Oh, this now has an CVE: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
"An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges"
A read-only CryptPad spreadsheet with a list of known apps being used by #Pegasus as infection vectors, along with sources:
DM me if you'd like write access to add things.
„Notfallwarnung im Mobilfunknetz + Cell Broadcast“ | von LaForge's home page | 100 % reine Sachinformation mit nur einer sehr sehr winzigen Prise (notwendiger) Polemik.
WTF!? Microsoft has made the SAM database on Windows 10 readable for all users with one of the recent patches?
(Can confirm on my recently-patched Windows systems, icacls shows c:\windows\system32\config\sam as readable for Users, instead of an access error.)
Bruce Schneier points out that the Citizen Lab has identified another Israeli "Cyberweapons Arms Manufacturer" besides the NSO group, called Candiru: https://www.schneier.com/blog/archives/2021/07/candiru-another-cyberweapons-arms-manufacturer.html
Right now I'm not so sure about "Cyber Defense" products coming from the same region, where it's probable that personnel moves betwen those companies (looking at you, Checkpoint)...
Why am I always doubting my own decisions?
I got a cheap line-interactive UPS because it has very little power usage, it's quiet, and the USB status connection is supported by my Synology NAS (or NUT usbhid-ups, for that matter). All I want to be able to do is bridge the short power dips I've been seeing about once a year, and organize for an orderly shutdown if power is out for a longer time.
But now it's here - just how much cooler would it have been to get a networked UPS with more features?
More to come, I hear.
I am very happy to see investigative journalists finally shining a light on the very people who target them and put them in (sometimes mortal) danger. Shady companies like NSO Group absolutely hate this. Here's hoping we see more of this kind of reporting in the future!
Heh, my desk almost turned into a Battlestation by now. Left: RPi 400 with the small monitor, then the work laptop (going to work has meant opening the lid, and moving over the USB cable with keyboard and mouse for the past year). Main monitor switches to the other input automatically. To the right, a Ryzen ZBox.
Hrm, ok. Auto-typing seems broken in my setup currently. It did paste username and password somewhere, but definitely not into the web site form it was supposed to use.
I mean, this also depends on the dedication of the software publisher - Vivaldi for example provides a deb repository that also has ARM builds. (And so does Microsoft, for Teams and Edge and Vscode, though I'm not sure about the supported architectures).
...kinda reminds me of why I don't like to deal with Linux for everyday use. Software installation is too much of a hassle for everything that moves faster than the distribution release cycle (and I don't like Snap). No idea if people even build Flatpack bundles for ARM?
Whereas the old Windows way of "download, run installer" still works fine, despite all its different kinds of problems (hello dll hell and malware).
Ah, turns out the dimmer circuit is super easy to remove (once the lamp fixture is disassembled), so I'll just add a switch to the cable instead. No more dimming tough.
So if you want to run a current version of Keepass2 from the .zip download with plugins under Mono, you'll need the mono-complete package (on Raspbian/Debian).
It's mentioned in the docs and in the error message when a plugin can't be loaded, but who reads error messages 🙄
Anyways, does seem ok under Raspbian (I just kept the general directory structure that the outdated .deb package uses, but put everything from the download under /usr/local, including a copy of the adapted startup script).
generic computer and internetworking geek
network and systems administration, infosec, retrocomputing
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!