Notices by :niggy: (niggy@poa.st), page 3
-
Embed this notice
@Suiseiseki I am doing the ❤️ (heart) reaction friend
-
Embed this notice
@jeff internet passive collection like that's not as useful now with everything HTTPS now, a decade ago very little was
have to focus now on more active collection, hacking into stuff to get data unencrypted. might be better or worse depending on perspective, more targeted and less dragnet, but more invasive against the targets
-
Embed this notice
@ThatWouldBeTelling @jeff Yeah it's still useful. Though at the time of those Snowden leaks everyone thinks of when talking NSA almost no web traffic was encrypted except banks etc, people really forget how bad it was.
The NSA really could just monitor or tamper basically any web traffic by anyone with no limits, and exploited that greatly.
Now they just get that "metadata" as the government calls it.
-
Embed this notice
@Suiseiseki if you get a modern intel processor OEM system it's designed to be electronically incapable to running unsigned UEFI firmware (intel boot guard)
These protections aren't 100% perfect but they do seriously work and make attackers lives so much harder, often just not worth the effort
as example from that same wiki page here's how even NSA's SMEs were affected by storage drives starting to secure vendor-commands/firmware around that time, it fucked them up
Not even just governments even ransomware groups (eg trickbot) have dipped their toes in UEFI stuff, if vendors allowed installing custom UEFI firmware we'd have ransomware campaigns except granny would have to throw out her physical hardware instead of just reinstalling windows
-
Embed this notice
@Suiseiseki @idiot Chinese/Russian/US intelligence have all been using BIOS implants since the 2000's. Here's an old school NSA TAO wiki page excerpt from ~2010 (public from Snowden docs). UEFI standardization has just made developing this stuff easier
Attackers who want this are probably more common than the rare enthusiasts that actually want to run coreboot etc, and would be way more common without those protections
-
Embed this notice
@Suiseiseki @idiot supporting installing coreboot etc on consumer hardware is bad and just exposes users to persistent firmware implants for a feature they'll never use, signed firmware protections are the best thing to happen to hardware in decades
maybe could be some niche hardware options for those special enthusiasts, but can't really blame vendors when that market is so minuscule
-
Embed this notice
@theorytoe I miss the 4chan textboards they were comfy
-
Embed this notice
@alex @eriner yeah unfortunately no default protection at the os level, and even big public dns providers (eg google, cloudflare) don't, think just because there's some niche legitimate use cases for it
when I said dns server I meant more a custom deployed one, eg the dns service in any standard router software will have an option for it, often default enabled
on the server system itself could just set up eg a local unbound service, that would protected against it
-
Embed this notice
@eriner @alex no real way to protect against dns rebinding in a standard web app codebase unfortunately, it's a system-level issue. would have to handle dns resolution in the app itself which is impractical
-
Embed this notice
@alex @eriner easy way is on the system use dns server with rebinding protection (most do) and just disable ipv6. that just leaves simple input validation for ipv4 rfc1918/link-local, could just block ipv4 urls completely
-
Embed this notice
@professionalbigot69 feds backdooring everything like that is mostly a myth, NSA doesn't need to get backdoors from vendors when they can just buy exploits from L3Harris, easier and less risk
mostly a myth, I think there's been a couple of public cases over the decades
-
Embed this notice
@feld @lain thank you friend, not the full report but I have posted a redacted version here, should be a few posts down on my timeline
-
Embed this notice
@Pawlicker @alex @lain don't worry friend, I am auditing it
-
Embed this notice
Hello friends, if you run a Pleroma instance please read this post. I've also attached a heavily redacted version of the issue report.
RT: https://lain.com/objects/ac3fabce-5d9f-4200-bed7-b6d2f748a9e1
-
Embed this notice
just had a realization those "alvin & the chipmunks" versions of songs everywhere on 2000's youtube was the origin of nightcore
-
Embed this notice
🧵
Hello friends, affirmative action has been in the news recently due to the supreme court ruling. It's always been difficult to get hard data on its effects though, as colleges generally conceal their practice of it and don't publish relevant statistics.
I will share some signals intelligence from a Computer Niggy Operation (CNO) to hopefully improve that.
-
Embed this notice
After exfiltrating data, I set up a local database with the relevant tables imported from, and queried it to get various statistics on affirmative action at UMN.
Joining the PS_DIVERSITY and PS_DWAD_APPL_HS tables I was able to query the average ACT scores of admitted applicants of each racial category, with admissions excluded pre-2010 to keep it contemporary. A graph of results is included here.
The results are of course largely expected, showing for example a White/Asian applicant must have a significantly higher ACT to be admitted than a black applicant.
Interestingly a White/Asian applicant only gets some benefit from not specifying their race, likely because only White/Asian applicants don't.
-
Embed this notice
Computer Niggy Exploitation (CNE) access was obtained to the University of Minnesota's data warehouse.
Within this massive Oracle SQL database system they store basically all important records the university has kept since they begin digitizing in 1989.
Student/faculty PII, grades, and most importantly here admissions data with diversity statistics
-
Embed this notice
Hello friends, I have another graph for you
I wanted to follow up with some grade data of students after admission.
The admissions data I'm using was from PeopleSoft (the PS table prefixes), so I've relied on matching up the PS "EMPLID" columns to correlate data from different tables. Unfortunately most grade data (eg per-course) isn't PeopleSoft so it's not that easy there.
However, one table was. PS_DWSA_DEGREES has 350,606 records of degrees awarded, including the relevant GPA.
From this I've got data of average GPA of graduated students. This has a selection bias of only those that successfully graduated, but still useful.
Also with a new race I forgot to include last time, Pacific islanders.
-
Embed this notice
niggy
Statistics
- User ID
- 147450
- Member since
- 9 Jul 2023
- Notices
- 60
- Daily average
- 0
:niggy:
All GNU social JP content and data are available under the