I make my favourite Chilli-sin-Carne with...

Haftung für Software-Hersteller. Jetzt!

The Chaos Computer Club's suggestion at the Expert's Hearing, that software companies should be held more accountable for their products seems even better in light of the current hacks.

We might then see some in-house quality control, instead of the current cycle of:

1. Release.

2. Hope the White Hats tell you it is broken before the Black Hats realise it is.

3. Wait until the wheels fall off and then patch after thousands are Pwned.

pol. Universal Basic Income. 

The countdown is running on the European Citizens Initiative for an Unconditional Basic Income.

eci-ubi.eu/

The Corona Pandemic has shown us the cracks in the current system. Cracks through which many are slipping.

1 million signatures and quorum reached in at least 7 EU countries by 25.12.21 is the aim.

Thank you for your time.

All privacy concerns aside, If I wanted Opinions™ at 150 Baud I'd join a Retrocomputing BBS.

uspol 

I really feel that of all the challenges and decisions facing the President of the USA, considering an executive order rezoning golf courses to building land for social housing should be a priority!

Nach dem Cox Urteil frage ich mich wer als Nächstes dran ist in diese verrückt gewordene Rentier-Ökonomie.

I spent the afternoon watching Rex Krueger videos and consider that time well spent.

I need an ad-blocker blocker blocker.

But do keep an eye on what you are sending to RF.

Don't send them all your password hashes and remember that IP-Addresses can be PII.

Best maybe, to keep the extension disabled in Browser settings and only turn it on when doing very specific jobs.

Used properly, it is a pretty neat little tool.

5/5

Show thread

Providing context is what this tool is all about.

That aids sorting and prioritization and, in turn, lowers response time.

IMO it could be worse in design, it is sending a minimum of data to the mother ship with as little context as possible out and getting as much context as possible back.

Using it commercially it would be best to run it by Legal because under the terms and conditions , for example, RF can add you to a list of "customers" for advertising purposes.

4/x

Show thread

Next up, what is it actually sending?

Well, it just sends a JSON POST to RF. This contains categories of information, presumably collected by regexing the page.

The categories are:
IPs
Domains
Hash
URL
Vulnerabilities

The page content is not provided, nor is the called URL as far as I can make out.

Calling up the EICAR Wikipedia Page it correctly identified the file Hashes, sending them via JSON to RF and got the context returned. Malware! ;)

3/X

Show thread

So, first things first, the extension has an "enable extension" switch (not the same as actually disabling the extension under browser settings).

So the question is, does this really disable communication to the mother ship?

Well, yes it does. Plonking Burpsuite between browser and Interwebz the disable switch really does turn off telemetry

2/x

Show thread

I've been testing Recorded Future Express - RF's Threat Intelligence Browser Plug-In.

This is to be used cautiously as it makes you just another sensor in their network (if it's free, you are the product, not the customer),

The in-Page flagging of suspicious IPs is a nice feature though. We have some systems that present logs in a pop-up window where the extension can't see them. This is fixable in FF about:config with browser.link.open_newwindows.restricted set to 0

1/X

Today's Documentary find is "A Force more Powerful"

vimeo.com/112189700

Based on Ackerman and DuVall's book about non-violent resistance.

Documentary gold.

The book also inspired the computer game "A force more powerful" and it's sequel "People Power" designed to teach the principles of non-violent conflict.

peoplepowergame.com/

Kritische Software Sicherheislücken in.... Alles! Will it ever flaming end?

great talk on the state of Ham Radio.

Quite "Schonungslos" - I hope the DARC was listening.

vfdb.org/aktuell/rc3-amateurfu

My thoughts this evening are also with those corporate IT workers struggling to cope with ongoing cyber attacks so shortly before and during the holidays.

The stress levels are high in IT as it is, add to that a successful system compromise and competing duties to employer and family and they go off the scale.

Show older
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community