NaN

Harder on the corporate side, but this has been an issue in the warehouses.

If they arrest someone to gain access to their key, they don’t need this attack to use their key. They can just use their key.

One thing the article doesn’t make very clear is that for 2FA the PIN requirement comes from the site itself. If the site requires User Verification, the PIN is required. If not, it is not prompted even if set and this attack is possible. The response to the site just says they knew it.

It is different for Passkeys. They are stored on the device and physically locked behind the PIN, but this is just an attack on 2FA where the username and password are known. (In depth it’s more than that, but for most people walking around with a Yubikey…)

It also seems limited in scope to the targeted site and not that everything else protected by that specific Yubikey. That limits how useful this is in general, which is another reason it is sort of nation-state level or an extremely targeted attack. It’s not something your local law enforcement are going to use.

I think the YubiHSM is a much more appealing target, but that isn’t so much a consumer device and has its own authentication methods.

I was confused how a resume or application would be largely affected, but the article points out that software is often used to look over social media now as part of hiring (which is awful).

The bias when it determined guilt or considered consequences for a crime is concerning as more law enforcement agencies integrate black box algorithms into investigative work.

Amazon is notorious for combining stock, “the seller” often doesn’t matter.

I think this is the crux of the article. In the past most people have considered photographic evidence to be very convincing. Sure, you could be removed from a photo of Stalin, and later people could do photoshop (with varying realism), now it’s a few words to make changes that many people believe without hesitation. Soon it will happen to video too, very soon.

Most people are not ready for it. Even shitty AI photos on social media get huge reactions with barely a handful calling them out.

Sir, this is a Wendy’s.

Amazon sold at a loss, but I don’t imagine the employees or suppliers and their employees feel like being paid was a waste.

Laptops are often taken outside the network.

Do xsnow and xpenguins next!

Really great article, and thanks for posting the text of it.

Facebook is weird for me because it triggers my FOMO, but then if I use it all I see are a ton of random things with the most toxic people in the world living in the comments.

And similarly I just realized why my friends on instagram use stories and not posts, because for the most part stories is the only place I see content from people I know anymore (and again the FOMO).

I really relate to the sentence at the end, “there are people there but they don’t know why and most of what they are seeing is scammy or weird.”

My only real problem is I still use windows more than full screen, barely ever use workspaces, and those are two workflows they really want someone to use.

I really like Fedora, but the release cycle is too fast for my tastes. Also I find Gnome distracting these days.

That’s why after 20+ years I use Mint or LMDE. I don’t have the time or interest to tinker the way I used to unless I’m getting paid for it. Mint was the thing that got me to leave Fedora.

That combination works in Brave to search the forum (prefixing !ddg or !d) I’m surprised it doesn’t in Searx.

Galaxy Watch, the original Pixel Watch and the Apple Watch have no charging contacts. It’s really the way to go.

The contacts have been an issue forever, like I remember it messing up a Fitbit a decade ago. Really crazy that it’s still a problem.

With that kind of leadership we should be thankful he can’t run for president, or he’d end up voted in.

Before his Twitter addiction it was much easier to think of him as a rich genius like you see in comic books, mostly since nobody knew what he was thinking. He’s also managed a celebrity-like persona that someone like robot Mark Zuckerberg could never pull off. That and money will always get hangers on.

It’s slower, actually.

Are you really trying to argue over ways of locking down the phone?

On iOS, hitting vol up, then vol down, then hold power for a second will instantly lock down and also no danger of accidentally calling 911 or whatever.

It’s also the fast way to get to the power option.

That’s what all of the analysis is pointing to.

Since the analysis is not complete, the other thing people need to remember is that nobody knows if ssh was the only target or just the only one that was noticed. A ton of stuff uses lzma, including web browsers and password safes.