Lmst

That's wild.. more details on the @lastpass hack.. attacker targets 1 of 4 DevOps engineers.. #security

https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/

Really don't understand why Signal introduced stories.. so weird..

@eminence that’s a fair point.. but don’t personally believe “supporting” open standards is enough…

But my bigger issue is with consolidation on one platform.. next we’ll see Google, Amazon doing the same and now we’re back to three cloud platforms running the “fediverse”.. and we’re back full circle ..

Look, I appreciate and acknowledge what they’ve done… just makes me sad, that’s all…

There has to be nothing worse than this from a taxation stand point:

"Severance: A single payout equal to four months base salary, and payments will be made according to local processes and timing requirements."

That will throw you into a crazy tax bracket.... ouch!

Tony Perez boosted:

It's adorable that people are only slowly realizing that Google search at least fed sites traffic, while chat AI thingies slurp up and summarize content, which they anonymize and feed back, leaving the slurped sites traffic-less and dying. But, innovation.

It is, in a way, a tragedy of the commons problem, with no easy way to police "over grazing" of the information commons, leading to automated over-usage and eventual ecosystem collapse.

As cool as the #wildebeest release, by @cloudflare , is.. technically it is .. "WOW"...

I can't help but think it goes contrary to everything that is the open web.. #notdecentralized

It's the continued dependency.. the continue consolidation.. that's what should worry us all #tech

https://blog.cloudflare.com/welcome-to-wildebeest-the-fediverse-on-cloudflare/

We have a lot more companies using this as an opportunity to "purge" and trim "fat" because everyone else is doing it more than actual economics..

"it's not just us, it's the macro headwinds"... translates.. "optimizing the bottom line"

#tech #business #layoffs2023

@seraphin don’t get me started on that.. haha

Tony Perez boosted:

The #malvertising campaigns via Google Ads are not just about software downloads and scams. They also include phishing for popular password managers such as 1Password.

The differences are so subtle, most people will fall for it.

Real URL:
https://my[.]1password.com/signin
Phishing URL:
https://my1pasword[.]com/signin

@seraphin umm.. weird.. it pushed me to their app only.. and I thought I was looking.. will have to go back and take another look..

Thanks for the heads up. Think this is a bigger frustration with all the big tech companies trying to consolidate all experiences and making alternative options such a pain (hiding, obscuring or not making available at all).

Which MS service were you trying? I was doing O365

Infuriating @Microsoft that a user is forced to use the “MS” Authenticator app only instead of any of the other options in the market.. doing #security wrong

@shelby weird, we don't perform any kind of domain validation.. will have to look into that

Tony Perez boosted:

T-Mobile says its customer records have been pillaged yet again. In a filing with the SEC, T-Mobile said it learned on Jan 5 that a "bad actor" abused an API to harvest names, billing addresses, phone numbers emails, dates of birth and T-Mobile account numbers on 37 million current postpaid and prepaid customers.

Perfect timing, too. There are only a few more days left for T-Mobile customers to claim their $25 or possibly more for T-Mobile's settlement from the breach last August, when they exposed similar data on at least 40 million current and former customers.

And to think this data was exposed despite T-Mobile saying as part of its settlement from last year's breach that they were going to invest $150 million into their own security infrastructure.

https://www.sec.gov/ix?doc=/Archives/edgar/data/0001283699/000119312523010949/d641142d8k.htm

https://www.cnet.com/tech/mobile/another-data-breach-has-hit-t-mobile-impacting-37-million-accounts/

Tony Perez boosted:

Most people who operate DDoS-for-hire businesses attempt to hide their true identities and location. Proprietors of these so-called “booter” or “stresser” services — designed to knock websites and users offline — have long operated in a legally murky area of cybercrime law. But until recently, their biggest concern wasn’t avoiding capture or shutdown by the feds: It was minimizing harassment from unhappy customers or victims, and insulating themselves against incessant attacks from competing DDoS-for-hire services.

And then there are booter store operators like John Dobbs, a 32-year-old computer science graduate student living in Honolulu, Hawaii. For at least a decade until late last year, Dobbs openly operated IPStresser[.]com, a popular and powerful attack-for-hire service that he registered with the state of Hawaii using his real name and address. Likewise, the domain was registered in Dobbs’s name and hometown in Pennsylvania.

https://krebsonsecurity.com/2023/01/thinking-of-hiring-or-running-a-booter-service-think-again/

Saved the best quote till the end, from @nixonnixoff :

"“When a booter service claims they don’t share logs, they’re lying because logs are legal leverage for when the booter service operator gets arrested,” Nixon said. “And when they do, you’re going to be the first people they throw under the bus.”

#booter #stresser #ddosforhire #ddos #Dobbs #IPStresser

Tony Perez boosted: