Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)A
Posts
7
Comments
26
Joined
2 yr. ago

  • European government officials and institutions (on all levels) should at least stop using Twitter to communicate with people.

  • Not if an app uses Play Integrity. The entire purpose of Play Integrity is to not work on anything that is not a Google-certified OS.

  • It's not just cards. Many banks today require using a mobile app for online banking, and those apps require an Apple- or Google-certified device and an Apple or Google account. While it is possible to open those accounts under a false name (the apps are free so you don't need to enter payment info), this is still an absurd amount of leverage the US has on everyday people's activities in other countries.

  • Can anyone recommend an app for finding routes using public transport? I am currently using Google Maps, but I'd like to find an alternative, preferably not US/big tech. Tried mapy.com, it didn't work.

  • Not The Onion @lemmy.world

    South Koreans hunt for old LG air-conditioners after logos turn out to be pure gold

    www.straitstimes.com /asia/east-asia/south-koreans-hunt-for-old-lg-air-conditioners-after-logos-turn-out-to-be-pure-gold
  • It's about time.

  • There are multiple VPS providers that allow seeding, for example, ihostart.com.

  • Slaughtering animals for food.

  • demicrosoft @programming.dev

    Microsoft suddenly bans LibreOffice developer's email account, blocks appeal

    www.techspot.com /news/108878-microsoft-suddenly-bans-libreoffice-developer-email-account-blocks.html
  • It's a Dutch Flag! 🇳🇱

    French flag 🇫🇷 has a blue stripe on the left side, not on the right.

  • Deleted

    Permanently Deleted

    Jump
  • Don't threaten me with good time!

  • The article doesn't say what the rules are, so I did some searching and found this:

    According to the rules:

    • Political advertisements must be made available with a transparency label and an easily retrievable transparency notice. These must clearly identify political advertisements as such and provide some key information about them, including their sponsor, the election or referendum to which they are linked, the amounts paid, and any use of targeting techniques.
    • Targeting political advertising online will be permitted only under strict conditions. The data has to be collected from the data subject and it can be used only after the data subject have given explicit and separate consent for its use for political advertising. Special categories of personal data, such as data revealing racial or ethnic origin or political opinions, cannot be used for profiling.
    • To prevent foreign interference, there will be a ban on the provision of advertising services to third country sponsors three months before an election or referendum.

    The second point seems to be the most painful. Meta is all about nonconsensual data collection and targeting.

  • Why do all of them fail this question?

  • Plot twist: the author fixed it themselves to make it appear that someone would pay for it.

  • Someone definitely took this XKCD too literally.

  • Discussions related to Infosec.pub @infosec.pub

    Some images are broken

  • Not The Onion @lemmy.world

    Bees attack French town, leaving 24 injured

    apnews.com /article/france-bees-attack-8c24d5919db13eac5b817c91daf1e7ab
  • Not The Onion @lemmy.world

    Front door to UK House of Lords does not work despite hefty £9.6 million price tag

    www.euronews.com /my-europe/2025/07/03/front-door-to-uk-house-of-lords-does-not-work-despite-hefty-96-million-price-tag
  • Deleted

    Permanently Deleted

    Jump
  • https://infosec.exchange/@harrysintonen/114455549143577092

    Why does the #AISlop problem exist at #hackerone (and likely other bug bounty platforms)?

    Because apparently it works: https://hackerone.com/evilginx/hacktivity?type=user

    It seems that some projects pay bounties for such AI Slop reports.

    This thing works by generating fake vulnerability reports. Here are some of the qualities of the HackerOne report 3125832 sent to #curl:

    • It looks convincing at a glance, especially if you're not a subject matter expert.
    • It's vague about actual repro steps. It makes it impossible for the victim project to reproduce the issue. For example, it makes up fake patches against non-existent, imaginary code.
    • It refers to functions and methods that do not exist (in case someone tries to look for them). When confronted, the attacker refer to some old or new versions of components, using non-existent commit hashes.
    • The report makes up some convincing functionality or names that are novel, but don't really exist.

    An expert’s look at the report shows the number of discrepancies, but finding them takes time and effort. It requires attention from a subject matter expert, with limited resources.

    The real exploit here is that the attacker (evilginx) exploits the fact that the victims (the orgs who paid the attacker money) don't have the capacity to perform thorough analysis and rather just pay up. TL;DR: It's cheaper to pay the bug bounty than hire an expert to perform true analysis.

    Why didn't it work against the curl project? The attacker miscalculated badly. Curl project is not a company and has far greater capability in security response than your average org. Also they can smell #aislop miles away.

    It's only going to get worse from here. This could easily kill the whole concept of #bugbounties. Why?

    • Genuine researches quit in frustration as they don't get proper reward for their hard work, and see #aislop scoop the money.
    • Orgs/projects abandon bug bounty programs since they get mostly AI Slop reports.
    • Financial backing (as donations or investment) for bug bounty programs disappears as the money is paid to scammers.
  • I just like what they post. If I find an interesting post (usually because someone I follow boosted it), I look at the author's other posts, and if I find them interesting, I follow them.

    There is also a list of accounts with the most followers: https://fedidb.com/accounts.

  • Cryptography @ Infosec.pub @infosec.pub

    A bit more on Twitter/X’s new encrypted messaging

    blog.cryptographyengineering.com /2025/06/09/a-bit-more-on-twitter-xs-new-encrypted-messaging/
  • Not The Onion @lemmy.world

    Eight US states seek to outlaw chemtrails – even though they aren’t real

    www.theguardian.com /us-news/2025/jun/08/chemtrails-us-states-legislation