Will Dormann is on Mastodon

There is nothing that distinguishes a CVE that is disputed because it's fake and one that is disputed because the vendor didn't want to acknowledge it.
This is a problem.

Did one really need to look any further than hearing that it used "bitcoin style encryption"?

Eh, I just enabled passwordless for my 20-year-old hotmail account.
And RDP still accepted my old password. (No Microsoft Authenticator required)
🤷‍♂️

When you log in to windows using a Microsoft account (eg hotmail), you can use that account's credentials to RDP in.
No RDS AAD or web view here.

I don't know what RDS AAD is.
Simple repro:
1) Log in to Windows 11 with a Microsoft account (eg hotmail)
2) Enable RDP
3) Connect to Windows via RDP using hotmail account
4) Change hotmail password
5) Connect to Windows via RDP using old hotmail password

I'm using a web browser for this website.

Testing GIF upload from an iPhone...

With BlueSky, animated GIFs are uploaded with the video icon.
Because GIF89a files are clearly videos and not images.
Cross-posting apps don't recognize this silly behavior. (Yet??)

If the desire is to implement your own homemade WDAC block policies, tread lightly. If you simply apply a "block this thing" policy, you might very well end up preventing Windows from booting, as a "block this thing" without a corresponding "allow this", well...
WDAC will only block and not allow.😬

GitHub - mattifestation/WDACTools: A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies - mattifestation/WDACTools

If you wish to inspect an on-device (binary) policy file, you'll need WDACTools: github.com/mattifestati...

With this, you can run ConvertTo-WDACCodeIntegrityPolicy to get a stripped-down human-readable XML policy.

If you enable HVCI and then run:
ApplyWDAC -auto -enforce
you'll be good to go, as it will pull the more-complete online list. github.com/vu-ls/applyw...

If you can't enable HVCI, you'd need to wait for MS to fix WDAC to get complete coverage. But that's not going to happen if I am to believe MSRC.

You've made both of these statements:

- Threat actors are manipulating the ICT to bypass detection
- Run the ICT checker

Doesn't the former sort of invalidate the latter? 🤔
Or is hope that you've got one of the not-so-good attackers that result in an ICT flagging something?

I suppose my gripe about the wording is that electricity itself has no sound.
*Physical objects* energized by electricity can emanate sound by vibration. 😀

Electric vehicles run on DC. Not AC.

"they can hear electricity circulating but not enough to power anything else"

I'm curious what electricity sounds like?

Sounds about right for the person who left the Superbowl early because Biden's Tweet got more attention than his. 😂

But heck, drawing attention to your and @kateconger.com 's book is surely a good idea. Everybody should read it!

No, I don't have a Facebook or Reddit account.
I suppose I was referring to Twitter and Mastodon.

With either of those you can upload a media thing (image, animated, GIF, MP4, etc.), and the trigger to do that is you click a single "media" button.

Separate buttons is completely unnecessary.

BlueSky is the first social media app I've ever used that has a different icon to pick depending on what file type the media is.

This seems unnecessarily complicated.

The fact that BlueSky decides to take the GIF I uploaded and convert it to MP4 does not change the fact that what I'm loading is a GIF file and not a movie file. 🤷‍♂️

Wait...
Animated GIF images maybe need to be uploaded using the "Movie" icon, because GIF89a's are clearly not images? 🤔

There goes my hopes for a viable post-Twitter platform where we all hang out.
😡

Oh, BlueSky doesn't even support uploading animated GIFs.
FFS why is this platform so slow to improve?

So you have to use BlueSky directly to get animated GIFs? Lame...

Testing multi-posting app Croissant...

Eventually your client will get throttled with an HTTP 429 (Too many requests), or the site will otherwise fail.
If you have a lot of posts to delete, it's going to take a while.
But is worth it, IMO.

You'll note that what you get is not just a blob of text that you'll have to grep through, but a FULLY FUNCTIONAL website including search! And all uploaded media will be there in the form that it was in on the Twitter website.
Delete away, friends!

Delete all <s>anime.exe</s> tweets Delete all <s>anime.exe</s> tweets . GitHub Gist: instantly share code, notes, and snippets.

2) Delete your posts. e.g. by pasting in this javascript to your authenticated web browser session's JavaScript console.
gist.github.com/nsuan/a2e42d...
Obviously closely inspect what you're about to paste, as pasting JavaScript into a web browser session can be VERY DANGEROUS.

To those who still have posts remaining on the Nazi site for the sole purpose of being able to search through things that you've said in the past:
1) First download an archive of your data. (There might be a 1-day delay before you get it)
x.com/settings/dow...

Did everybody enjoy that video streaming marvel that was the Mike Tyson fight last night?

Maybe. That's the time that I decided to pick Mastodon instead of here.
We'll see how things look when the dust settles.
I'm not married to any particular platform. It just would be nice for everybody to be in one place (LOL).