Happy last hour of democracy, for those who once celebrated.

TechLinked video that talks about the Fediverse and #PixelFed.

https://youtu.be/tuexWDxpRDk?t=95

CC: @dansup

My 8 year old: "Why is there a word for being thrown out of a window, but not for the day after tomorrow?"

I reported my #vulnerability in #Georgia's #voter registration platform to the Secretary of State 90 days ago. They've still done nothing (and deny that it's even exploitable).

It isn't enough of a vulnerability to cover the ~115,000 #vote difference in the Presidential #election, but it could be quite significant nonetheless, especially in smaller races.

Is there any good¹ reason I shouldn't just drop full details? It's extremely tempting and I'm not the only person to have discovered this (s/o @abreacher ²). The only thing that was really stopping me before was the likelihood of bullshit³ election challenges by the far right, but that's now moot.

--
1) "Log in" to MyVoterPage (MVP) at https://mvp.sos.ga.gov/s/ with BurpSuite using name, date of birth, and county of residence.
2) Click "UPDATE VOTER INFORMATION", click "Edit".
3) Change any information in the attached image.
4) ???
5) Click "CONTINUE".
6) Enable packet Intercept.
7) Check the boxes, click "SUBMIT".
8) ???
9) Wait for the registrar to approve the change.

Congratulations, you've made it impossible for somebody to vote.
--

¹ Aside from the whole retaliatory prosecution thing.
² Alison is new here; you should follow her!
³ Though potentially justified in this particular case?

#cybersecurity #infosec

@dansup Two bugs for you.

1) Infinite scroll on somebody's followers list.
2) Can't select a video (no permissions popup?)

I received a letter from Change Healthcare last month regarding their data breach earlier this year. I sent it to @briankrebs, who used in his most recent article about it. It's such a minor thing, but it's pretty cool to see.

"We received files that were safe to look at..." is interesting verbiage.

Of course, receiving this letter means that a bunch of my information was leaked. Add the free years of credit monitoring to the giant pile, I guess?

https://krebsonsecurity.com/2024/10/change-healthcare-breach-hits-100m-americans/

Interestingly, it seems like it doesn't matter which option you select. For me, at least, all of the votes are on the first one in the list. It must use the text of the option as the selection criteria, which makes me wonder whether you could respond to a poll with an invalid option.

It's time for a re- #introduction since this instance has changed a lot since being launched.

This instance was set up for testing and playing with Internationalized Domain Names. That experiment has mostly been a success and I've now migrated away from my once-main instance.

I'm a former software developer of over 20 years, working primarily in #opensource and #telephony. I now do #cybersecurity as a profession, after starting to do cybersecurity research as a hobby about a year ago.

In the last year, I've found and disclosed several dozen #vulnerabilities in #govtech platforms like #court and #voter registration systems, which have gotten a not insignificant amount of press coverage. Those disclosures can all be seen at https://govtech.cc

Beyond my #infosec postings, you'll typically find nonsense that I find funny; sometimes I might even say stuff that other people find amusing.

I once self-published a book that I've never read called The Consequences of Being Right (ISBN 979-8880045068). It was entirely written by ChatGPT and was published because I thought it was stupid and funny. Miraculously, I've managed to sell two copies, neither of which have been returned.

I'm #ActuallyAutistic and #ADHD, which is sometimes apparent.

All of my other links and socials can be found at https://linktr.ee/northantara

@MastodonEngineering Would it be possible before release to make db:encryption:init output in a format that can be added directly to .env? I would guess that it's going to cause lots of issues.

@BeAware @dannotdaniel any idea how difficult it is, and if it's reversable, to switch to glitch-soc?

So anyways, I clearly don't like ⁂ as the #Fediverse #Logo

@north@⁂.ꩰ.com There, I did it. If you click (or hover) the following link, you can see how broken this is in the address bar (or hover).

https://⁂.ꩰ.com/@north/113114269189204421

Edit: Even linking this properly requires a custom patch in Mastodon.

@BeAware See https://ꩰ.com/@north/113114276375076602

I also just realized that I can't even tag that user.

I have far too many instances now.

@north
@north@⁂.ꩰ.com
@north@ӿ.social
@north@ⴭ.ws

Maybe I should open up registrations on one of them.

I should spin up a ⁂.ꩰ.com instance, just so I can show how broken it would be.

#Fediverse #Symbol #Asterism

⁂ is a terrible symbol to use for the #Fediverse because it can't be used as a subdomain. You should be able to make ⁂.foo.social, just as you can mastodon.foo.social and pleroma.foo.social. People will definitely try it and it won't work out for them; they'll end up just seeing xn--kwg.foo.social, which is stupid.

(I think I'm safe to consider myself the authority on Unicode domain names.)

I have trouble waking up some mornings, so I have alarm clock that makes me do math questions. I often regret that.

Fuck, I'm old.

My 19 year old is going to start a #cybersecurity / IT degree this fall, after doing a year in #music education.

His first step was getting his Security+ cert a few days ago (along with a few Cloud Security certs on Coursera). That's more than I have and I'm actively looking for a job in the field (*ahem* #GetFediHired).

He's always had his shit way more together than I ever have. I guess that makes me an okay parent?

I'm looking to borrow (it's $200 and I'm not buying it) a copy of an extremely niche book from a law school library for a week or so. It's called "Cybersecurity and the Courthouse: Safeguarding the Judicial Process".

It should be very useful for all of my recent #cybersecurity work in that area (see https://github.com/qwell/disclosures/).

If you, dear reader, have access to such things, I'd like to have a chat to see what we can figure out.

Boosts highly appreciated.

#infosec #law #library