Notices by Tod Beardsley 🤘 (todb@infosec.exchange)

@patrickcmiller surely this is a reference to the fact that for a long time, ChatGPT couldn’t spell the world strawberry. 🍓

https://info.ttech.co.uk/blog/how-many-rs-are-in-strawberry-why-it-matters-when-working-with-ai

@patrickcmiller what? Is this how math works?

The number of ransomware attacks that reach the encryption stage dropped 300% over the past two years

I don’t think you can reduce any value of any real thing by more than 100%.

So this is neat.

1) Some (all?) antispam/counterphishing email scanners are blind to #QRCode content.

2) You can draw working QRCodes with Unicode character sets, thus avoiding an image parser entirely, even if the scanner could process images in the first place.

3) By providing QRCode links, the attacker encourages the victim to use their personal device rather than the workstation, making defensive tracking more complicated.

I think it’s hilarious that a format designed SPECIFICALLY for machine vision is being used to evade machine interpretation.
https://infosec.exchange/@patrickcmiller/113067302631450126

@patrickcmiller no

@patrickcmiller I disagree, this is a denial of service security issue.

Here’s how the attack works:

1) Tell a security nerd that typing “”:: in certain search dialogs on #Apple iOS causes a crash in Springboard.

2) That nerd will be then be unable to perform any function other than crashing their own iPhone’s Springboard for at least the next 20-30 seconds, regardless of what they were doing before.

3) In some cases, that nerd will also tell other nerds about it, spreading the DOS effect through their personal social network.

@funes @Rajiv @patrickcmiller not just scans, but each individual port. Plus a bunch of other made up stuff. 45 billion is a really big number of events, per day.

@GossiTheDog @buffaloverflow You might want to double check that assigning CNA.

https://www.cve.org/cverecord?id=CVE-2024-21887

Maybe it’s one issue that has several vectors. Haven’t looked myself yet since I’m on vacation.

But the CVE isn’t issued by Ivanti, technically.

Tomorrow I have to go on a clear liquid diet because i’m getting a colonoscopy because i’m a responsible goddam adult.

Today, I’m eating excellent Texas chili.

I regret nothing.

For that special domain in your life, give the gift of a security.txt. Check out the #CISA blog: https://www.cisa.gov/news-events/news/securitytxt-simple-file-big-value

Amazing. CMG is an ad company that’s ioffering a fake ad service that people already a) believe is actually happening already and b) really, really hate.

Active Listening: where your phone and TV eavesdrop on your convos to target ads at you.

It cannot possibly work the way they’re pitching it, but I love that they’re taking this scam to the next level.

https://www.404media.co/cmg-cox-media-actually-listening-to-phones-smartspeakers-for-ads-marketing/

@micheleann @evan Our will requires a putting together series of clues to find out where the inheritance is.

It is left to the executor to construct the mystery.

So I have a 17 pound frozen turkey this year (not fresh, boo) which means i’ve been thawing it in the fridge since Sunday.

Unwrap this in the sink, separate the giblets for later (pan fried dog treats, mostly), rinse and pat dry with paper towels.

Since it’s 17 pounds and change, I’m looking at a little under 5 hours total in the oven.

Also, to hell with your paywalled Macy's #Thanksgiving parade. I love this dude, I watch him for NYE, too:

https://www.youtube.com/watch?v=HsZTqFXEpew

Usually I use olive oil, but i’m out. Let’s see what happens with peanut oil! Also fancy pants paprika.

All right, it’s after 8am, and i’m late in starting to prep and roast this #turkey. I’ll document my process here, wikihow style.

First off, I have some critical fluids to secure: coffee and mimosas:

@evan woah you don’t use hard mode which is actually easy mode?

Wordle 870 4/6*

⬛⬛⬛🟨🟨
🟩🟩⬛⬛⬛
🟩🟩⬛🟨🟨
🟩🟩🟩🟩🟩

@cks @lorddimwit My Nokia 3200 candybar phone had a really good earpiece speaker. That was the last mobile device I owned that was worthy of being called a "phone," in that, I could hold entire voice conversations comfortably and without needing an extra app to do it.

Also it had an FM radio tuner which was so sweet for motorcycle use.

Ask @pbarry25 about his current phone setup. It's pretty sweet.

@evan and it's kind of basically Wikipedia: The RPG

I got real invested in #medieval #Venice for a #vampire game I was playing a couple years ago and yeah that guy suuuuucks

Also, the vampire game is not the one you think. It's this:

https://thousandyearoldvampire.com/products/thousand-year-old-vampire

Learned about it from SU&SD:

https://www.shutupandsitdown.com/videos/review-thousand-year-old-vampire/

Might be up your alley, @evan. There's a multiplayer version that's intriguing but nobody I know has the patience.

@evan Never, but qualified if there are cheating rules. INWO, for example, has a cheating variant.