Notices by Royce Williams (tychotithonus@infosec.exchange), page 4

@atoponce Yes, exactly! ...for sufficiently obscure and esoteric values of "solve".😅 Most people have never even heard of them.

If they had been universally used from the beginning, CSV wouldn't even be a thing, and plenty of things we do to avoid CSV would also not be things ...

@ryanc

@ryanc Yeah, Definitely pro TSV! When I say CSV out loud, I actually mean TSV in my head. I need to watch that ...

I'll also have to dig up the post where I grieve for the alternate future where we actually used the actual dedicated field and record separator characters built into ASCII. So much avoidable pain.

I know this dates me, but ... 80% of the problems I'm solving with jq are caused by using JSON at all ... when a simpler format would have been fine.

Repeating every verbose field name in each record, when the schema is flat, is often premature "schema might need to be variable someday" optimization.

When the Rapid7 DNS data was freely available, it was distributed as a one-line-per-stanza JSON file. The first thing I'd do after downloading it was convert it to CSV ... which cut its size by 60%.

It's like buying a ten-pound box of individually wrapped grains of rice.

Did you that there's a thing called the "Automatic Billing Update" program (ABU), that enables merchants to get notified of your replacement payment card number before it even shows up in your mailbox?

https://globalnews.ca/news/9763295/little-known-credit-card-program-companies-information/

Yep, you can guess what the bad guys are doing. They're registering as a merchant and then involuntarily signing people up for nonexistent "subscriptions" ... that their support path mysteriously refuses to let you unsubscribe from:

https://malwaretips.com/blogs/vigor-vita-cbd-gummies/

But if you naively report these to your issuer as simply 'fraud', they will just ... issue you a new card. And then the "subscription" will be charged again.

Many issuer support teams seem be totally unaware of this fraud type. You have to explicitly tell them it's a subscription scam, and ask them block that merchant from using ABU to get your new card number. (That card is lost, but at least the evil merchant won't get the next one).

(I found this out the hard way, helping some elderly friends, whose cards kept getting mysteriously "compromised". When I realized that an unexpected charge happened before they had even received the new card ... I knew it wasn't just ordinary skimming or phishing.)

tl;dr When you detect unauthorized charges, ask your issuer to check for ABU and block the entire merchant. Otherwise, you'll be caught in an unending cycle of useless reissuance!

#ABU #fraud

@ryanc @jbaggs @dangoodin
hell hath no fury like a geek scorned ("yeah, but that's not much of a problem in the real world, you're just fearmongering" "oh yeah? let me show you")

@ryanc Also your Levenshtein neighbor! :D

@patrickcmiller It's unclear from the article how they're linked - did the bad Crowdstrike push directly cause the Azure outage? Didn't the Azzure issue show up quite a few hours before the Crowdstrike one started visibly hitting orgs?

@patrickcmiller Huh - the lede is buried in paragraph five:

"Amazon said it would refund customers $2,350 and give them a $300 Amazon credit. It also said it would refund unused, prepaid subscription fees."

@ryanc There's also the house-shoes option, though that's obviously not for everyone!

@ryanc Everybody's a literary critic.

https://en.wikipedia.org/wiki/Purple_prose

@ryanc That's tricky. It's a function both of time, and of the "pressure" of disclosure - the juicier the surprise, the more likely it is to have leaked out into popular culture.

Miraculously, I managed to avoid spoiling The Crying Game for a decade. Ditto Citizen Kane (to Garret's point). But I think that would have been impossible for The Empire Strikes Back, due to the cultural saturation.

In the fediverse, CWs are cheap enough that it's relatively easy to have no time limit on spoiler coverage.

@ryanc Ah, interesting - I somehow managed to miss out on this phenomenon!

@ryanc I think it must have gone over my head, heh 😅

@ryanc Honestly not sure - I use the multiciloumn format exclusively on desktop so I've never tried to solve that one!

@ryanc +5, Isnightful

@patrickcmiller I have multiple issues with that article, and with Hive's coverage of password best practices generally:

https://infosec.exchange/@tychotithonus/112329332902658519

@ryanc Sure! Adjust visibility to taste (if needed), and lemme know as much context as you've got

@ryanc I was getting this for ListUtil.c recently. I don't think I fixed it yet.

@ryanc @sophieschmieg

Yeah, that's funky - if the last byte is always ends in 03, that sounds non-standard / artificial - static salt? Or is the obvious salting separate from that? Could be someone playing with truncation. Are you at liberty to share a few samples (under separate cover if needed)?

@krypt3ia @patrickcmiller Have you seen anything on how these attacks are different from previous? This sounds like something spammers have been doing for decades.