frongt

@frongt@lemmy.zip

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨CVE-2026-42530 & CVE-2026-42055: NGINX RCE Flaws Explained. Patches Released⁩ ⁨⁨19⁩ ⁨hours⁩ ago⁩:
Major distros like Ubuntu backport security fixes to the stable version.
⁨Comment⁩ on ⁨How a USB-connected speaker can infect a PC without ever being touched⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Right. The common one is an initially malicious device given to an unsuspecting user. This is a stock device that a user already has and trusts. It’s a huge vulnerability that an unauthenticated user can completely take it over. This is a 9.3 CVE, without even considering pivoting to the PC.
⁨Comment⁩ on ⁨How a USB-connected speaker can infect a PC without ever being touched⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

I was able to totally remotely, over the air, upload a custom firmware to my speaker which I hadn’t paired with, which would reboot, flash the custom firmware, and after rebooting type in the command echo pwned and execute it.

So an attacker can hack someone else’s speaker, turn it into a keyboard to the paired PC, and from there attack the paired PC.
⁨Comment⁩ on ⁨He Blew the Whistle on DOGE. Then His Brakes Were Cut⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
You don’t even need to make it look like an accident. You can murder a cyclist by hitting them with your car and get just like six months in prison.
⁨Comment⁩ on ⁨He Blew the Whistle on DOGE. Then His Brakes Were Cut⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Yes, regenerative braking
⁨Comment⁩ on ⁨Rideshare drivers unionize in Massachusetts, creating the App Driver’s Union⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Where did it lead?
⁨Comment⁩ on ⁨The rich convinced us that taxing them is too complicated but everyday people can be taxed pretty easily⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
That pay cap would hit at about $1.5m. I think that’s okay. I did some napkin math and eyeballed it to graph the proposed tax rates vs 2018’s marginal and effective (because that’s what was available): lemmy.zip/…/61835557-1968-4d28-be95-493de6de6900.…

It’s not the worst idea I’ve heard, but I’d want to scale by the number of taxpayers in each bracket to find out how much tax revenue we’d win or lose. A real congressional study would also consider what is considered “income” for tax purposes, and whether this would cause anyone to get creative with their compensation to avoid paying more tax (well, even more than they already do).
⁨Comment⁩ on ⁨The rich convinced us that taxing them is too complicated but everyday people can be taxed pretty easily⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Twitter screenshot meme slactivism aside, it’s because private land is a limited resource. The more you keep for yourself, the more you pay (generally).
⁨Comment⁩ on ⁨Work wifi access⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I would never connect my personal devices to a company network. They can inspect your traffic.
⁨Comment⁩ on ⁨American workers are tired of waiting.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Useful content. This content does not meaningfully advance work reform.
⁨Comment⁩ on ⁨American workers are tired of waiting.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Can you not repost trash memes from reddit? There’s a reason we left.
⁨Comment⁩ on ⁨Democratic Socialism in the Workplace and Hierarchy by Consent (OC)⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
So a worker-owned co-op?
⁨Comment⁩ on ⁨Thoughts on Darktrace or MS Sentinel?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
What fucking kind of school allows sales pitches in classes? Alignment with corporations is bad enough.

In the real world, companies generally don’t use them unless required. I’d recommend starting with the open-source products like wazuh.
⁨Comment⁩ on ⁨Wireshark tutorial: Capture vs. Display Filters⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I wish Wireshark had a filter builder. Display filters are fairly easy to write, because you can build them from captured packets and it makes suggestions as you type, but there’s nothing for the more important capture filters. Having two sets of syntax doesn’t help.
⁨Comment⁩ on ⁨Millennials Owe 500% More in Student Debt Than Their Parents Did⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Same reason as the rest of college being expensive. The can charge whatever they want because the government will loan the money to pay for it.
⁨Comment⁩ on ⁨Despite Apocalyptic Warnings, California Fast Food Wage Hike Didn’t Kill Jobs⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Isn’t that literally what people were forecasting?
⁨Comment⁩ on ⁨Someone has publicly leaked an exploit kit that can hack millions of iPhones⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Had to use duckduckgo to find it, but just “darksword site:github.com” worked. It’s not showing up in Google results.

github.com/htimesnine/DarkSword-RCE

There’s also an implementation in objc: github.com/opa334/darksword-kexploit
⁨Comment⁩ on ⁨PC MLA says hackers accessed and shared intimate images on his devices⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Progressive-conservative member of the legislative assembly, the provincial legislature in Nova Scotia, Canada. Guy’s name is Rick Burns. Also he’s the ministerial assistant for cybersecurity.

No, I don’t know what the fuck a progressive-conservative is either.
⁨Comment⁩ on ⁨Farming for self sustainance⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Very realistic. You can do that right now. Lost of people around the world rely on subsistence farming.

But it’s not particularly enjoyable. And you’ll still be working a lot. Plants and animals don’t take days off.
⁨Comment⁩ on ⁨Arbitrator settles flight attendant wages at Air Canada, as labour dispute comes to official end⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
So they’re still getting paid less than thair wage for work on the ground. At least they’re getting paid; I know some airlines don’t pay them for their work at all until the door closes.
⁨Comment⁩ on ⁨N00b wanting to get into this field - NL Cybersecurity⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
In the US, the cert most often expected is sec+.

Generally you should look at job listings and work backwards from there. Most companies use software like nessus and splunk, and there are plenty of free alternatives to those and others that you can play around with.

Competency in networking (firewall rules/acls, routing, subnetting) and programming (python, powershell, bash, batch script) are a big benefit.
⁨Comment⁩ on ⁨Update: Remote Access Trojan backdoored through WINE⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
That’s a lot of words and no actual evidence. Like you see 20copyfiles, but what does it actually do? You see privoxy installed, but how is it configured?

Like 80% of this is just you seeing something and making wild assumptions. Like a trivial google search for “kernel drop_monitor”, since I’ve never heard of it:

www.kernelconfig.io/CONFIG_NET_DROP_MONITOR

This feature provides an alerting service to userspace in the event that packets are discarded in the network stack.

I know remote-fs is normal because it’s part of every install I’ve seen: ubuntu-mate.community/t/…/24640

Neither of these are evidence of compromise.

And while privoxy can be used with tor, it’s by no means a good way to do anything, and certainly not the primary way to use Tor (that would be their own client).

The stuff clamav is picking up could certainly be malware, if you downloaded some cracked software or something. But as I mentioned last time, exploiting Linux via Wine is an extremely unlikely attack vector.
⁨Comment⁩ on ⁨Absolute disaster, RAT backdoored through WINE. Assistance with Docker⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Wine to Linux seems like an unlikely attack vector. What led you to believe you were compromised? I’m not sure what the screenshots are supposed to show, and the text file isn’t loading.

If you can share the evidence of compromise itself, or the disk images, I’d like to take a look at it.
⁨Comment⁩ on ⁨Minimal CVE Hardened container image collection⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

A collection of production-ready container images with minimal CVEs
⁨Comment⁩ on ⁨Off-Topic Friday⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Water-filled space travel? Seems a significant disadvantage. Water is heavy, and weight is a major factor in getting to space.
⁨Comment⁩ on ⁨'Go Back and Play Morrowind and Tell Me That's the Game You Want to Play Again' — Former Bethesda Veteran Delivers His Verdict on Potential The Elder Scrolls Remasters - IGN⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I would rather they build a quality engine before any game.
⁨Comment⁩ on ⁨Xbox Hardware Sales Plunge 32% YoY as Services Keep Gaming Division Afloat⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
eurogamer.net/sony-has-patented-an-ai-gaming-ghos…
⁨Comment⁩ on ⁨Why do you need a launcher? (asking older gamers actually)⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I resent the accusation that I need a launcher. I don’t.
⁨Comment⁩ on ⁨Breaking Bitlocker - Bypassing the Windows Disk Encryption⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
People who prefer that much convenience vs security.
⁨Comment⁩ on ⁨Breaking Bitlocker - Bypassing the Windows Disk Encryption⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

it is pretty much applicable to all devices using the default BitLocker “Device Encryption” setup, as this configuration relies solely on Secure Boot to automatically unseal the disk during boot.

That is, only the default “transparent” bitlocker mode. If you have any other additional protection (pin, password) set it doesn’t affect you.