There's so much I don't understand in Dashlane's disclosure that an attack on its user accounts resulted in the threat actor obtaining 20 encrypted vaults.

@dangoodin @cibyr yeah this type of multi user attack doesn't really make much sense, you still only get one try per request. A second factor is usually six decimal digits, meaning the attacker has a one in a million chance of outright guessing it. Usually rate limiting should kick in before anything gets broken.

@inthehands are we doing illegal primes again?

Ingrown toe nails are basically slow motion Wolverine claws

In case you were thinking that stuff is up to date: only 4.4% of OpenSSH servers are on 10.0 or later, a version that came out over a year ago.

State of Post Quantum Cryptography | Wiz Blog

Discussion of PQC relevant statistics that we see across our customers and other data sources.

wiz.io (www.wiz.io)

@GossiTheDog ugh and they left themselves some wiggle room: the way it's written, you could claim that the criminals prosecuted are the groups exploiting the vulnerabilities. That is an obvious statement and it's clearly implied that the person doing the zero day release is actively cooperating with threat actors and therefore also criminally liable, but Microsoft can always "well technically" themselves out of this claim.

Don't make me write a Leserbrief

Oh no Zeit, no no no.

@prism @neurovagrant the algorithm was @catsalad all along!

In order to go viral on Mastodon, your post should include at least one cat and some criticism of AI. So here is Binah disliking large language models.

OH
Colleague 1: the performance problems in system X are mostly due to a lot of old shitty code
Colleague 2: thankfully we've invented the shitty code machines, so now you can replace it with new shitty code