Notices by Ian Campbell (neurovagrant@masto.deoan.org), page 2

Absolutely massive Quaker-brand recall of granola and related products for e-coli contamination. I had a box of granola cereal in my pantry included.

Saw this originally from @Wolven, so thanks dude ;)

https://www.fda.gov/safety/recalls-market-withdrawals-safety-alerts/quaker-recalls-granola-bars-and-granola-cereals-due-possible-health-risk

just saw this elsewhere and had to share it, because lol too real

#neurodivergent #actuallyautistic

Fortify.

I dig it.

this one hurt

@DannyMekic @aral In case no one's pointed it out: you're not paying for privacy here, just paying to not see ads.

Note the wording "Your info won't be used for ads." Not "we will not collect your info."

Ah right it's pumpkin spice season,

now all these squashfs errors make sense.

(That was a gourd joke if I do say so myself.)

WHY DOES FUCKING DROPBOX NEED AN AI INTEGRATION? WHY IS IT DEFAULTED TO OPT-IN?

I am so god damn tired.

I don't know who convinced WIRED to repeatedly send out emails to subscribers titled "You're Going to Want to See This" but it's the dumbest thing I've seen in ages and makes me want to not renew my paid sub.

wtaf

"In the trial, Issam Najm, an environmental engineer who specializes in water chemistry and testing, testified that the hydrazine likely formed in the "ionizer," which was just titanium tubes electrified with what looked like jumper cables used to charge a car battery."

https://arstechnica.com/health/2023/10/jury-awards-229m-to-victims-of-real-water-tainted-with-rocket-fuel-chemical/

@aral ah crap, good call, will edit

@mysk @aral @didek some relative metrics for y'all from the Hue android app signed in, which I barely use and yet makes more calls than my RSS reader, spotify, and mail app.

I have taken
the advil
that was in
the cabinet

and which
you were probably
saving
for your hangover

Forgive me
I'm in my forties
so sore
and it's only Monday.

It is 55F out and feels so good on my skin.

@aral Browser-wise, what do you advocate these days?

Hello friends, I've seen the below image come up a few times elsewhere and am going to expound a little!

While the hyperlinks in the image display correctly, those aren't actually the addresses of those sites! Instead, they're the Internationalized Domain Name replacements - examples of what are called IDN Homograph Attacks.

It's incredibly hard to include all characters from all active alphabets in the mechanisms that resolve domain names - so currently that letter set is restricted, and instead uses a translation system called Punycode to move between a visual URL with the correct characters and a domain name your computer can actually resolve to a website.

So while neurovagrant[.]com is fine either way, nӘ̃urovagrant[.]com isn't! The actually domain would be xn--nurovagrant-rkg322d[.]com.

Notice that xn-- ! That's what tells browsers and other software that it's an IDN domain, and to try and translate it.

Attackers use this to their benefit. So:

xn--mcrosoft-security-teams-1ec[.]com can appear in your email, on your twitter feed, in other places visually as: mícrosoft-security-teams[.]com

You may think you're signing in to check your retirement at vanguarɗ[.]com but it's actually sent you to xn--vanguar-4cd[.]com

A link that appears as vḙnmo[.]com actually sends you to the website xn--vnmo-q64a[.]com

They even target kids! Take a look at xn--rblox-jua[.]com - which looks like röblox[.]com in most settings. Note the diacritical mark above the first o.

If anything looks off, there's a reason. Always view links with skepticism, don't click on things unnecessarily, and always sign into the sites you use by going to the domain name you know.

Stay frosty out there, friends.

#cybersecurity #infosec #StayFrosty

This story by @josephcox to kick off 404Media is a barn-burner.

Bad actors are using false identities or compromised credentials to maintain persistent access to credit reporting data and automating its sale with bots to the tune of $15 per.

Address history, cellphone details, driver's license details, relatives and other sensitive data.

https://www.404media.co/the-secret-weapon-hackers-can-use-to-dox-nearly-anyone-in-america-for-15-tlo-usinfosearch-transunion/

i am fueled by caffeine and spite this morning, and the caffeine is wearing off...

One of the hardest lessons I’ve had to learn, but it changed everything.

I have accomplished many things this week, but by far the most productive was the hour-plus I took yesterday to lay back and daydream in the middle of the afternoon.