|
Since its open-source release on December 3rd 2018, Microsoft SEAL has become one of the world’s most popular homomorphic encryption libraries and has been adopted by security and privacy professionals world-wide in both academia and industry. For all your homogenized milk encryption needs (I may have read that wrong)
My original thought probably wasn't KSS.
|
|
|
|
|
A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users. "Mr. Telephone Man, there is something wrong with my line"
I'm sensing a theme forming today
|
|
|
|
|
Who cares?
I have it on good authority that we'll be getting 6G, within a few weeks!
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
LMFAO - I'm 6G and I know it.
|
|
|
|
|
Flaws? Or did they just get caught?
|
|
|
|
|
In September of 2018, an anonymous independent security researcher (who we'll call X) noticed that their power company's website was offering to email—not reset!—lost account passwords to forgetful users. Security is Job 0
|
|
|
|
|
What, you mean that someone could order crates full of my electricity to be delivered to their homes!
Sometimes, uber-high security ain't all that necessary -- especially with things like utility companies, who send you snail-mail confirmation of changes.
If hackers get access to the password database, they've already got access to all the other details worth hacking.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: If hackers get access to the password database, they've already got access to all the other details worth hacking.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
The article itself already explains why this is serious, but I'm quickly reaching the conclusion you just enjoy trolling stories here.
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
Rob Grainger wrote: The article itself already explains why this is serious Yes, well, they got it wrong.
Time for a reality check:
0. Get someone's phone number
1. Hack the person's utility account number, somehow
2. Hack the person's e-mail, so that you can receive the plain-text password
3. Hack the person's password for the utility company, so that you can log in to the web interface, clicking through God-only knows how many pages on what is probably not the fastest server in the world
4. Click through several more pages, to ask for the password
5. Log in to the user's e-mail, to receive the password that you already used to log in and request it
6. Repeat steps 0-5 for every single customer of the company
7. Profit by... Um... Well, you've already hacked their e-mail, and you had already hacked their utility account, so so there ain't no profit in requesting the plain-text password
Don't fall for every scare story you read.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Except that they may reuse the same password for other accounts, such as online banking. As was stated in the article, which evidently you still failed to read properly before this diatribe.
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
They also have access to some peoples email, social media accounts and bank accounts.
You would be amazed at how many people use the same password for everything.
Now do you see the problem?
|
|
|
|
|
Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected. Anytime you're in a browser, odds are you're running bad code anyway
Once again: *thanks*, security researchers. I suppose it's nicer of you to find them than the "evil hackers", but I sometimes wish you wouldn't.
|
|
|
|
|
Kent Sharkey wrote: Once again: *thanks*, security researchers. I suppose it's nicer of you to find them than the "evil hackers", but I sometimes wish you wouldn't. No kidding!
This "Ooh, let's put all our government funding into finding ways to hack people's computers!" cr@p has to be regulated! It's way out of hand.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Quote: The difference between the two is that MarioNet can survive after users close the browser tab or move away from the website hosting the malicious code.
Do Chrome and Firefox provide configuration switches to globally disable service workers? Being able to run code indefinitely after the page is closed is a sufficiently stupidly designed anti-feature that I can't believe it's anywhere close to the only case where the api is an incompetently designed cluster and gift to malware authors everywhere. Maybe they'll get it right the third time around, but as it stands breaking every page that uses them feels like a feature not a bug.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Firefox:
Navigate to about:serviceworkers to see what service workers have been registered.
Navigate to about:config . Acknowledge the warning. Search for dom.serviceWorkers.enabled . Toggle it to false .
Navigate to about:serviceworkers again to verify that service workers are not enabled.
Chrome:
Navigate to chrome://serviceworker-internals/ to see what service workers have been registered.
Realise that Chrome doesn't provide any way to block service workers, unless you also block cookies and site data[^] for the site.
Switch to another browser.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: Realise that Chrome doesn't provide any way to block service workers, unless you also block cookies and site data[^] for the site.
Switch to another browser.
Outside of when needed for work I don't. But I do use Vivaldi which is largely Chrome under the hood, and which is obscure enough that asking about how to mess with settings it for its generally not worth the effort on the general web.
Chrome does appear to at least offer a kludgy hack to at least detect when SWs start, the top of the page has a checkbox to "Open DevTools window and pause JavaScript execution on Service Worker startup for debugging." It might be possible to nuke them from there.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Nice!
You learn something every day.
The browser I'm on is a fork of FF, and about:serviceworkers tells me that "Service Workers are not enabled".
Cheers for telling me where to look!
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
If it's based on the ESR release, they should be disabled by default.
Disabled on Firefox ESR, but can be re-enabled with the dom.serviceWorkers.enabled flag.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
A 12-year-old kid from Tennessee created a nuclear reaction in his family's playroom in January 2018, according The Guardian. That makes him the youngest known person to have done so. *Illudium PU-36 available separately
|
|
|
|
|
In other news, lots of other teenagers maxed out their parents' credit cards in other ways.
What a very silly story.
They might as well publish an article when a kiddie builds a train set, or a crystal radio.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: They might as well publish an article when a kiddie builds a train set, or a crystal radio.
False equivalence much?
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
It's not false equivalence.
0. Kiddie spends his daddy's money on his hobby, buying plans and the kit to make whatever it is.
1. There is no 1. That's all there is to it.
The only difference is in the amount you have to spend on kit, which depends on the hobby.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Is his name Sheldon? Did his mom get him tested?
|
|
|
|
|
It's now easier than ever in France to act out "Star Wars" fantasies, because its fencing federation has borrowed from a galaxy far, far away and officially recognized lightsaber dueling as a competitive sport, granting the iconic weapon from George Lucas' saga the same status as the foil, epee and sabre, the traditional blades used at the Olympics. En garde, Darth
|
|
|
|