US government’s attack on free speech, science, and research is causing a brain drain
How do you create a brain drain and lose your status as eminent destination for scientists and researchers? The United States seems to be sending out questionnaires to researchers at universities and research institutes outside of the United States, asking them about their political leanings. Dutch universities are strongly advising Dutch researches not to respond … ⌘ Read more

Hi! i’m a paralyzed cat. When i was just one month old, i was attacked by a dog or a human and my spine was broken. This is how meowmy found me and adopted. Meowmy always helps me with difficulties in my daily life ⌘ Read more

FOSS infrastructure is under attack by AI companies
What do SourceHut, GNOME’s GitLab, and KDE’s GitLab have in common, other than all three of them being forges? Well, it turns out all three of them have been dealing with immense amounts of traffic from “AI” scrapers, who are effectively performing DDoS attacks with such ferocity it’s bringing down the infrastructures of these major open source projects. Being open source, and thus publicly accessible, means these scrapers have … ⌘ Read more

FOSS infrastructure is under attack by AI companies
Article URL: https://thelibre.news/foss-infrastructure-is-under-attack-by-ai-companies/

Comments URL: https://news.ycombinator.com/item?id=43422413

Points: 545

# Comments: 317 ⌘ Read more

Legends of Open Source Under Attack by Leftist Extremists
The most prominent leaders in Free and Open Source Software (from Stallman to Torvalds) are regularly attacked, ostracized, or outright banned by Leftist Extremists. ⌘ Read more

This monster goes from licking my arm to attacking me, all while purring the whole time ⌘ Read more

C++ creator calls for help to defend programming language from ‘serious attacks’
Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory safety shortcomings. C and C++ are built around manual memory management, which can result in memory safety errors, such as out of bounds reads and writes, though bo … ⌘ Read more

The cat attack ⌘ Read more

PostmarketOS Joins Codeberg’s Fight Against “Right Wing Forces”
Following dubious announcement of attack by “Right Wing Forces” by Git hosting company, a Linux Phone OS project has joined their crusade. ⌘ Read more

Yeah nice try assholes 🤣 #failed #phissing #sms href=”https://we.loveprivacy.club/search?q=%23attack”>#attack**
Yeah nice try assholes 🤣 #failed #phissing #sms #attack ⌘ Read more

New speculative attacks on Apple CPUs
Article URL: https://predictors.fail/

Comments URL: https://news.ycombinator.com/item?id=42856023

Points: 502

# Comments: 180 ⌘ Read more

10 Most Effective Surprise Attacks in Military History
The surprise attack has been a cornerstone of military strategy throughout most of human history. While true surprise attacks are a little more difficult to coordinate on a mass scale in the modern age of warfare, they remain reference points for how to conduct the most effective kind of military campaign: the kind that minimizes […]

The post [10 Most Effective Surprise Attacks in Military History](https://listverse.com/20 … ⌘ Read more

AI bots paralyze Linux news site and others
Apparently, since the beginning of the year, AI bots have been ensuring that websites can only respond to regular inquiries with a delay. The founder of Linux Weekly News (LWN-net), Jonathan Corbet, reports that the news site is therefore often slow to respond. The AI scraper bots cause a DDoS, a distributed denial-of-service attack. At times, the AI bots would clog the lines with hundreds of IP addresses simultaneously as soon as they decided … ⌘ Read more

Attacks on Maven proxy repositories
Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.

The post Attacks on Maven proxy repositories appeared first on The GitHub Blog. ⌘ Read more

0-click deanonymization attack targeting Signal, Discord, other platforms
Article URL: https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

Comments URL: https://news.ycombinator.com/item?id=42780816

Points: 503

# Comments: 179 ⌘ Read more

[ANN] Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
Link: https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

@basses:matrix.org ⌘ Read more

[ANN] Attacks on onion monero nodes with HSDirSniper

Based on connection issues and the monero node trackers, I believe someone is carrying out attacks on monero nodes that have onion addresses using the HSDirSniper attack for tor.

Link: https://farside.link/libreddit/r/Monero/comments/1i2uv5y/

u/jackintosh157 (Reddit) ⌘ Read more

お知らせ：JPCERT/CC Eyes「あなたではなく組織の財産を狙うLinkedIn経由のコンタクトにご用心」 ⌘ Read more

(#tw5ulrq) @bender@bender you’re right the scale wasn’t that large, but analyzing the logs. It definitely was a detox attack. 🤣 I woke up …
@bender you’re right the scale wasn’t that large, but analyzing the logs. It definitely was a detox attack. 🤣 I woke up this morning to see six other small spikes like this which I’ll have to analyze later tonight… ⌘ Read more

**So I need to figure out how to block ASN(s)…

Additionally, I’ thinking of; How to detect DDoS attachs?

Here’s one way I’ve come up that’s qu …**
So I need to figure out how to block ASN(s)…

Additionally, I’ thinking of; How to detect DDoS attachs?

Here’s one way I’ve come up that’s quite simple:

Detecting DDoS attacks by tracking requests across multiple IPs in a sliding window. If total requests exceed a threshold in a given time, flag as potential DDoS. ⌘ Read more

Hmmm so I’ve sustained two DDoS attacks on my Gitea server today. A few hours apar. Still analyzing the traffic…
Hmmm so I’ve sustained two DDoS attacks on my Gitea server today. A few hours apar. Still analyzing the traffic… ⌘ Read more

What are subsea cables, and what happens when one gets cut?
The text message you just sent and the last show you streamed was almost definitely facilitated by a subsea cable. So why are they so vulnerable to attack? ⌘ Read more

Everything you need to know about Turo, the car sharing app used in two US attacks
The app – used in the New Orleans and Las Vegas tragedies – has quickly and quietly grown into Australia’s largest car share marketplace. ⌘ Read more

(#mgmtiha) @movq I was using Cloudflare primarily for 3 reasons: 1) For hosting DNS records 2) For reverse proxying into my infra’s services and …
@movq @www.uninformativ.de I was using Cloudflare primarily for 3 reasons: 1) For hosting DNS records 2) For reverse proxying into my infra’s services and 3) As a layer of defense against DDoS attacks or stupid misbehaving bots. I’m still using Cloudflare for 1) but 2/3 are now done entirely by something I’ve … ⌘ Read more

お知らせ：JPCERT/CC Eyes「近年の水飲み場攻撃事例 パート2」 ⌘ Read more

One thing I’ve learned over the many years now (approaching a decade and a half now) about self-hosting is two things; 1) There are many “assh …
One thing I’ve learned over the many years now ( approaching a decade and a half now) about self-hosting is two things; 1) There are many “assholes” on the open Internet that will either attack your stuff or are incompetent and write stupid shit™ that goes crazy on your stuff 2) You have to be careful about resources, especially memory and disk i/o. Especially disk i/o. this can kill your … ⌘ Read more

(#2ati6aq) @movq This was more like a distributed crawl/attack of some kind across many IP(s) though and bypassing Cloudflare somehow, so hmm no …
@movq @www.uninformativ.de This was more like a distributed crawl/attack of some kind across many IP(s) though and bypassing Cloudflare somehow, so hmm not sure 🤔 ⌘ Read more

(#ywl4paq) Ahh I see what I’ve done. That was a bit unfortunate 🤣 Because git.mills.io was a non-proxied DNS entry so that Git+SSH would al …
Ahh I see what I’ve done. That was a bit unfortunate 🤣 Because git.mills.io was a non-proxied DNS entry so that Git+SSH would also work, I now have a problem hmm. How not to expose my IP(s) directly and open them up to attack? 🤔 ⌘ Read more

Well that was fun! 🤩 I was being attacked directly (bypasses Cloudflare somehow) and whatever dafuq that was was killing my ingress and cau …
Well that was fun! 🤩 I was being attacked directly ( bypasses Cloudflare somehow) and whatever dafuq that was was killing my ingress and causing it to get OOM killed 😱 I was seeing 100s of requests per second!!! 😱 ⌘ Read more

お知らせ：JPCERT/CC Eyes「近年の水飲み場攻撃事例パート1」 ⌘ Read more

openSUSE Unable to Find Board Candidates After Banning Conservatives
Over the last 2 years the famous Linux project has attacked and mass-banned non-Leftists. Now there’s nobody left to run openSUSE. ⌘ Read more

[WTS] [DE] [$200] Hardened ThinkPad T420 laptop

This hardened T420 is tailored for those prioritizing security and privacy, with critical modifications ensuring minimal attack surfaces while maintaining its functionality as a reliable workhorse.

Link: https://moneromarket.io/listing/cb5a7f96-c21b-48ff-95f8-0d0009e752af

u/notgiven (MoneroMarket) ⌘ Read more

These Journalists Attacked Me, Where Are They Now? ⌘ Read more

[ANN] The States Active Attack On Monero

“The tools can and should aim towards reducing the particular currencies value, consequently inducing a voluntary outflow of their users.”

Link: https://farside.link/libreddit/r/Monero/comments/1go5yh1/

u/Lumpy-Initiative-779 (Reddit) ⌘ Read more

Robotic dogs helping hazelnut growers battle costly bird attacks
Most hazelnuts consumed in Australia are imported, but in a bid to boost local production growers are testing some creative solutions to stop birds attacking crops. ⌘ Read more

Author of “Stallman Report” Hit Piece Collects and Publishes Child Porn?
A continuing pattern of Leftist Extremists attacking others in Tech for what they, themselves, do. ⌘ Read more

What is zero trust authorization?
Member post originally published on Cerbos’s blog by Twain Taylor Traditional security models, which rely on perimeter-based defenses, have proven to be quite inadequate in the face of sophisticated attacks and the growing adoption of cloud… ⌘ Read more

Remembering When Obama Declared Linux Users “Extremists”
Part of a long pattern of Leftist attacks on Open Source and Free Software. ⌘ Read more

Why Were Russian Programmers Banned From Linux, But Not Huawei Employees?
Plus: Linus Torvalds goes on attack against “Russian Trolls”. ⌘ Read more

Attacking browser extensions
Learn about browser extension security and secure your extensions with the help of CodeQL.

The post Attacking browser extensions appeared first on The GitHub Blog. ⌘ Read more

Twitch Bans All of Israel, Un-Bans Anti-Jewish Terrorists
In response to the Oct 7 attacks on Israel, the Amazon company (with moderators in Egypt) took an anti-Israel stance. ⌘ Read more

[ANN] [Video] Using a Cospend attack to target an individual collecting donations (Canadian Trucker example)
Links:

• https://redirect.invidious.io/watch?v=Cu2dk78165Y
  
• https://odysee.com/@anti_moonboy:7/AotPO5:7
  
• https://rumble.com/v5j6cod-aotpo-episode-5
  

lordx3nu:matrix.org ⌘ Read more

Drew DeVault Behind Stallman-Report.org Hit Piece
Some mild DNS sleuthing has revealed the “anonymous” author of the attack on Richard Stallman. ⌘ Read more

[ANN] [CVE-2024-9680] Update Tor Browser & Firefox immediately

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.

Links:

• https://blog.torproject.org/new-release-tor-browser-1357/
  
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
  

n … ⌘ Read more

JMP: CertWatch
As you may have already seen, on October 21st, it was reported that a long-running, successful MITM (Machine-In-The-Middle) attack against jabber.ru had been detected. The nature of this attack was not specific to the XMPP protocol in any way, but it was of special interest to us as members of the XMPP community. This kind of attack relies on being able to present a TLS certificate which anyone trying to connect will accept as valid. In this case, it was done b … ⌘ Read more

The “9.9” Linux Vulnerability Revealed: It’s The Printers
Remote attacker can execute code by simply sending a UDP packet to a Linux machine. ⌘ Read more

Privacy Watchdog Group Attacks Mozilla for Firefox User Tracking
Because “Privacy Preserving Attribution” doesn’t actually “Preserve” Privacy. ⌘ Read more

@prologic@twtxt.net Wikipedia claims sha1 is vulnerable to a “chosen-prefix attack”, which I gather means I can write any two twts I like, and then cause them to have the exact same sha1 hash by appending something. I guess a twt ending in random junk might look suspcious, but perhaps the junk could be worked into an image URL like

Image

git only uses sha1 because they’re stuck with it: migrating is very hard. There was an effort to move git to sha256 but I don’t know its status. I think there is progress being made with Game Of Trees, a git clone that uses the same on-disk format.

I can’t imagine any benefit to using sha1, except that maybe some very old software might support sha1 but not sha256.

@prologic@twtxt.net Why sha1 in particular? There are known attacks on it. sha256 seems pretty widely supported if you’re worried about support.

@prologic@twtxt.net

There’s a simple reason all the current hashes end in a or q: the hash is 256 bits, the base32 encoding chops that into groups of 5 bits, and 256 isn’t divisible by 5. The last character of the base32 encoding just has that left-over single bit (256 mod 5 = 1).

So I agree with #3 below, but do you have a source for #1, #2 or #4? I would expect any lack of variability in any part of a hash function’s output would make it more vulnerable to attacks, so designers of hash functions would want to make the whole output vary as much as possible.

Other than the divisible-by-5 thing, my current intuition is it doesn’t matter what part you take.

1. Hash Structure: Hashes are typically designed so that their outputs have specific statistical properties. The first few characters often have more entropy or variability, meaning they are less likely to have patterns. The last characters may not maintain this randomness, especially if the encoding method has a tendency to produce less varied endings.

2. Collision Resistance: When using hashes, the goal is to minimize the risk of collisions (different inputs producing the same output). By using the first few characters, you leverage the full distribution of the hash. The last characters may not distribute in the same way, potentially increasing the likelihood of collisions.

3. Encoding Characteristics: Base32 encoding has a specific structure and padding that might influence the last characters more than the first. If the data being hashed is similar, the last characters may be more similar across different hashes.

4. Use Cases: In many applications (like generating unique identifiers), the beginning of the hash is often the most informative and varied. Relying on the end might reduce the uniqueness of generated identifiers, especially if a prefix has a specific context or meaning.