riQQ's recent activity
-
Comment on FrostyGoop malware attack cut off heat in Ukraine during winter in ~tech
riQQ (OP) -
FrostyGoop malware attack cut off heat in Ukraine during winter
15 votes -
Comment on The joy of reading newspapers from other countries in ~news
riQQ Deutsche Welle (DW) has many articles in English: https://www.dw.com/en/Deutsche Welle (DW) has many articles in English:
https://www.dw.com/en/ -
Comment on EU Council has withdrawn the vote on Chat Control in ~tech
riQQ Netzpolitik translates some of its articles to English. The one you posted was translated and is available in English here:...Netzpolitik translates some of its articles to English. The one you posted was translated and is available in English here:
https://netzpolitik.org/2024/victory-for-now-no-majority-on-chat-control-for-belgium/ -
Comment on Advice for hosting (and building) a personal website in ~comp
riQQ (edited )Link ParentNo worries, I mainly posted this for future readers.No worries, I mainly posted this for future readers.
-
Comment on Advice for hosting (and building) a personal website in ~comp
riQQ FE = frontend, right? Took me some time to guess.FE = frontend, right? Took me some time to guess.
-
Comment on The time I built an ROV to solve missing person cases in ~engineering
riQQ (edited )LinkIn the same vein as The hunt for the Death Valley Germans I found this to be a super interesting read.In the same vein as The hunt for the Death Valley Germans I found this to be a super interesting read.
By the autumn of 2020 the story had faded from my mind until my brother called me with an interesting missing person case. That phone call was the starting point of the most interesting adventure I’ve ever had, and it lead to us solving two missing person cold cases, which had been unsolved for 9 and 15 years.
-
The time I built an ROV to solve missing person cases
29 votes -
Comment on Do signed or annotated git tags have any special advantage over lightweight tags? in ~comp
riQQ You can also push lightweight tags: https://git-scm.com/book/en/v2/Git-Basics-TaggingYou can also push lightweight tags:
git push pushes both types of tags
-
Comment on All Santander staff and 'thirty million' customers in Spain, Chile and Uruguay hacked in ~tech
riQQ (edited )LinkThe Ticketmaster and Santander data breach may be just the beginning https://www.wired.com/story/snowflake-breach-ticketmaster-santander-ticketek-hacked/The Ticketmaster and Santander data breach may be just the beginning
https://www.wired.com/story/snowflake-breach-ticketmaster-santander-ticketek-hacked/ -
Comment on Cybercriminals pose as "helpful" Stack Overflow users to push malware in ~comp
riQQ Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.
Sonatype researcher Ax Sharma (and a writer at BleepingComputer) discovered this new PyPi package is part of a previously known 'Cool package' campaign, named after a string in the package's metadata, that targeted Windows users last year.
This PyPi package is named 'pytoileur' and was uploaded by threat actors to the PyPi repository over the weekend, claiming it was an API management tool. Notice how the package has the "Cool package" string in the Summary metadata field, indicating it is part of this ongoing campaign.
-
Cybercriminals pose as "helpful" Stack Overflow users to push malware
19 votes -
Comment on Tesla’s two million car Autopilot recall is now under US federal scrutiny in ~transport
riQQ New development on the same topic previously discussed here: https://tildes.net/~transport/1cul/tesla_recalls_two_million_us_vehicles_over_autopilot_software_issueNHTSA has now closed that engineering analysis, which examined 956 crashes. After excluding crashes where the other car was at fault, where Autopilot wasn't operating, or where there was insufficient data to make a determination, it found 467 Autopilot crashes that fell into three distinct categories.
First, 221 were frontal crashes in which the Tesla hit a car or obstacle despite "adequate time for an attentive driver to respond to avoid or mitigate the crash." Another 111 Autopilot crashes occurred when the system was inadvertently disengaged by the driver, and the remaining 145 Autopilot crashes happened under low grip conditions, such as on a wet road.
NHTSA also found that Tesla's telematics system has plenty of gaps in it, despite the closely held belief among many fans of the brand that the Autopilot system is constantly recording and uploading to Tesla's servers to improve itself. Instead, it only records an accident if the airbags deploy, which NHTSA data shows only happens in 18 percent of police-reported crashes.
New development on the same topic previously discussed here:
https://tildes.net/~transport/1cul/tesla_recalls_two_million_us_vehicles_over_autopilot_software_issue -
Tesla’s two million car Autopilot recall is now under US federal scrutiny
22 votes -
Comment on How GM tricked millions of drivers into being spied on (including me) in ~transport
riQQ GM ends OnStar driver safety program after privacy complaints https://tildes.net/~transport/1fwc/gm_ends_onstar_driver_safety_program_after_privacy_complaintsGM ends OnStar driver safety program after privacy complaints
https://tildes.net/~transport/1fwc/gm_ends_onstar_driver_safety_program_after_privacy_complaints -
Comment on Backdoor in upstream libxz targeting sshd in ~comp
riQQ Most detailed timeline I have found so far: https://research.swtch.com/xz-timelineMost detailed timeline I have found so far:
https://research.swtch.com/xz-timeline -
Comment on Backdoor in upstream libxz targeting sshd in ~comp
riQQ Another post with more findings and a list of affected distros and versions: https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/Another post with more findings and a list of affected distros and versions:
https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/ -
Comment on Backdoor in upstream libxz targeting sshd in ~comp
riQQ Another write-up by Kevin Beaumont: https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafddAnother write-up by Kevin Beaumont:
https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafddNobody else had raised concerns, and I don’t believe any existing security tooling or processes would have caught this (I realise there will be a torrent of vendors claiming they detect this… but they will detect this now that somebody told them).
How advanced was the threat actor? The backdoor attempt was a very serious one, with a very high bar of knowledge, research, development and tradecraft to reach this far into the Linux ecosystem. Additionally, changes made by the threat actor on Github span multiple years, and include things like introducing functions incompatible with OSS Fuzzer due to outstanding small issues since 2015, then getting OSS Fuzzer to exclude XZ Utils from scanning last year. The backdoor itself is super well put together, and even includes the ability to remotely deactivate and remove the backdoor via a kill command. Several days in, despite global focus, I haven’t seen anybody who has finished reverse engineering it.
Also, Andres had a unique testing environment and a set of coincidental setup issues which allowed him to discover the issue. I don’t know of anybody else has this setup.
When I installed a vulnerable Linux box, I had to double check it was actually vulnerable as I wouldn’t even see a speed issue. For me, it was a completely transparent backdoor — where sshd was running from disk as usual, with the usual file hash and no extra network activity.
-
Comment on Visa, Mastercard settle long-running antitrust suit over swipe fees with merchants in ~finance
riQQ Visa and Mastercard announced a major settlement with U.S. merchants on Tuesday, potentially ending nearly two decades of litigation over the fees charged every time a credit or debit card is used in a store or restaurant.
The deal would lower and cap the fees charged by Visa and Mastercard and allow small businesses to collectively bargain for rates with the payment processors in a similar way that the large merchants do on their own now.
According to the settlement announced Tuesday, Visa and Mastercard will cap the credit interchange fees until 2030, and the companies must negotiate the fees with merchant-buying groups.
The law firm that announced the settlement put the value of the savings in swipe fees at close to $30 billion.
-
Visa, Mastercard settle long-running antitrust suit over swipe fees with merchants
20 votes