Untitled attachment

Notices where this attachment appears

1. Embed this notice
   Zecharias Zelalem (zekuzelalem@dair-community.social)'s status on Thursday, 23-Jan-2025 13:50:18 JST Zecharias Zelalem

   THREAD: Some notes on Avera Mengistu

   Avera Mengistu, 38, is an Ethiopian born Israeli civilian held hostage by Hamas in Gaza since 2014. He has a history of mental illness that exempted him from IDF service.

   In Sept 2014, he scaled the wall separating Israel from Gaza, and crossed into Gaza. He is believed to have been kidnapped afterwards.

   With the ceasefire, he is reportedly set for release soon.

2. Embed this notice
   Dan Goodin (dangoodin@infosec.exchange)'s status on Sunday, 28-Jan-2024 00:40:20 JST Dan Goodin

   The hackers who recently broke into Microsoft’s network and monitored top executives’ email for two months did so by gaining access to an aging test account with administrative privileges, a major gaffe on the company's part, a researcher said.

   The new detail was provided in vaguely worded language included in a post Microsoft published on Thursday. It expanded on a disclosure Microsoft published late last Friday. Russia-state hackers, Microsoft said, used a technique known as password spraying to exploit a weak credential for logging into a “legacy non-production test tenant account” that wasn’t protected by multifactor authentication. From there, they somehow acquired the ability to access email accounts that belonged to senior executives and employees working in security and legal teams.

   In Thursday’s post updating customers on findings from its ongoing investigation, Microsoft provided more details on how the hackers achieved this monumental escalation of access. The hackers, part of a group Microsoft tracks as Midnight Blizzard, gained persistent access to the privileged email accounts by abusing the OAuth authorization protcol, which is used industry-wide to allow an array of apps to access resources on a network. After compromising the test tenant, Midnight Blizzard used it to create a malicious app and assign it rights to access every email address on Microsoft’s Office 365 email service.

   In Thursday’s update, Microsoft officials said as much, although in language that largely obscured the extent of the major blunder.

   https://arstechnica.com/security/2024/01/in-major-gaffe-hacked-microsoft-test-account-was-assigned-admin-privileges/

3. Embed this notice
   Alexander Hanff (thatprivacyguy@eupolicy.social)'s status on Thursday, 19-Oct-2023 21:51:39 JST Alexander Hanff

   Today I filed a formal complaint against #YouTube with the Irish Data Protection Commissioner for their illegal deployment of #adblock detection technologies.

   Under Article 5(3) of 2002/58/EC YouTube are legally obligated to obtain consent before storing or accessing information already stored on an end user's terminal equipment unless it is strictly necessary for the provisions of the requested service.

   In 2016 the EU Commission confirmed in writing that adblock detection requires consent.

4. Embed this notice
   Albert ARIBAUD ✎ (aaribaud@mastodon.art)'s status on Thursday, 31-Aug-2023 02:11:46 JST Albert ARIBAUD ✎

   in reply to

   @mikey @mastodonmigration The data exchanged as part of federation are covered by the GDPR, as a use of the data necessary to provide the service.

   In the Threads case, the problem is not if they use data to cross-federate -- that's just providing the expected service. The problem is in *any other use* of the data.