-credit to nedroid for strange art

  • 0 Posts
  • 19 Comments
Joined 3 years ago
Cake day: June 10th, 2023
  • Arghblarg@lemmy.catoTechnology@lemmy.worldOpenAI drops plans to release an adult chatbotEnglish
    37·
    19 days ago

    This here. The dirty not-at-all-a-secret is that NONE of it is profitable. It is all a money-burning, water-wasting, RAM-market-sucking black hole.

    There is no road to profitability unless they somehow convince everyone to pay multiple thousands of dollars per year for subscriptions. At least that’s what I keep hearing; evidence otherwise with real references, I’m open to consider.

    EDIT: backblack

  • Arghblarg@lemmy.catoTechnology@lemmy.worldI found a Vulnerability. They found a Lawyer.English
    137·
    2 months ago

    I had a similar experience many, many years ago – before the rules for vuln embargoes were formalized; and I wasn’t even a security researcher. I was just a techie who discovered that the broker’s staff were resetting anyone’s forgotten password to the same temporary word. And like in this article, they had no mechanism to force users to reset the temp password on next login to something unique. I’d asked to have my password reset at some point, having forgotten it, and upon logging in with my user ID accidentally swapping two digits, found myself in someone else’s brokerage account, with substantial funds staring me in the face! And, their email and personal details.

    I disclosed the issue to the broker, but out of paranoia, did it through a throwaway email account, from home, not work (I should’ve used a VPN, but back then I wasn’t as aware of such things). From that throwaway email, I also notified the person whose account I’d accidentally logged into, urging them to check their account and contact the broker to ensure no one else might have gotten into their account.

    A day or so later, I got a call at my work phone from someone at said broker, asking if I had seen any unusual activity on my account, and that they had seen some suspicious activity from our company’s network (remember, the accidental login to the other person’s brokerage account occurred at my work PC)… I suspect they were fishing for info pointing to my being the one who accidentally accessed someone else’s account. I played dumb, as the call did NOT have good vibes; I could sense they were looking for a ‘hacker’ to scapegoat, not calling just to inform people there was a problem.

    Thank heavens I didn’t reveal that I knew anything about the vulnerability… I had just reset my password, nope nothing unusual here, nosirree… but within a day or two their password reset procedure had been changed for the better and emails were sent out stating that a ‘security incident’ had occurred.

    Lesson: Do NOT trust that your security report will be taken as being helpful. Most companies will try to throw you under the bus if they can, to save face.

  • Arghblarg@lemmy.catoTechnology@lemmy.worldWhy Cops Frequently Got Caught Planting Drugs in 2017 | Look. All technology comes with a learning curve.English
    1901·
    2 months ago

    The cameras worked by constantly recording even before the “record” button was pressed, periodically deleting any footage that hadn’t been intentionally recorded. Once the “record” button was pressed by the officer, it would capture the 30 seconds before the button had been pressed, thanks to this method of constantly being on standby.

    But it was a hard concept for cops to understand. They weren’t being properly trained on the fact that their own cameras didn’t start recording once they pressed record. Hitting that button saved the 30 seconds prior as well, a neat feature that really bit them in the ass.

    Maybe bodycams should randomly record even when the RECORD button isn’t pressed by an officer; and the pre-record time should be random from say 2 minutes to 30 seconds before. And the recording should stop a random 30-60 seconds AFTER they hit ‘STOP’. So they never know when they’re being recorded. If they’re not pulling illegal shit, they shouldn’t have any problem with that, right?

    In fact, with storage capabilities nowadays, bodycams should ALWAYS be recording, period. Gotta go to the bathroom? Too damn bad. You’re a public servant. Trust the auditors to redact that if it comes to a court subpoena. You signed up for it. Extraordinary powers come with extraordinary sacrifices.

    Jeebus Chripes. No wonder so many people say ACAB.