Elephant0991

Easy excuse; anyone would believe it. It's the work of God.

bitdef

I don't think they tested Bitdefender, but you can ask your vendor about these CVEs

• CVE-2023-36672: LocalNet attack resulting in leakage of traffic in plaintext. The reference CVSS score is 6.8.
• CVE-2023-35838: LocalNet attack resulting in the blocking of traffic. The reference CVSS score is 3.1.
• CVE-2023-36673: ServerIP attack, combined with DNS spoofing, that can leak traffic to arbitrary IP address. The reference CVSS score is 7.4.
• CVE-2023-36671: ServerIP attack where only traffic to the real IP address of the VPN server can be leaked. The reference CVSS score is 3.1.

Whatever they were, the artist made it hard to think otherwise.

1. Yes, if it disconnected and is unable to sync, you can still access the vault.
2. If you change the master password elsewhere, when your app is able to sync, it will log out automatically.

Ideally, since you want to write your master password down to keep it safe somewhere (because you can forget), you write the new password down before you change the password.

cc: @[email protected]

I just want a native experience.

Biometrics data that can't be changed in the control of questionable corporations? No way. It's gonna be sort of like Reddit: your data is our property, and in this case, it looks like they actually give you minimally in exchange.

Here's the paper: https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf

Some OpenVPN and Wireguard clients are impacted. See the paper.

Summary

• Scientists at the Department of Energy's Pacific Northwest National Laboratory have developed a new way to detect denial-of-service attacks.
• The new technique is more accurate than current methods, correctly identifying 99% of attacks in testing.
• The technique works by tracking the evolution of entropy, a measure of disorder in a system.
• During a denial-of-service attack, two measures of entropy go in opposite directions. At the target address, many more clicks than usual are going to one place, a state of low entropy. But the sources of those clicks, whether people, zombies or bots, originate in many different places—high entropy. The mismatch could signify an attack.
• The new technique is automated and doesn't require close oversight by a human to distinguish between legitimate traffic and an attack.
• The researchers say that their program is "lightweight"—it doesn't need much computing power or network resources to do its job.
• The PNNL team is now looking at how the buildout of 5G networking and the booming internet of things landscape will have an impact on denial-of-service attacks.

Vow, what a grisly mystery.

For non-professional cybersecurity, I like:

• https://feeds.feedburner.com/TheHackersNews
• https://krebsonsecurity.com/feed/
• https://www.kaspersky.com/blog/feed/
• https://feeds.feedburner.com/NakedSecurity

Like, but somewhat spammy:

• https://blog.knowbe4.com/rss.xml

For computer & society:

• https://www.eff.org/rss.xml

https://www.inoreader.com is great. Love it.

Worldcoin, founded by US tech entrepreneur Sam Altman, offers free crypto tokens to people who agree to have their eyeballs scanned.

It claims to be creating a new global “identity and financial network”.

Altman, who founded Open AI, which built chat bot ChatGPT, says he hopes the initiative will help confirm if someone is a human or a robot. He also says this could lead to everyone being paid a universal basic income but it is not clear how.

Sure, bud, hand over our biometrics for your private fiat money, for the promise of unclear-how basic income, meanwhile with your exploiting the poors and manipulating the laws to favor yourself.