Friday, December 2, 2022

It's more "secure"

from here and here

There are some scenarios where I can see fingerprint biometrics providing a lot of additional security, but phones and laptops aren't among them. It's like a combination lock with the combination written on it. They do provide convenience, and maybe that's what we should be caring about, but we shouldn't try to pretend it's for security

Forage on the enemy

found on Acid Cow

The criminals thought if they had a car faster than the police cars then they would be able to get away, but now that car is a cop car and Texas criminals will be even less likely to get away now that their own strategy is being used against them.

Thursday, December 1, 2022

Who's driving this thing?

from here and here

The Parkerian Hexad includes Control for a good reason. Police-controlled murderbots aren't going to seem like such a great idea when the police lose control of them, and of course there will be ways for adversaries to take over control of the robots. 

Steve Mould : I Hacked Into My Own Car

Watch on YouTube

I think one of the really interesting things about this video is that it shows someone taking a basic principle like the replay attack and figuring out how to make it work in the real world. It didn't work at first, and he went through a number of attempts and refinements before it finally did. This is an essential skill because you can't always just follow someone else's instructions, especially when you're dealing with something new and there are no instructions to follow yet.

Wednesday, November 30, 2022

How not to get a bug bounty

from here (image source)

XP's got plenty of bugs, but they're not going anywhere so it's no use finding those.

Not the kind of value we were hoping for

found on eBaum's World

This is, unfortunately, the real way online companies value our privacy - not as a matter of principle, but as a resource to be extracted and used/sold.

Tuesday, November 29, 2022

Isn't it ironic

from here and here

There is certainly a delicious irony in Google getting called out by none other than Google for taking to long to patch their shit. Seemingly the patch has been available for more than the 90 days that Google's Project Zero usually gives vendors. They didn't even need to develop the patch themselves, just apply it to their product, but apparently it's gotten held up in testing. 

Kinda makes you wonder, if Google can't even adhere to their own 90 day policy, why is it reasonable to expect it from others?

Hackers Gonna Hack case

Product Page

The typeface for this could have been anything, but the monochrome green on black binary code is a nice touch.

Monday, November 28, 2022

Gotta pay the privacy tax

from here and here (image source)

If ever there was an organization that a privacy tax would be paid to or filed with, Facebook would be the one. Of course, I don't mean a tax paid for the benefit of privacy - rather your privacy itself is the currency this tax is paid with.

Presumably H&R Block, TaxAct, and TaxSlayer were sending your tax data to Meta in addition to sending it to the government, rather than in place of sending it to the government. I'd hate to think they filing with the wrong entity.

Rest in peace, buddy

found on Acid Cow

Now, I don't have a phone or a wife, but I do have passwords out the wazoo, so I guess I'm safe.