Did you read the article?
drspod
joined 2 years ago
If you think that I'm misunderstanding something and arguing from a false premise then please feel free to engage with the discussion.
I thought passkeys were supposed to be a hardware device?
This is typical embrace/extend/extinguish behavior from the large platforms that don't want their web-SSO hegemony challenged because it would mean less data collection and less vendor lock-in.
The whole idea of passkeys provided by an online platform should have been ruled out by the specification. It completely defeats the purpose of passkeys which is that the user has everything they need to authenticate themself.
This could also mean that they have found a (classical) vulnerability in one of the most used Post Quantum Encryption algorithms (such as Kyber) and they want everyone to switch to using it ASAP.
It's pretty easy to check and see that this isn't how it works. I checked both my instance and yours and both of them host the images that have been posted to communities on other instances, so clearly images are transferred (or cached) between instances.
Goodhart's law is an adage often stated as, "When a measure becomes a target, it ceases to be a good measure"
The cause of the visitor’s death was not immediately provided.
There's something important missing from this article:
Eventually, that same USB drive is inserted into an air-gapped computer, allowing GoldenDealer to install GoldenHowl (a backdoor) and GoldenRobo (a file stealer) onto these isolated systems.
Why is an airgapped machine running executable code from a USB drive? Is there some OS-level vulnerability being exploited?
The original writeup says the following:
It is probable that this unknown component finds the last modified directory on the USB drive, hides it, and renames itself with the name of this directory, which is done by JackalWorm. We also believe that the component uses a folder icon, to entice the user to run it when the USB drive is inserted in an air-gapped system
So we have airgapped machines that rely on users to click icons in a graphical file manager to move data from USB drives. This is a complete failure of security procedure. If you have systems that need to be airgapped then you also need the corresponding procedures for use of those systems to prevent this kind of compromise.
Another billionaire tech founder demonstrating that these are exactly the people who need to be kept as far away as possible from positions of influence in our society.
you might send that email to the client too by mistake and get fired
That's an unfair dismissal lawsuit: https://www.independent.co.uk/news/uk/smith-oxford-b2616638.html
This vuln is not new, it was published 3.5 years ago: https://nvd.nist.gov/vuln/detail/CVE-2020-26558
*your