Apple earned some trust unlike openai.
They want to allow forwarders (such as mailing lists) to modify signed messages all while keeping the original signed author email address. It is meant to replace ARC which is now deprecated. You can now verify who…
> Finally, one aspect to consider is that many mail servers reject mail when the Envelope From domain has no MX or A/AAAA records. When the Envelope From domain and From domain are identical, this may reduce the number…
I did but where is fun in that. When I got involved in infosec community decades ago, veterans told me then, I should always investigate for myself, not just reading someones reports, they were right. That’s why I…
Yes, and I have 250GB Evo Samsung with similar stats, of same age and power on time.
> Is this a theory or did you test this yourself? This is just a pointer for exercise you could do if you are interested. I can’t tell what is the actual HME vulnerability they claim to exist.
> Sure, that's possible, but I doubt it and I was also unable to trigger such behavior. An oversized message is bounced directly by the receiving SMTP server. > So the theory now has to be that possible to sneak…
Even when it rewrites message envelope and headers, the actual message body of an NDR (nondelivery report) can disclose original address information. Because the NDR is generated by the receiver server, the HideMyEmail…
I was using FDK AAC encoder, I didn’t know Apple encoder was available for systems other than Apple. Though I have once compared AAC FDK to Apple AAC at 192kbps, and couldn’t tell the difference, while the old FFmpeg…
This model looks pretty good on paper based on what it claims: up to 6.1 COP and is able to reach water temp of 59C. If it is able to deliver that would be news. So far models popular around where I live are all up to…
When it is about paying money for a commercial service I think it is valid point to vote with your wallet. Otherwise if it was a free service, it would not really matter as the whole VPN provider industry is dubious and…
> Apparently RHEL will even refuse to install a 2023 signed shim if the firmware lacks the certificate for it. Why is that? RHEL own blog post described that RHEL is distributing dual signed shim by both 2011 and 2023…
Yes but chrome is not from MAS. I have none MAS apps installed because they are simply not available via MAS.
Though there is a difference what store apps and non-store apps can do. I think is about store apps which are “sandboxed” and have to use public api to request then access information which non-store apps can access…
Windows 11 is not free software. Apple macOS, iOS, ipadOS all support HEVC and Dolby because Apple pays licensing costs, likewise Microsoft should do the same for Windows users, it is not free OS.
Unless users complain it’s not going to happen. Somehow SPA (Single-page application) consume memory as much as operating system.
Technically every domain is a ‘ghost’ domain until TTL expires and NS RRs are usually cached for very long.
The posted page said that finding logic bugs of this kind requires ‘understanding’ which LLM cannot.
> I expect tools like this to be a regular part of the development lifecycle from here on. We code with AI, we review with AI, we search for vulns with AI. Even if it isn't perfect, it is easily worth the cost IMHO. So,…
I think it’s problematic that one permission was automatically adding another high trust permission, that they argued as expected behavior and then they silently changed this behavior, fixing the reported security issue.
On my account they always serve Google issued certificates. There is also Let’s encrypt certificate but it is not used though. I guess that’s a fail-safe.
I see your point.
It's a software, not a machine. The comment is relevant to the suspicion that THE software is using (distributing) some OSS code without attribution.
I agree with your point but this is the reality: F.E. Python stdlib http.server comes with a warning: Warning http.server is not recommended for production. It only implements basic security checks. The `standard` way…
These are often not enough ‘battle-tested” and come with a warning to never expose to public internet. So then you put a WAF in front of it, and you are back to HTTP reverse proxy setup.
Apple earned some trust unlike openai.
They want to allow forwarders (such as mailing lists) to modify signed messages all while keeping the original signed author email address. It is meant to replace ARC which is now deprecated. You can now verify who…
> Finally, one aspect to consider is that many mail servers reject mail when the Envelope From domain has no MX or A/AAAA records. When the Envelope From domain and From domain are identical, this may reduce the number…
I did but where is fun in that. When I got involved in infosec community decades ago, veterans told me then, I should always investigate for myself, not just reading someones reports, they were right. That’s why I…
Yes, and I have 250GB Evo Samsung with similar stats, of same age and power on time.
> Is this a theory or did you test this yourself? This is just a pointer for exercise you could do if you are interested. I can’t tell what is the actual HME vulnerability they claim to exist.
> Sure, that's possible, but I doubt it and I was also unable to trigger such behavior. An oversized message is bounced directly by the receiving SMTP server. > So the theory now has to be that possible to sneak…
Even when it rewrites message envelope and headers, the actual message body of an NDR (nondelivery report) can disclose original address information. Because the NDR is generated by the receiver server, the HideMyEmail…
I was using FDK AAC encoder, I didn’t know Apple encoder was available for systems other than Apple. Though I have once compared AAC FDK to Apple AAC at 192kbps, and couldn’t tell the difference, while the old FFmpeg…
This model looks pretty good on paper based on what it claims: up to 6.1 COP and is able to reach water temp of 59C. If it is able to deliver that would be news. So far models popular around where I live are all up to…
When it is about paying money for a commercial service I think it is valid point to vote with your wallet. Otherwise if it was a free service, it would not really matter as the whole VPN provider industry is dubious and…
> Apparently RHEL will even refuse to install a 2023 signed shim if the firmware lacks the certificate for it. Why is that? RHEL own blog post described that RHEL is distributing dual signed shim by both 2011 and 2023…
Yes but chrome is not from MAS. I have none MAS apps installed because they are simply not available via MAS.
Though there is a difference what store apps and non-store apps can do. I think is about store apps which are “sandboxed” and have to use public api to request then access information which non-store apps can access…
Windows 11 is not free software. Apple macOS, iOS, ipadOS all support HEVC and Dolby because Apple pays licensing costs, likewise Microsoft should do the same for Windows users, it is not free OS.
Unless users complain it’s not going to happen. Somehow SPA (Single-page application) consume memory as much as operating system.
Technically every domain is a ‘ghost’ domain until TTL expires and NS RRs are usually cached for very long.
The posted page said that finding logic bugs of this kind requires ‘understanding’ which LLM cannot.
> I expect tools like this to be a regular part of the development lifecycle from here on. We code with AI, we review with AI, we search for vulns with AI. Even if it isn't perfect, it is easily worth the cost IMHO. So,…
I think it’s problematic that one permission was automatically adding another high trust permission, that they argued as expected behavior and then they silently changed this behavior, fixing the reported security issue.
On my account they always serve Google issued certificates. There is also Let’s encrypt certificate but it is not used though. I guess that’s a fail-safe.
I see your point.
It's a software, not a machine. The comment is relevant to the suspicion that THE software is using (distributing) some OSS code without attribution.
I agree with your point but this is the reality: F.E. Python stdlib http.server comes with a warning: Warning http.server is not recommended for production. It only implements basic security checks. The `standard` way…
These are often not enough ‘battle-tested” and come with a warning to never expose to public internet. So then you put a WAF in front of it, and you are back to HTTP reverse proxy setup.