I’m not sure but that’s a potential solution. You’d have to find the older APK somewhere but I feel like it should work since it’s just a Bluetooth connection to the toy.

The funny thing about this is that the first time I had that moment of realization was when I got the Sphero BB-8 toy from my kids for Christmas. It had a dedicated app. The reason it’s funny is because, out of all the things that I own, it’s the only app-driven one that still works. Sphero just merged it into their main app. Once that app stops getting updated, this toy will cease to work despite everything about it being functional. ☹️

Voyager. It shows actual usernames and not display names. You’re seeing my display name, not my username.

You know… I totally forgot that I set that as my display name. No offense taken, obviously. I use a third-party Lemmy client so it never shows me that. 🤷‍♂️

Huh?

Used or owned? I own one and bought several for my company and they’re not useless at all. They’re just limited in the AR/VR experiences you can do right now. As a computer, productivity, and production device, it’s far from useless.

Yeah… a tragic mishap is getting your balls stuck in your zipper because you had to pee so bad you tried to rip your pants off. This is a bit more than a “tragic mishap”. ಠ_ಠ

Not technically in their bedrooms but made by students - Narbacular Drop. It was the game that spawned Portal. It’s not a great game, per se, but I’ll never forget the paradigm-shifting moment I had when I realized what was happening.

Valve ended up hiring the entire team to work on Portal.

I don’t think they could, at least not in the timeframe provided by the EU. That’s the entire (and only) reason they’re reverting to the existing implementation. The existing law, as written, doesn’t seem to apply to PWAs.

Yes, it is. The only change being made is that WebKit home apps are being allowed. Since Apple couldn’t create the Home app frameworks for third party apps, they disabled all of them to comply with the new rules. This just means that, unless the EU says otherwise, Home Screen WebKit apps are still ok without needing to open to third-party engines. This is a non-story as that is already the currently released functionality and the change was only made because Apple was attempting to be conservative with its compliance.

That’s because they believe that Hamas’s attack on Oct 7 was in retaliation for Israel’s prior actions while Israel is using Oct 7 to retaliate against all of Palestine. Palestinians are going to support the side that is not bombing them and that they believe is standing up to the persecution they’ve experienced up until and including now.

It’s not that great of a solution, though. I dunno if anyone remembers but, when Gatekeeper (the interface to do this) first was added to MacOS, it was in response to a malware “virus scanner” that was out called MacKeeper. It was advertised as a malware scanner/Mac maintenance tool but it was just an ad platform that would inject all kinds of crap into your browser and run all kinds of keyloggers and things in the background.

As soon as Gatekeeper was released, the MacKeeper website made a specific page that had step-by-step instructions for how to disable Gatekeeper and it would prompt you to visit the page if MacKeeper ever made it onto your system. If you ever re-enabled it, it would prompt you to disable again and show you the instructions.

It’s an endless cat and mouse game. The only way this works is if they put it in as a multi-step terminal process. Novice users will not fuck with the terminal unless they know what they’re doing and are comfortable with the consequences.

Laziness alone is a pretty big reason. MFA was available and users were prompted to set it up. The fact that they didn’t should tell you something.

This assumes that the compromised credentials were made public prior to the exfiltration. In this case, it wasn’t as the data was being sold privately on the dark web. HIBP, Azure, and Nextcloud would have done nothing to prevent this.

It’s a big enough detractor to make it cumbersome. It’s not that easy to automate pulling an MFA code from an email when there are different providers involved and all that. The people that pulled this off pulled it off via a botnet and I would be very surprised if that botnet was able to recognize an MFA login and also login, get the code, enter it, and then proceed. It seems like more effort than it’s worth at that point.

It’s just odd that people get such big hate boners from ignorance. Everything I’m reading about this is telling me that 23andMe should have enabled forced MFA before this happened rather than after, which I agree with, but that doesn’t mean this result is entirely their fault either. People need to take some personal responsibility sometimes with their own personal info.

So forced MFA is the only way to prevent what happened? That’s basically what you’re saying, right?

Their other mechanisms would prevent credential stuffing (e.g., rate limits, comparing login locations) so how was this still successful?

How much we talking? I’ll take that bet.

This wasn’t a brute force attack, though. Even if they had brute force detection, which I’m not sure if they don’t or not, that would have done nothing to help this situation as nothing was brute forced in the way that would have been detected. The attempts were spread out over months using bots that were local to the last good login location. That’s the primary issue here. The logins looked legitimate. It wasn’t until after the exposure that they knew it wasn’t and that was because of other signals that 23andMe obviously had in place (I’m guessing usage patterns or automation detection).

I guess we just have different ideas of responsibility. It was 23andMe’s responsibility to offer MFA, and they did. It was the user’s responsibility to choose secure passwords and enable MFA and they didn’t. I would even play devil’s advocate and say that sharing your info with strangers was also the user’s responsibility but that 23andMe could have forced MFA on accounts who shared data with other accounts.

Many people hate MFA systems. It’s up to each user to determine how securely they want to protect their data. The users in question clearly didn’t if they reused passwords and didn’t enable MFA when prompted.