#NBA #NBAPlayoffs #ArtButSports

Via β ArtButMakeItSports 🤖
@ArtButSports

The Conjurer, by Hieronymus Bosch, 1496-1520, 📸 by Tyler Ross

Eye for an eye. #caturday #CatsOfMast #cat #photography #wine #redwine #snake

9,552,164 accounts
+1,077 in the last hour
+25,366 in the last day
+141,906 in the last week

#NFL #SuperBowlLVII #KCvsPHI #FlyEaglesFly #ChiefsKingdom #Sports #SuperBowl #Eagles #Chiefs

-
@_Gnarsenic

One of the most influential rap songs of all time (Ether) contained a homophobic slur. Nas took a lot of criticism for this decades later. So he now performs the song without the slur👍🏿

Lizzo released a track with an ableist slur. She took heat for this on Twitter too. She apologized, and re-cut the song without the slur👍🏿

Conversations about what a person said, are valid.

You don't get "cancelled" for mis-speaking. It's the doubling down.

*edit: Nas didn't re-release. There's a clean version.

A user on the cybercrime forum Breached is selling what they claim is info scraped via Twitter APIs from 400 million Twitter profiles, including email, name, account name, follower count and in many cases phone number. This was first brought to my attention by Alon Gal at Hudson Rock. https://www.linkedin.com/in/alon-gal-utb/

The seller told me they scraped the data using the same set of weaknesses in Birdsite APIs that allowed the scraping (and publishing) early this year of profile data on 5.4M Twitter users.

https://www.bleepingcomputer.com/news/security/54-million-twitter-users-stolen-data-leaked-online-more-shared-privately/

They said they scraped the data via an exploit that was patched earlier this year, in the login api, and specifically the part of it that checks for duplicate accounts.

That, according to the seller, leaked the Twitter user ID, which was then converted via another Twitter API into a username. They also said that same iterative process worked for user telephone numbers.

The vulnerability that was reportedly used to scrape the previously dumped 5.4M twitter user data set was reported to Hacker One on Jan. 1, 2022.

https://hackerone.com/reports/1439026

The seller released 1,000 new records as a teaser, and is trying to get Twitter to buy the data for an undisclosed amount.

They also pasted a number of "celebrity" accounts directly into the sales thread. Curiously, this record set does not have the phone number associated w/ my Twitter account. But it was in the 5.4M scrape that got released on the same forum last month. However, I removed the burner phone number from my profile around the time the seller said they scraped this data (beginning of 2022).

The data in both the teaser and the 1,000 user file includes follower counts for each user, and a spot check on about a half dozen of them show follower numbers consistent with what Archive.org and Sociable says about follower accounts at the beginning of Jan 2022/end of December.

They are selling it through the escrow service set up by the administrators of the forum, which is what you'd expect to see in a real offering for this volume of data.

Everything online gets leaked, lost, sold or stolen eventually. This is a fundamental reality that catches up with everyone. BTW this is not a recently acquired conviction: https://web.archive.org/web/20190216141214/https://twitter.com/briankrebs/status/1045091640480804864

But please, convince me I'm wrong if you can!

I know that over the years I've radically overhauled how I interact with companies I chose to do business with. For starters, I assume breach, which means that any information I share with them is likely going to be on the Internet at some point.

E.g., I no longer sign up for a new account somewhere without also doing it in a local, hardened VM and VPN.

I assume that the IP address I used to sign up there will be leaked in connection with my other account details, and probably the last IP I used. I assume records of what I'm doing or buying there will also be leaked.

Hell, I do pretty much all of my news reading now in the same kind of (separate) setup. No way I'm agreeing to run 97 pieces of Javascript from 22 uncertain destinations on the web. I know a lot of my readers unfortunately swear by ad blockers and rarely make exceptions (I'm not a big user of them myself for a variety of reasons), but being able to reset your system after a weekend of wantonly browsing the web is also nice.

Those are just a few basic examples. But I'm curious to hear from others -- How have the folks here altered the way they live and work online in response to the incessant reminders that everyone gets pwned?

Some food for thought over the, er...food coma the next few days :) Cheers!

Send Noods.

New York City.

#NYC #NewYork #Noodles #Food #Eating #StreetPhotography #Thursday #ThirsyThursday #ChineseFood #Yum #Photography #America #CityLife #Nudes

I've stayed on Twitter for a number of reasons, including functionality, archival purposes. and ease of use. I'm also just stubborn, and don't want Elon Musk dictating how I use social media. I use Twitter for me, not him.

After tonight's purge of journalists, that stance may no longer be tenable. I'm honestly not sure what Twitter is anymore, except the plaything of a thin skinned man baby with too much money and too many enablers.

At the urging of a few folks here, I decided to run a test to see which social networks clicked through most on this week's scoop about a hack of the FBI's InfraGard program.

https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/

LinkedIn tells me I have ~100k followers there. 80 Linkedin users commented on that story, but it looks like only about 25 of them actually clicked the link the first 24h!

A number equal to about 2 percent of my 350k Twitter followers clicked on the story (6600).

In contrast, the story posted here generated 3300 impressions in the same time period, even though I had (at the time) only about 15,000 followers. Also, That 3300 number would probably have been higher, but for the fact that I forgot to add the versioning link and edited that into it afterwards.

That tells me that, for now at least, engagement on Mastodon is significantly higher than on either LinkedIn or Twitter.

I'm still looking for a new design and/or web development gig, ideally part-time or contract, so I can keep working on Fipamo and The Bad Space.

I'm open to full-time strategy or product management roles as long as they are remote.

I keep a profile over on my site https://roiskinda.cool/profile.html that has a good overview of my skills and some links to some work.

For specific questions, send me a note, and we'll go from there.

When I view someone's Mastodon profile and it says "This profile has been hidden by the moderators of infosec.exchange," what should I take from that? That the account holder asked their bio to be private?

I've had the good fortune to travel a lot this year, and have noticed one thing above all: people smoke so much more in Chicago, NYC, and DC than they do in LA. It's really noticeable once you're not used to the smell.