Search Public

Found 22 bookmarks

Newest

Stop macOS 15 Sequoia monthly screen recording prompts

I've not run into the new monthly screen recording prompt yet but I can imagine that when I do it might get annoying. I appreciate Apple being super cautious with security and stuff like this, most of the time, but this feels a bit too much.

It's good to know there is a way to work around it, if you're happy to go "under the hood".

#Apple #macos #security

·lapcatsoftware.com·Sep 21, 2024

Stop macOS 15 Sequoia monthly screen recording prompts

gaining access to anyones browser without them even visiting a website - eva's site

So I’m glad I never got comfortable with Arc, having briefly tried it and not really liked it.

#security #web #browser

·kibty.town·Sep 20, 2024

gaining access to anyones browser without them even visiting a website - eva's site

S3 Bucket Namesquatting - Abusing predictable S3 bucket names – One Cloud Please

Given I’m fairly new to AWS, I was surprised to find that S3 has a global namespace. And so of course squatting is a thing.

#aws #cloud #serverless #security

·onecloudplease.com·Aug 16, 2024

S3 Bucket Namesquatting - Abusing predictable S3 bucket names – One Cloud Please

How an empty S3 bucket can make your AWS bill explode

Failing as designed, I imagine.

#aws #cloud #security #amazon #s3

·medium.com·May 1, 2024

How an empty S3 bucket can make your AWS bill explode

Story of one person's recovery of their Apple account

The circumstances of this person's ban are... up for debate and they don't seem very forthcoming with the details, so it does seem like it might have been deserved, to a degree. But, that aside, some handy information here for people if they do find themselves locked out of their Apple account.

#Apple #security

·reddit.com·Apr 26, 2024

Story of one person's recovery of their Apple account

A Microcosm of the interactions in Open Source projects

Some background on how the xz backdoor situation arose.

#security #open-source #programming #mental-health #free-software #foss

·robmensching.com·Apr 4, 2024

A Microcosm of the interactions in Open Source projects

Everything I know about the XZ backdoor

A timeline of the events in the creation of the xz backdoor.

#security #xz #open-source #backdoor

·boehs.org·Mar 31, 2024

Everything I know about the XZ backdoor

How We Executed A Critical Supply Chain Attack On Pytorch

"Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platforms. Used by titans like Google, Meta, Boeing, and Lockheed Martin, PyTorch is a major target for hackers and nation-states alike.

Thankfully, we exploited this vulnerability before the bad guys.

Here is how we did it."

#python #github #security #hacking #supplychain #packaging

·johnstawinski.com·Jan 14, 2024

How We Executed A Critical Supply Chain Attack On Pytorch

Our security auditor is an idiot. How do I give him the information he wants? - Server Fault

An old, but fun (and possibly questionable how real it actually is) thead on a security auditor asking some really dumb questions. Oh gods does this remind me of some IT compines I've dealt with in the past.

#security #humour #funny

·serverfault.com·Jan 10, 2024

Our security auditor is an idiot. How do I give him the information he wants? - Server Fault

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

"Last week, our automated risk detection platform alerted us to some suspicious activity in dozens of newly published PyPI packages. It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on to Python developer’s machines by hiding a malicious import . Join us here on the Phylum research team as we investigate these new and shifting tactics the attacker is using to deploy W4SP stealer in this supply-chain attack."

#python #security #typosquatting #supplychain #packaging #pypi

·blog.phylum.io·Nov 3, 2022

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack