Security

Contrary to what is stated on the polyfill.io website, Cloudflare has never recommended the polyfill.io service or authorized their use of Cloudflare’s name on their website. We have asked them to remove the false statement, and they have, so far, ignored our requests. This is yet another warning sign that they cannot be trusted.

If it ain't 'murican we ban 'em!

Guess all foreign cars should be next, what with all the telemetry and all...

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.

im working on a decentralized chat app. i open sourced it to get feedback on the implementation.

for a project like this, its important for it to be open source in order to gain user confidence in the security. but i find that the project is too complicated for pro-bono security assessment work (which is understandable).

fiverr probably isnt the best place to find reputable support, but i wanted to see the prices. it seems to range from 50 to 5k+

i wont be getting the support any time soon, but id like guage an estimate. i havent done something like this before so any/all advice is appriciated.

i created a threat-model which may help: https://positive-intentions.com/docs/research/threat-model/

to explain my app in more detail: https://medium.com/@positive.intentions.com/introducing-decentralized-chat-377c4aa37978

github repo: https://github.com/positive-intentions/chat

KrebsOnSecurity has been in intermittent contact with LockBitSupp for several months over the course of reporting on different LockBit victims. Reached at the same ToX instant messenger identity that the ransomware group leader has promoted on Russian cybercrime forums, LockBitSupp claimed the authorities named the wrong guy.

LockBitSupp, who now has a $10 million bounty for his arrest from the U.S. Department of State, has been known to be flexible with the truth.

When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded.

Anyone here use fidelity (https://www.fidelity.com/)? I had to call to get something done with my account and thought it was weird that they have you (more/less) T9 dial your password into the system, though its not real T9 in that (for example) one press of 2 would mean either a,A,b,B,c,C,2. They say for special characters just give a * sign.

Any thoughts on if that is safe on their part? It seems weird to me since they either need the password in plaintext on their end or I guess the hash of the T9 version of the password which would be less secure anyways because of: all one case and only one type of 'special character'.

And yes: before you ask this was 100% the actual fidelity phone number: +1 800-343-3548

In their defense they did ask for other verification information once I got a person, but still felt really weird.

Any thoughts on the security of this mechanism?