So uhm…based?

Lol “coup” more like a peaceful people’s revolution to take back control for the people of Ukraine away from puppets beholden to Fascist Russia.

If you make users sign in too much, they will just make their passwords short and easy to remember, even 24hrs is too much and people bitch about it all the time, especially since we have password managers enforced, meaning every time they need to Auth they need to Auth into their system, Auth into their password manager, copy the password, auth into their phone, look at the 2FA code and type that in.

Doing this every day just to open email is understandably fucking enraging even to me as a security “”“engineer”“”/analyst/${bullshitblueteamemailreaderjob}

Press it harder and they will use simple passwords that will inevitably be passed through to something external (e.g. cockpit which even I can bruteforce) or reused somewhere at some point, and then someone just has to get lucky once and run whatever run0 sudo su <reverse shell bs here> to bypass all protections.

People forget it was still a russian puppet pre-2014. Rooting out corruption takes a loooong time.

This is Reddit in a nutshell.

I don’t use any of these and have no problems as a result. The only acceptable usage of YouTube is with Sponsorblock, ublock, DeArrow and watch history (and all personalization by extent) off, exclusively through the subscription box as a mumbling talking box to fall asleep to or have on as noise in the background.

Writing in short form where a lengthier reply would work better and when confronted with such a reply some form of “not reading all that” or other thought terminating clichés.

I’ve found that as arbitrary as it is - the ability to read a lot of information works pretty well as a mark of mental maturity. Also links to Twitter or Tiktok as discussion points. No one over the age of 19 browses TikTok lol.

Nvidia can probably just buy France at this point

ISPs are not the government - yes, so they have to actually follow laws. And CAs caught doing what exactly, complying with the regulations of their country?

The intro to Space Oddity is Fmaj7 (easiest best chord) to Em (very easy chord) and with some C and Am. Tab here: https://www.songsterr.com/a/wsa/david-bowie-space-oddity-tab-s365

Strumming pattern is tricky, but it’s my favourite thing to casually strum if I’m sad.

I don’t think that’s the case, because otherwise how did they leak this key that the backend uses, that presumably stayed in the backend, by reverse-engineering the rabbit android application?

I think the devices all just have hardcoded keys to the APIs themselves.

Oooh I had an Intel Atom Vaio Netbook as my first ever computer I actually owned, given to me as a gift by parents for school. I asked for a gaming laptop, so I was real bamboozled by it.

Somehow though I managed to grief my friends’ Minecraft server with /set 0 and enderdragon spawn spam while talking to them on Skype, but it was painful, opening a web page took literal minutes sometimes and my internet wasn’t the fastest back then but it wasn’t too bad either like 5-10mbps easily. But it wasn’t the worst.

That honor goes to an MSI gaming laptop. It was actually really powerful, quad core, 16GB RAM, 8GB VRAM, MSATA SSD and a 1TB HDD that is still alive and in a JBOD setup with mergerfs in my server today serving me shows to watch thru Jellyfin.

In 2014 it was nothing to scoff at, the 880m ran GTA V on almost the highest settings at 1080p and it had tons of storage.

But as a computer it was just fucking terrible, the screen is the dimmest, most TN LCD blue filter shit you’ve ever seen, it was all I had so I watched things on it, and it just always made me depressed that I was watching beautiful films and shows and playing games through this awful blue filter that had no warmth, everything looked like some movie dementia flashback.

USB port melted itself and made some random parts of the case have an electric surprise for you sometimes, keys popped off if you breathed on em but not like you would want those keycaps to stay on because they were disgusting, speakers sucked in dust and vibrated it inside, making all audio feel like earrape at any volume, headphones jack flew out, touchpad was off to the side because of the dumbass numpad, ethernet port fried entire cables, DVD drive wouldn’t read disks, dumbass UEFI firmware locked down to shit, took forever to disable secureboot and the setting would get lost randomly.

About 3 years later, the AC port fried itself and would work like a pair of dodgy earbuds and I had to sit there rotating it like I was finding a radio signal in class, battery was long gone by then so it would shut off at random, which made android app dev I was doing at the time on it somehow even worse of an experience.

Still have many fond memories of my times with it but man did I not miss it at the time.

I replaced it with a 2010 ThinkPad X201 I got for 50 bucks and loved it, I proudly used and abused it and showed it to everyone like it was my first dress with pockets until I eventually blacked out on xanax and procedurally took the entire thing apart and flashed ??? onto the firmware chip and couldn’t put it back together ever again.

Thanks for the explainer, but that’s not what I meant.

For example: If I, an ISP in Beijing went to BEIJING CERTIFICATE AUTHORITY Co., Ltd. which is on the list, and had my cert issued by them for foobar.com that listed them as the root trust, wouldn’t that work? Because the service operating there currently is illegal and I need to take it down, i don’t see how or why they could refuse. If they can’t do this for ISPs, then certainly law enforcement should be able to force them to comply, I would assume.

If I then went to abuse that cert and spread malware on my fake cloned site, then what are the affected users going to do, call the cops and tell them the illegal seedbox is down?

This is the only way I can see governments being able to display blocked website notices, takedown notices and other MITM insertions demonstrably happening in all sorts of countries without triggering a “back to safety” warning in most browsers.

This has to be possible, because otherwise the observable results don’t make any sense.

I’m not necessarily saying they did the attack this way instead of just simply spreading malicious torrents which is far easier, but I don’t see why they wouldn’t be able to do this.

I will never understand how neurotypicals have sleep schedules like do you just…go to sleep the same time every day? Like literally to the second, or is there some give to that? And if you don’t you feel bad?

or has access to a trusted CA’s key, as per above.

I don’t see why they wouldn’t, or couldn’t do this if they wanted to if they were also willing to straight up resort to spreading malware, which idk about SK but that’s illegal anywhere in the west under very broad laws.

EDIT: They could also do a redirect to a different URL with a valid cert I guess, though I’m sure browsers block that too. Well I’m out of ideas then, I feel bad for cybercriminals these days.

EDIT2: Wait a sec, how does government censorship work then? Like e.g. https://ttrpg.network/post/7634428 How is the government able to MITM this person? The website is HTTPS and they’re using a VPN, but presumably locked to the DNS of the ISP. How are they able to block websites at all in this case with anything other than a termination of a connection (i.e. displaying a banner)?

Even without a VPN by your logic if the ISP can’t present a foobar.com cert then they couldn’t block it via just DNS. How do FBI takedown notices work? Shouldn’t all of these throw up SSL errors and “back to safety” prompts?

Then wouldn’t it be just one API key to the rabbit backend instead? The researchers are suggesting it’s several keys though. Or are you suggesting every device has the same key to Elvenlabs that it sends over to the rabbit backend which passes that through to the request? That’s also very silly if they did that.

What I don’t understand is why the TTS key could even delete voices or read past responses from other devices, ideally each device should have its own properly scoped API key that only lets it access the immediately necessary functionality and no more.

I think it’s much simpler than that.

Webhard is Web Hard Drives - SK torrenting scene is very different from the west, to simplify from how I understand it (English info seems scarce) basically everyone uses seedboxes or “web hard drives” in SK to download stuff.

While I can’t seem to find out anything about what “The Grid system” is, if the whole thing is an online portal or software.

If ISP routers are anything like the west that means they control the DNS servers and the ones on router cannot be changed, and likely it blocks 1.1.1.1 and 8.8.8.8 and so on, as Virgin Media does (along with blocking secure DNS) in the UK for example, which definitely opens up a massive attack vector for an ISP to spin up its own website with a verified cert and malware and have the DNS resolve to that when users try to access it to either download the software needed to access this Grid System or if it’s a web portal - the portal itself.

I don’t think this included any attacks on the BitTorrent protocol at all, because as others said, it’s pretty secure, but another possibility is simply malicious torrents being distributed, which rights holders definitely done before (read decoying part in https://arstechnica.com/tech-policy/2007/03/mediadefender/)

Ty

That’s a lot of work. Thanks though.