We’re not a fascist, propaganda-addicted cult guys, trust us

Not at all what I meant. The premise was that this wouldn’t happen if they were being paid fairly. Supply chain attacks happen with or without fair pay.

Look at what happened with the XZ backdoor. Whether or not they’re getting paid just means a different door is opened.

The root of the problem is that we blindly trust anyone based on name-brand and popularity. That has never in the existence of technology been a reliable nor an effective means of authentication.

If it’s not outright buying out companies it will be vulnerabilities/lack of appropriate management, if it’s not vulns it’ll be insider threat.

These are problems we’ve known about for at least a decade+ and we’ve done fuck all to address the root of the problem.

Never trust, always verify. Simple as that.

… he made plenty off the product and made additional when he sold. Devs ability to make money has nothing to do with companies coming in and injecting malware to the service.

Any threat actor group with sufficient funds from various campaigns, spyware, etc could use said funds to buy out a dev, owner, etc.

Not to mention state-sponsored threat actors. This is the perfect example of distracting from the fact of what happened.

Good catch! Missed that one

Because it exposes root and system internals. Biggest reason android devices get compromised/hacked and your fun, quirky android becomes a link in a bot net peddling god knows what including attacks against people and other illegal activities and media

For anyone interested - I’d you are using umatrix to block shit you can punch these lines into a new text file and import as blocklist, then commit it with the tiny arrow that points left toward the permanent list to save it permanently:

* www[.]googie-anaiytics[.]com * block

* kuurza[.]com * block

* cdn[.]polyfill[.]io * block

* polyfill[.]io * block

* bootcss[.]com * block

* bootcdn[.]net * block

* staticfile[.]org * block

* polyfill[.]com * block

* staticfile[.]net * block

* unionadjs[.]com * block

* xhsbpza[.]com * block

* union[.]macoms[.]la * block

* newcrbpc[.]com * block

Remove the square brackets before saving the file - these are here to prevent hyperlinks and misclicks.

Edit: this is not a bulleted list, every line must start with an asterisk, just in case your instance doesn’t update edits made to comments quickly.

Edit2: added new IOCs

Edit3: MOAR IOCS FOR THE HOARDE

This has almost nothing to do with what you’re talking about.

A Chinese company bought the domain and the service in February and are attacking people in highly specific conditions. (Mobile devices at specific times)

This is an attack. Not negligence, not an uh oh oopsie woopsie fucky wucky. Attack.

Intuit uses pollyfill… and a lot of people use that service.

Cloudflare and fastly wouldn’t be setting up mirrors if it weren’t still being used, I can guarantee that.

Right right, definitely memeable

Just wasn’t sure if it was a current criticism of current people and ideologies working at Microsoft

Forgot to check the community, didn’t realize they were just makin a meme

24 years ago is a long ass time ago haha

Gotta start at some point!

not sure if this referring to anything specifically but M$ has lots of open source stuff and also invests in Linux - just saying.

https://opensource.microsoft.com/projects/

Good to know! Hadn’t heard of these peeps before, appreciate the clarification and new info!

Allow me to introduce the often abused Computer Fraud and Misuse act: https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

If you’d like to lose the ability to use ANY sort of technology for decades if not indefinitely, go ahead with the greyhat stuff.

The sector of lawfully using your knowledge for good is ever expanding and pays well. I’d strongly advise using your powers for good and dodge any unnecessary risk if you enjoy doing what you do.

9/10 times, it ain’t worth the risk. Being strategic and thinking things over carefully (err on the side of least action) is going to benefit you

Mmm. So I agree with your initial assessment, but the later rationale not so much

Disinformation is the tool used by war today. Russia is doing A LOT of it as of late coming up on this election cycle and could easily push propaganda and fake news via channels like this.

Similarly, and on the other side of this coin, the US could also do this to push propaganda. You cannot trust things for face value on the internet.

Today friends, we will learn about google dorks.

Dorks are common parameters that can be used to quickly locate things that should not be on the internet.

https://github.com/Ishanoshada/GDorks

https://www.stationx.net/google-dorks-cheat-sheet/

Discord: our platform is being abused to peddle malware via c2 channels, file repositories, etc. So to combat this problem, we’re going to ruin the customer experience!

It’s easier when you’re not doing speed balls a la constant dopamine hits - irl you’re not getting constant hits, why should you do it in your free time either.

Hedonism is tough path to subscribe to unless you’re trying for addictive, unrealistic tendencies 🤷🏻‍♂️

Par for the course

Dopamine hits are an addiction. You have to wean yourself off of them and never ever go back. Self control is tough but it is only achieved by trying until you get it.

Don’t keep trying the same things if they’re not working, that’s insanity. Try other strats until you find one that works for you! Games can just be a zen thing too. Try to enjoy more of the little things while playing them. Explore the landscape. Look at how the fauna and npcs interact.

Sometimes it’s about the little things, other times it’s just about setting goals and getting off when you feel content. Zen Buddhist style.