor") wrote:
Design’s secret partner in research: Cybernetic practices for design research pedagogy – Sweeting and Sutherland (2023) https://stream.syscoi.com/2023/09/13/designs-secret-partner-in-research-cybernetic-practices-for-design-research-pedagogy-sweeting-and-sutherland-2023/
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
racheltobac@infosec.exchange ("racheltobac :verified:") wrote:
Here’s how I used AI to clone a 60 Minutes correspondent’s voice to trick a colleague into handing over Sharyn's passport number. I cloned Sharyn’s voice then manipulated the caller ID to show Sharyn’s name on the caller ID with a spoofing tool.
The hack took 5 minutes total for me to steal the sensitive information.So, how do we protect ourselves, our loved ones, and our organizations?
1. Make sure the people around you know that caller ID is easily faked (spoofed) and that voices can also be easily impersonated.
2. If they receive a dire call from “you”, verify it’s really you with another method of communication (text, DM, FT, call, etc) before taking an action (like sending money). Kind of like human MFA.Some suggest setting up a secret “verification word” with their folks ones so that if someone impersonates & demands money/access etc you can ask for the verification word to see if it’s a real crisis. This won’t work for all people but could work for some. If it’s a match, use it.
In general, I recommend keeping advice simple: if premise of call is dire use a 2nd method of communication to confirm a person is in trouble before taking action (like wiring money or sensitive data). Rapid text, email, DM, have others message repeatedly — before wiring money.
Bottom line is:
Scammers use urgency & fear to convince victims to take actions (like sending money, data, etc).
If premise of a call, text, email, or DM is too dire (or too good to be true), that’s a likely scam.
Use a 2nd method of communication to check it’s real before taking action!
Attachments:
Mastodon FeedGargron ("Eugen Rochko") wrote:
Figured this was worth getting on LP 🙂
Attachments:
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
racheltobac@infosec.exchange ("racheltobac :verified:") wrote:
The MGM attackers claimed they used one of the easiest ways to breach/ransom a company, a method I use often in my hacking:
1. Look up who works at a org on LinkedIn
2. Call Help Desk (spoof phone number of person I’m impersonating)
3. Tell Help Desk I lost access to work account & help me get back inWhile we wait for attack method confirmation, I’ll say that the attack method they claim worked for them does indeed work for me. Most orgs aren’t ready for phone based social engineering.
Most companies focus on email based threats in their technical tools and protocols — many are not yet equipped with the social engineering prevention protocols necessary to catch and stop a phone based attacker in the act. Teams need protocols to verify identity before taking action.
The 1st teams I go after when hacking are the folks who deal with requests from people constantly — IT, Help Desk, Customer Support, etc.
I often pretend to be an internal teammate to convince them to give me access, and I usually start with phone attacks bc they work fast.Email phishing attacks can get caught in good spam filters and reported.
The soft spot for many teams are the folks who handle the phone call requests.
There’s a perfect storm: lack of verification protocols, easy spoofing, compensation tied to how fast they handle requests.Questions to ask internally to see if your team is prepared to catch this attack:
- Do the folks who handle requests from team/customers use identity verification protocols?
- Do we rely on knowledge based authentication? DOB + caller ID matches ☎️ number in system, for example.
- Are our IT/Help Desk/Support teams compensated or promoted on the speed of saying yes to requests? Have we incentivized time for security protocols in Support?
- How do we verify identity first?Remember, most folks at work want to do a good job and often times “good work” means “fast work”. We can’t expect every employee to be able to come up with their own identity verification protocols on the fly — it’s our job to provide the right human protocols to catch this fast.
We’ll need to wait to learn the details of the attack and get confirmation.
In the meantime, I can tell you I compromise orgs w/ the exact phone attack the attackers claim to use and many orgs don’t have phone call based identity protocols to catch it yet.Update your phone based identity verification protocols to catch account takeover attempts!
You know your org best & there’s no one size fits all.
You can move from KBA (like DOB) to OTP on 2nd verified comm channel, call back to thwart spoof, service codes, pins, and much more.After hacking & educating orgs on how they can catch me, the biggest task I spend my time on is updating verification protocols to spot me next time. It’s maddening to get caught on their new identity verification protocol on the next pentest but there’s also nothing I love more.
More details here: https://x.com/RachelTobac/status/1701801025940971792?s=20
Attachments:
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
pts@octodon.social ("Paul Starr") wrote:
It’s simply false that the typical Mastodon user hasn’t heard of jokes. The typical Mastodon user has, in fact, been heavily involved in reverting inaccurate edits to the Wikipedia article on “Humour.”
Mastodon FeedNow that everyone is pissed at #Unity, #Godot is having a moment.
It's fascinating that #Epic saw that coming. The way to screw your #2 competitor is to help your #3 competitor:
https://godotengine.org/article/godot-engine-was-awarded-epic-megagrant/
Mastodon Feedcollinsworth@hachyderm.io ("Josh Collinsworth") wrote:
Several years ago, I had the idea to start a Vietnamese soup counter named "Pho Queue," and I honestly can't be sure any decision I've made ever since has been the correct one.
Mastodon FeedReblogged by slightlyoff@toot.cafe ("Alex Russell"):
dangillmor ("Dan Gillmor") wrote:
If Gov. Newsom signs this California right-to-repair legislation into law, it will be by far the biggest piece of good news in this arena so far. https://arstechnica.com/gadgets/2023/09/calif-passes-strongest-right-to-repair-bill-yet-requiring-7-years-of-parts/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
Mastodon FeedReblogged by lloydmeta ("Lloyd"):
b0rk@jvns.ca ("Julia Evans") wrote:
PATH
permalink: https://wizardzines.com/comics/path/
Attachments:
- A comic with the title “PATH”. panel 1: PATH is what causes "command not found" errors ``` $ ffmpeg zsh: command not found: ffmpeg ``` sad person (thinking): "but why?? I just installed ffmpeg!" panel 2: your shell has a list of directories it looks for commands in bash (thinking): "I'll check `/usr/local/bin` then `/usr/bin` then `/opt/local/bin` then ..." That list is in an environment variable called `PATH` panel 3: how to check which shell you're using To change your `PATH`, you need to know which shell you're using. To check, run a nonexistent command: ``` $ zxasdfasfaewfhrasda zsh: command not found: ... ``` tada! your shell is zsh! panel 4: how to see your current PATH ``` $ echo $PATH ``` Or to format it more nicely in bash or zsh: ``` $ echo $PATH | tr ':' '\n' ``` panel 5: how to fix your PATH 1. figure out what directory you need to add (try `find / -name ffmpeg` if you can't figure it out) 2. edit your shell config 3. open a new terminal (very important!) panel 6: how to edit your shell config You'll need to add one line. The file you edit depends on your shell: for bash: add `export PATH=$PATH:/some/dir` to `~/.bashrc` for zsh: add `export PATH=$PATH:/some/dir` to `~/.zshrc` for fish: add `set PATH $PATH /some/dir` to `~/.config/fish/config.fish` (remote)
Mastodon Feedpzmyers@octodon.social ("pzmyers 🦑") wrote:
I've been roped into giving an honors lecture on families. Does it have to be human families? I hope not.
https://freethoughtblogs.com/pharyngula/2023/09/13/surprise-lecture/
Attachments:
- Monday September 18, 7pm in Imholte 109 Mark your calendars for the other three lectures in the series, all held in the same place at the same time: Dr. Stephen Gross on 9/25; Dr. Paul Z. Myers on 10/2; Dr. Sarah Buchanan on 10/9 Michelle Janning is a writer, social science researcher, speaker, and sociology professor and endowed chair of social sciences at Whitman College in Walla Walla, Washington. She teaches and consults on human-centered design, roles and relationships in families and workplaces, technology and social life, education, and inclusive data-driven assessment and strategic planning in organizations and architecture projects. Janning employs qualitative and quantitative methods in her academic and applied research, and has published numerous books, articles, and essays, including The Stuff of Family Life: How our Homes Reflect our Lives (Rowman & Littlefield, 2017), Love Letters: Saving Romance in the Digital Age (Routledge, 2018), and A Guide to Socially-Informed Research for Architects and Designers (Routledge, 2023). She has been interviewed about homes and family life, along with other social issues, in numerous media outlets, including Real Simple, Vox, The New York Times, BBC, The Atlantic, NBC News, and Parents.com. (remote)
Mastodon Feedjsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
"Bobbing in a small bay off the Persian Gulf was a collection of tiny unmanned vessels, prototypes for the kind of cheaper, easier-to-build and more mobile force that some officers and analysts of naval warfare said was already helping to contain Iran and could be essential to fighting a war in the Pacific.
Operating on a budget that was less than the cost of fuel for one of the Navy’s big ships, Navy personnel and contractors had pieced together drone boats, unmanned submersible vessels and aerial vehicles capable of monitoring and intercepting threats over hundreds of miles of the Persian Gulf, like Iranian fast boats looking to hijack oil tankers.
Now they are pleading for more money to help build on what they have learned."
Mastodon Feedjsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
Man At Center Of Major Gun Rights Case Allegedly Shot At Woman In A Parking Lot - HuffPost
https://apple.news/AzhmzQELZSnSV84D6XMOWGw
“Under the standard described by Thomas, the only gun restrictions permitted by the Constitution are those that existed in some form historically dating back to an unspecified period some time between 1791 ― when the framers signed the Bill of Rights ― and the end of the Civil War.”
Mastodon Feedcstanhope@social.coop ("Your friendly 'net denizen") wrote:
Oooh... ~3.5x speedup now. Heh heh. To get anymore I'll probably have to scrap the current implementation and runtime. Not in the cards at the moment. But 3.5x speedup is decent.
Mastodon Feedslightlyoff@toot.cafe ("Alex Russell") wrote:
A system where users have to dig something out of a menu is *shortcut* support, not PWA support.
Mastodon Feedslightlyoff@toot.cafe ("Alex Russell") wrote:
Don't know who needs to hear this, but browsers that implement prompts for installation of sites that meet quality criteria support PWAs.
Browsers that do not support prompting do not support PWAs.
It's that simple; PWAs are about trading quality for promotion.
Mastodon FeedReblogged by kornel ("Kornel"):
TicklishHoneyBee@strangeobject.space ("Lisa") wrote:
"We don't need to visit Egypt, we've got Suez at home."
Suez at home:
Attachments:
Mastodon FeedReblogged by kornel ("Kornel"):
Attachments:
Mastodon Feedjsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
time to stop looking at slip leash videos and take another walk
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
adactio ("Jeremy Keith") wrote:
Multi-page web apps
Mastodon Feedrmrenner ("The Old Gay Gristle Fest") wrote:
The Pokemon DLC is cute so far. The legendaries this time around are patterned after the story of Momotaro: Dog, Monkey, Pheasant and Ogre.
Mastodon FeedSure, sure. Scare tactics...
Attachments:
Mastodon Feedslightlyoff@toot.cafe ("Alex Russell") wrote:
Lotta folks seem to assume capitalism and decentralisation are compatible. It's vexing.
Mastodon Feedpzmyers@octodon.social ("pzmyers 🦑") wrote:
Da beautiful chaos of da prairie. Make it so!
https://freethoughtblogs.com/pharyngula/2023/09/13/what-id-like-my-yard-to-look-like/
Mastodon FeedReblogged by rmrenner ("The Old Gay Gristle Fest"):
postcardware@botsin.space ("postcardware.net") wrote:
Sent by Larry Guilliouma from McAllen, Texas, U.S.A. on November 24, 1995. https://postcardware.net/?id=28-46
Attachments:
Mastodon Feedcollinsworth@hachyderm.io ("Josh Collinsworth") wrote:
I recently had the privilege of joining Sean and Mike on the Web Perspectives podcast. We had a good, long chat about React, web history, frontend frameworks, the state of hiring in tech, side projects, where things are headed, a little about Deno, and lots of other nerdy things.
Podcast link: https://podcasters.spotify.com/pod/show/sean-g7/episodes/Why-ReactJS-is-Outdated-w-Josh-Collinsworth-e297f7j/a-aablddr
Mastodon Feedjsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
[BEGIN TODAY IN HISTORY RUN]
Mastodon Feedjsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
test