Security News
A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets. In addition to application data, source code or configuration files in the S3 buckets can also contain 'secrets,' which are authentication keys, access tokens, and API keys.
The French regulator's objection, which was echoed last year by at least the UK and the Australian regulator as well, is: "We consider this unlawful in our country. You can't go scraping people's images for this commercial purpose without their consent. And you're also not complying with GDPR rules, data destruction rules, making it easy for them to contact you and say, 'I want to opt out'." In the same way that Bletchley Park in the UK secretly employed more than 10,000 people I didn't realise this, but it turned out that there were well over 10,000 women recruited into cryptology, into cryptographic cracking, in the US to try and deal with Japanese ciphers during the war.
DOUG. "Your password has a low security level and maybe at risk. Please change your login password." DUCK. Yes, "Your password has a low security level".
Should hospital ransomware attackers get life in prison? Who was the Countess of Computer Science, and just how close did we come to digital music in the 19th century? And could a weirdly wacky email brick your iPhone? The problem with a messaging app is that: [A] it tends to run in the background, so it can receive a message at any time; [B] you don't get to choose who sends you messages, other people do; and [C] it may be that in order to get into the app to delete the rogue message, you have to wait for the app to load, and it decides.
Let's stay on the subject of scams, and talk about scammers and rogue callers. DUCK. Well, there are scam calls and there's nuisance calls.
You need a password, but finding one email address and password combination valid at any given Exchange server is probably not too difficult, unfortunately. There are a surprising number of people who switched to the cloud, possibly several years ago, who were running both their on-premises and their cloud service at the same time during the changeover, who never got round to turning off the on-premises Exchange server.
All of it I've never spent more than 10 seconds authorising myself to get into something when multifactor has popped up, and I can spare 10 seconds for the safety and security of not just my company's data, but our employees and our customers data. CHET. Well, the precise law in the United States, the Computer Fraud and Abuse Act, is very specific about the fact that you're breaching that Act when you exceed your authority or you have unauthorised access to a system.
DUCK. Yes, Uber has come out with a follow up report, and it seems that they're suggesting that a hacking group like LAPSUS$ was responsible. Just because you have those that's a security gate, but it's not the end-all and be-all to keeping someone out.
I'm coming to you from Vancouver, I'm downtown, I'm looking out the window, and there's actually an Uber sitting outside the window. At a very high level, the consensus appears to be that there was some social engineering of an Uber employee that allowed someone to get a foothold inside of Uber's network.
If you open something in the current window, then you're significantly limited as to how exciting and "System-like" you can make it look, aren't you? You can't write anything outside the browser window, so you can't sneakily put a window that looks like wallpaper on the desktop, like it's been there all along.