placeholder

Hasnain says:

Should we all just hang up our boots and head home? This is just nuts.

"Don’t serve user-specific or sensitive content from URLs that attackers can predict or easily learn. Attackers can load such URLs in their attack pages (e.g. ) to get the sensitive information into the process rendering their page, and can then use out-of-bounds reads to discover the information. Use anti-CSRF tokens or random URLs to break this kind of attack."

Posted on 2018-01-04T07:51:04+0000

placeholder

Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock

Intel CEO Brian Krzanich sold off a major stake in the company in November, months after the chip maker learned of a significant security flaw in its chips.

Click to view the original at businessinsider.com

Hasnain says:

This is pretty damning. He sold all his stock, down to only holding what he legally had to hold per his contract.

Intel was made aware of the issue in June and the sale plan was put thru in October.

Someone at the SEC is going to have a field day

Posted on 2018-01-04T05:24:40+0000

placeholder

placeholder

The mysterious case of the Linux Page Table Isolation patches

[Various errors and updates are addressed in Quiet in the peanut gallery] tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement...

Click to view the original at pythonsweetness.tumblr.com

Hasnain says:

This is fairly scary. The slowdown will be massive... It's also interesting that AMD isn't affected

"tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer."

Posted on 2018-01-02T20:35:13+0000

placeholder

“Oh My God, This Is So F---ed Up”: Inside Silicon Valley’s Dark Side

Not far from Sand Hill Road exists a private world of wild sex parties and “cuddle puddles.” As one male investor put it, “You could say it’s disgusting but not illegal—it just perpetuates a culture that keeps women down.”

Click to view the original at vanityfair.com

placeholder

Unfiltered Fervor: The Rush to Get Off the Water Grid

Driven by misgivings about how tap water is treated, start-ups are turning to springs and the air for purer sources — and drawing an elite audience.

Click to view the original at nytimes.com

Hasnain says:

I really don't know how to think about this..

"Pure water can be obtained by using a reverse osmosis filter, the gold standard of home water treatment, but for Mr. Singh, the goal is not pristine water, per se. “You’re going to get 99 percent of the bad stuff out,” he said. “But now you have dead water.”

He said “real water” should expire after a few months. His does. “It stays most fresh within one lunar cycle of delivery,” he said. “If it sits around too long, it’ll turn green. People don’t even realize that because all their water’s dead, so they never see it turn green.”

Mr. Singh believes that public water has been poisoned. “Tap water? You’re drinking toilet water with birth control drugs in them,” he said. “Chloramine, and on top of that they’re putting in fluoride. Call me a conspiracy theorist, but it’s a mind-control drug that has no benefit to our dental health.” (There is no scientific evidence that fluoride is a mind-control drug, but plenty to show that it aids dental health.)"

Posted on 2018-01-01T08:35:05+0000

placeholder

Hasnain says:

The level of detail this write up goes into.. whoa.

Also I feel sorry for the apple security engineer who's going to have their new year's ruined.

Posted on 2018-01-01T05:38:34+0000

placeholder

Call of Duty gaming community points to ‘swatting’ in deadly Wichita police shooting

A worldwide community of online gamers might be a key in finding out why a 28-year-old man is dead after being shot by police Thursday evening.

Click to view the original at kansas.com

Hasnain says:

This is so sad and messed up on so many levels.

Two people had a fight over a bet of a dollar in call of duty, one guy gave out a fake address, the other guy swatted him, and so cops got called on a random person and proceeded to shoot him as he opened the door.

I don't even..

Posted on 2017-12-30T01:57:42+0000

placeholder

The Rendering of Middle Earth: Shadow of Mordor

Middle Earth: Shadow of Mordor was released in 2014. The game itself was a great surprise, and the fact that it was a spin-off within the storyline of the Lord of the Rings universe was quite unusu…

Click to view the original at elopezr.com

placeholder

Hasnain says:

This was a really engrossing story even if you don't know Minecraft. Talks about market manipulation.

"Most of the people in the top tier I knew their stores better than they did. It wasn't uncommon, for instance, for Zel to tell someone in chat, "I sell X item for P marbles," only for me to interject, "You sell X for Q but you've been out of stock for a week. Market East, second left, third shop on the right sells for R." One time I caught someone who had been using a hopper to siphon emeralds out of one of Victoria's shop chests. I didn't witness it or anything, I just noticed her supply had steadily dropped over the course of a week at a rate that was highly unusual given how the emerald market normally flowed. Summoned a mod to check the history of the blocks underneath, and my suspicions were confirmed. Victoria hadn't realized anything was even missing."

Posted on 2017-12-29T08:44:56+0000