@wdormann.bsky.social
I play with vulnerabilities and exploits. While this site initially showed promise, I've grown tired with its lack of improvement. You'll find me @wdormann@infosec.exchange on Mastodon.
It is much more difficult to stock it when it's locked, yes.
Social media user swipes left on a picture in a post with multiple pictures in their web browser...
Twitter, Mastodon: Swipes to next picture.
BlueSky: Do nothing.
I get that when Twitter doused itself in gasoline and lit a match, BlueSky had potential.
But seriously. How is the web app SO BAD? π€¦ββοΈ
Social media user double taps image in their web browser...
Twitter, Mastodon: Zoom in.
BlueSky: Close image, re-open it.
π€¦ββοΈ
There is nothing that distinguishes a CVE that is disputed because it's fake and one that is disputed because the vendor didn't want to acknowledge it.
This is a problem.
Did one really need to look any further than hearing that it used "bitcoin style encryption"?
Eh, I just enabled passwordless for my 20-year-old hotmail account.
And RDP still accepted my old password. (No Microsoft Authenticator required)
π€·ββοΈ
When you log in to windows using a Microsoft account (eg hotmail), you can use that account's credentials to RDP in.
No RDS AAD or web view here.
I don't know what RDS AAD is.
Simple repro:
1) Log in to Windows 11 with a Microsoft account (eg hotmail)
2) Enable RDP
3) Connect to Windows via RDP using hotmail account
4) Change hotmail password
5) Connect to Windows via RDP using old hotmail password
I'm using a web browser for this website.
Testing GIF upload from an iPhone...
With BlueSky, animated GIFs are uploaded with the video icon.
Because GIF89a files are clearly videos and not images.
Cross-posting apps don't recognize this silly behavior. (Yet??)
If the desire is to implement your own homemade WDAC block policies, tread lightly. If you simply apply a "block this thing" policy, you might very well end up preventing Windows from booting, as a "block this thing" without a corresponding "allow this", well...
WDAC will only block and not allow.π¬
If you wish to inspect an on-device (binary) policy file, you'll need WDACTools: github.com/mattifestati...
With this, you can run ConvertTo-WDACCodeIntegrityPolicy to get a stripped-down human-readable XML policy.
If you enable HVCI and then run:
ApplyWDAC -auto -enforce
you'll be good to go, as it will pull the more-complete online list. github.com/vu-ls/applyw...
If you can't enable HVCI, you'd need to wait for MS to fix WDAC to get complete coverage. But that's not going to happen if I am to believe MSRC.
You've made both of these statements:
- Threat actors are manipulating the ICT to bypass detection
- Run the ICT checker
Doesn't the former sort of invalidate the latter? π€
Or is hope that you've got one of the not-so-good attackers that result in an ICT flagging something?
I suppose my gripe about the wording is that electricity itself has no sound.
*Physical objects* energized by electricity can emanate sound by vibration. π
Electric vehicles run on DC. Not AC.
"they can hear electricity circulating but not enough to power anything else"
I'm curious what electricity sounds like?
Sounds about right for the person who left the Superbowl early because Biden's Tweet got more attention than his. π
But heck, drawing attention to your and @kateconger.com 's book is surely a good idea. Everybody should read it!
No, I don't have a Facebook or Reddit account.
I suppose I was referring to Twitter and Mastodon.
With either of those you can upload a media thing (image, animated, GIF, MP4, etc.), and the trigger to do that is you click a single "media" button.
Separate buttons is completely unnecessary.
BlueSky is the first social media app I've ever used that has a different icon to pick depending on what file type the media is.
This seems unnecessarily complicated.
The fact that BlueSky decides to take the GIF I uploaded and convert it to MP4 does not change the fact that what I'm loading is a GIF file and not a movie file. π€·ββοΈ
Wait...
Animated GIF images maybe need to be uploaded using the "Movie" icon, because GIF89a's are clearly not images? π€
There goes my hopes for a viable post-Twitter platform where we all hang out.
π‘
Oh, BlueSky doesn't even support uploading animated GIFs.
FFS why is this platform so slow to improve?
So you have to use BlueSky directly to get animated GIFs? Lame...
Testing multi-posting app Croissant...
Eventually your client will get throttled with an HTTP 429 (Too many requests), or the site will otherwise fail.
If you have a lot of posts to delete, it's going to take a while.
But is worth it, IMO.
You'll note that what you get is not just a blob of text that you'll have to grep through, but a FULLY FUNCTIONAL website including search! And all uploaded media will be there in the form that it was in on the Twitter website.
Delete away, friends!
2) Delete your posts. e.g. by pasting in this javascript to your authenticated web browser session's JavaScript console.
gist.github.com/nsuan/a2e42d...
Obviously closely inspect what you're about to paste, as pasting JavaScript into a web browser session can be VERY DANGEROUS.