Your concerns aren't unfounded, but they're a bit misplaced. Password managers aren't intended to protect you from a local attacker, on your machine, like the malware you described. It is trivial to capture clipboard…
You're right, it is done. I worded my comment carefully to leave room for this because it's hard to prove a negative, but I stand by my statement, specificay in refuting the implication from the original comment: we…
GMO's are not produced by targeted radiation in the way you have described, at least not as common practice (i.e. the GMO food you buy isn't created this way). GMO crops are generated in two ways: targeted gene…
It's worth drawing the distinction that Steam, as opposed to Apple and their app store, does not hold an exclusive monopoly and cannot dictate where users can install software from. If a Dev doesn't like Steam, there…
I had this happen recently with a finance website! Although technically the reverse, it silently stopped logging me in because the password field was changed to use HTML validation to enforce a max length of N, but they…
Interesting, I haven't worked with rainbow tables very much since by the time I got into the world of hash cracking it had either been deprecated by salting or wasn't relevant (i.e. NTLM). That is a clever trick of…
Unfortunately short of forcing everyone to use an ORM I don't see how we can block the unsafe API, which I'm assuming to be the string-based query interface e.g. `conn.query("SELECT * FROM users")` since any interface…
Compromising the hash and salt, since they must be stored close together, makes it possible to identify if the salted hash is a password in a corpus of previously compromised passwords. An attacker can do Hash(PW, Salt)…
You're probably thinking of the twitter account @justsaysinmice, https://twitter.com/justsaysinmice. For the uninitiated and otherwise unaware, many studies regarding illnesses, disease, nutrition, exercise, medicine,…
It is worth noting that there exists legitimate RATs that offer the bullet point features you've highlighted. The marketing issue is another problem entirely; these legitimate projects are usually open source on GitHub…
> I think a lot of vegans drink soy and pea protein powders to get enough protein in their diet. Actually a common misconception, most vegans get more than enough protein in their diet eating a relatively…
The previous discussion on HN highlighted Mens rea with regards to establishing intent, i.e. they didn't have criminal intent (they went in with the understanding that they had full rights and privileges to be there)…
As a vegan who tracks their nutrients and vitamins pretty closely, I do not have trouble getting enough choline. The big hits in the vegetable world are: soybeans, cauliflower, potatoes, peanuts, kidney beans,…
Sweeteners are addictive, leads to more sales.
Re: stores that promote home cooking, their prices make them largely inaccessible to the broader market (and those who make less) since they tend to be branded "health food stores" and the markup is 50% or more. Heck,…
I would posit that even mass manufactured is slightly off point. For instance, if you can produce bread dough of the same consistency and quality with 4 ingredients (flour, water, salt, yeast) how does scaling it, in a…
As a note, "sugar" isn't the only added sugar ingredient you'll find in bread, or really any packaged food. For instance, I read through the nutrition guide for Breadsmith's breads and rolls, 28 of their 44 offerings…
As someone who works as a "white hat hacker", allow me to shine some light on the industry. There are many branches, distinctly divided into two categories: Red team/Attackers and Blue team/Defenders. Within the…
Yes, the author is specifically refering to KVM (https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine) which was merged into the Linux kernel in 2007. Whereas Docker…
I thought the exact same thinng.
I got as far as the Security section before I had to comment. They claim they care about data and user security by providing a fingerprint reader, which is known to be a poor method of authentication, as well as…
But I feel like it would have been the same if he got to the point he did and recognized that he had access to keychains. Whether or not he actually accessed them,especially since they weren't auditing (from what I…
I see your point but I'm not sure if having passwords like 'changeme' qualifies as being a privacy violation... You should almost expect it to happen at that point. But I do recognize that cracking passwords goes a step…
While I'm on his side, his wording seems to indicate he did download data from SOME of the buckets, just not those specifically containing user sensitive data.
I understand how dumping SENSITIVE data can make you a flight risk, but he specifically outlined that he avoided dumping anything sensitive (that is anything directly related to Users and their data). He did dump S3…
Your concerns aren't unfounded, but they're a bit misplaced. Password managers aren't intended to protect you from a local attacker, on your machine, like the malware you described. It is trivial to capture clipboard…
You're right, it is done. I worded my comment carefully to leave room for this because it's hard to prove a negative, but I stand by my statement, specificay in refuting the implication from the original comment: we…
GMO's are not produced by targeted radiation in the way you have described, at least not as common practice (i.e. the GMO food you buy isn't created this way). GMO crops are generated in two ways: targeted gene…
It's worth drawing the distinction that Steam, as opposed to Apple and their app store, does not hold an exclusive monopoly and cannot dictate where users can install software from. If a Dev doesn't like Steam, there…
I had this happen recently with a finance website! Although technically the reverse, it silently stopped logging me in because the password field was changed to use HTML validation to enforce a max length of N, but they…
Interesting, I haven't worked with rainbow tables very much since by the time I got into the world of hash cracking it had either been deprecated by salting or wasn't relevant (i.e. NTLM). That is a clever trick of…
Unfortunately short of forcing everyone to use an ORM I don't see how we can block the unsafe API, which I'm assuming to be the string-based query interface e.g. `conn.query("SELECT * FROM users")` since any interface…
Compromising the hash and salt, since they must be stored close together, makes it possible to identify if the salted hash is a password in a corpus of previously compromised passwords. An attacker can do Hash(PW, Salt)…
You're probably thinking of the twitter account @justsaysinmice, https://twitter.com/justsaysinmice. For the uninitiated and otherwise unaware, many studies regarding illnesses, disease, nutrition, exercise, medicine,…
It is worth noting that there exists legitimate RATs that offer the bullet point features you've highlighted. The marketing issue is another problem entirely; these legitimate projects are usually open source on GitHub…
> I think a lot of vegans drink soy and pea protein powders to get enough protein in their diet. Actually a common misconception, most vegans get more than enough protein in their diet eating a relatively…
The previous discussion on HN highlighted Mens rea with regards to establishing intent, i.e. they didn't have criminal intent (they went in with the understanding that they had full rights and privileges to be there)…
As a vegan who tracks their nutrients and vitamins pretty closely, I do not have trouble getting enough choline. The big hits in the vegetable world are: soybeans, cauliflower, potatoes, peanuts, kidney beans,…
Sweeteners are addictive, leads to more sales.
Re: stores that promote home cooking, their prices make them largely inaccessible to the broader market (and those who make less) since they tend to be branded "health food stores" and the markup is 50% or more. Heck,…
I would posit that even mass manufactured is slightly off point. For instance, if you can produce bread dough of the same consistency and quality with 4 ingredients (flour, water, salt, yeast) how does scaling it, in a…
As a note, "sugar" isn't the only added sugar ingredient you'll find in bread, or really any packaged food. For instance, I read through the nutrition guide for Breadsmith's breads and rolls, 28 of their 44 offerings…
As someone who works as a "white hat hacker", allow me to shine some light on the industry. There are many branches, distinctly divided into two categories: Red team/Attackers and Blue team/Defenders. Within the…
Yes, the author is specifically refering to KVM (https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine) which was merged into the Linux kernel in 2007. Whereas Docker…
I thought the exact same thinng.
I got as far as the Security section before I had to comment. They claim they care about data and user security by providing a fingerprint reader, which is known to be a poor method of authentication, as well as…
But I feel like it would have been the same if he got to the point he did and recognized that he had access to keychains. Whether or not he actually accessed them,especially since they weren't auditing (from what I…
I see your point but I'm not sure if having passwords like 'changeme' qualifies as being a privacy violation... You should almost expect it to happen at that point. But I do recognize that cracking passwords goes a step…
While I'm on his side, his wording seems to indicate he did download data from SOME of the buckets, just not those specifically containing user sensitive data.
I understand how dumping SENSITIVE data can make you a flight risk, but he specifically outlined that he avoided dumping anything sensitive (that is anything directly related to Users and their data). He did dump S3…