- 0 Posts
- 96 Comments
One thing the article doesn’t make very clear is that for 2FA the PIN requirement comes from the site itself. If the site requires User Verification, the PIN is required. If not, it is not prompted even if set and this attack is possible. The response to the site just says they knew it.
It is different for Passkeys. They are stored on the device and physically locked behind the PIN, but this is just an attack on 2FA where the username and password are known. (In depth it’s more than that, but for most people walking around with a Yubikey…)
It also seems limited in scope to the targeted site and not that everything else protected by that specific Yubikey. That limits how useful this is in general, which is another reason it is sort of nation-state level or an extremely targeted attack. It’s not something your local law enforcement are going to use.
I think the YubiHSM is a much more appealing target, but that isn’t so much a consumer device and has its own authentication methods.
I was confused how a resume or application would be largely affected, but the article points out that software is often used to look over social media now as part of hiring (which is awful).
The bias when it determined guilt or considered consequences for a crime is concerning as more law enforcement agencies integrate black box algorithms into investigative work.
I think this is the crux of the article. In the past most people have considered photographic evidence to be very convincing. Sure, you could be removed from a photo of Stalin, and later people could do photoshop (with varying realism), now it’s a few words to make changes that many people believe without hesitation. Soon it will happen to video too, very soon.
Most people are not ready for it. Even shitty AI photos on social media get huge reactions with barely a handful calling them out.
Sir, this is a Wendy’s.
The game Overlord on the NES had the best intro music of the generation, IMO. It was a port of Supremacy from Amiga and other PCs. The Commodore 64 version had really great intro music too! (I love SID music and warez chip tunes) The Commodore intro melody was later used in a Machinae Supremacy song.
I really enjoyed the game StarTropics too. It had real world tie in stuff with physical media (anti-piracy, but it was neat), and I enjoyed the music and story. The second StarTropics had graphics that blew my mind, everything just looked so smooth.
Really great article, and thanks for posting the text of it.
Facebook is weird for me because it triggers my FOMO, but then if I use it all I see are a ton of random things with the most toxic people in the world living in the comments.
And similarly I just realized why my friends on instagram use stories and not posts, because for the most part stories is the only place I see content from people I know anymore (and again the FOMO).
I really relate to the sentence at the end, “there are people there but they don’t know why and most of what they are seeing is scammy or weird.”
Biden has said it out loud for nearly 40 years, “If there were not an Israel, we’d have to invent one.”
It’s power projection in a traditionally less than friendly region. They might not like what they do, they might regret that they let them be an independent government, but they won’t do anything of real substance. Just ask the USS Liberty vets.
Before his Twitter addiction it was much easier to think of him as a rich genius like you see in comic books, mostly since nobody knew what he was thinking. He’s also managed a celebrity-like persona that someone like robot Mark Zuckerberg could never pull off. That and money will always get hangers on.
The Mozilla Corporation does not accept monetary donations, those go to the nonprofit Mozilla Foundation. This is a common misunderstanding.
Mozilla Location Services is currently run by the Corporation. I imagine making that dataset public could have privacy implications, since it is likely relying on wifi locations.
The profits are owned by the Corporation, which is why the Corporation does all the crazy spending and paying millions to executives, because as long as there is enough separation what they do internally does not affect the tax situation of the Foundation. After the for-profit pays taxes, the non-profit can get dividends and other payments from them, but it is not just a way to wash away tax from all the money.
The Corporation acts like a company because it is one. This is different than Konqueror, Epiphany, or most of the Firefox forks.
The Mozilla Corporation is a for-profit company founded in 2005 by the Mozilla Foundation. I think part of the problem is more people don’t realize this. It’s the same reason you can’t donate to Firefox development, donations to “Mozilla” go to the Mozilla Foundation, not the company that builds Firefox.
Yes, Copilot is their AI product line. The naming is awkward because the word itself sounds kind of weird, but in general it would be AI for Use Case. That’s how most of their products are named now.
They have something like a dozen Purview products and eight or more Defender products. They’re all grouped by function for use case/environment.
They do, but I think Google is worse about it because it’s all random back and forth. Most of Microsoft’s recent changes have been renaming Office something or Azure something to Microsoft something. Often the product name itself hasn’t changed, or when it does it’s usually grouping a bunch of products with separate names under one product line with related functionality (Defender didn’t rename, but it also absorbed a lot, Purview and Entra were new absorbed a lot of other product names). Teams was Lync and then Skype for Businesses, but I actually think the simplifying and getting away from the Skype branding was a good move.
Microsoft also seems to have a more thought out process for new products in the first place and doesn’t have the reputation for abandoning things all the time.
I think most people that traditionally used iTunes didn’t keep other copies somewhere else, since it was meant to be the music manager for all music, so if it screws up their library they lose their files.
The uploading and syncing local files was (is) already a feature of iTunes Match. Apple Music just expands it to allow it for music they don’t own, however people have had it take their files and relabel them as Apple Music files and then lock them out if they cancel their subscription.
The downside is combining my local music management with their streaming service, I’d rather they were entirely separate with the option of playing local files, as Spotify does. The option to upload files would be fine.
Tune My Music is legit. It is what Deezer uses if you transfer. I think if you do it through Deezer it’s even free: https://www.deezer.com/explore/en-us/features/transfer-playlist/
If they arrest someone to gain access to their key, they don’t need this attack to use their key. They can just use their key.