charonn0

joined 2 years ago
sorted by: new top controversial old
Amazon Prime Video will start showing ads on January 29th unless you pay extra for ad-free in c/technology@lemmy.world
[–] charonn0@startrek.website 0 points 2 years ago

It's all part of the Prime package. I signed up because they had the new Star Trek shows.

Amazon Prime Video will start showing ads on January 29th unless you pay extra for ad-free in c/technology@lemmy.world
[–] charonn0@startrek.website 5 points 2 years ago (3 children)

Looks like I'm cancelling.

SSH protects the world’s most sensitive networks. It just got a lot weaker in c/linux@lemmy.ml
[–] charonn0@startrek.website 68 points 2 years ago (3 children)

Even the researcher who reported this doesn't go as far as this headline.

"I am an admin, should I drop everything and fix this?"

Probably not.

The attack requires an active Man-in-the-Middle attacker that can intercept and modify the connection's traffic at the TCP/IP layer. Additionally, we require the negotiation of either ChaCha20-Poly1305, or any CBC cipher in combination with Encrypt-then-MAC as the connection's encryption mode.

[...]

"So how practical is the attack?"

The Terrapin attack requires an active Man-in-the-Middle attacker, that means some way for an attacker to intercept and modify the data sent from the client or server to the remote peer. This is difficult on the Internet, but can be a plausible attacker model on the local network.

https://terrapin-attack.com/

Top 50 defederated instances in c/fediverse@lemmy.world
[–] charonn0@startrek.website 1 points 2 years ago* (last edited 2 years ago) (1 children)

That's us.

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack in c/linux@lemmy.ml
[–] charonn0@startrek.website 13 points 2 years ago

Usually you can, though the setting might be listed under something like "show diagnostic during boot".

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack in c/linux@lemmy.ml
[–] charonn0@startrek.website 31 points 2 years ago (4 children)

As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment.

So, does disabling the boot logo prevent the attack, or would it only make the attack obvious?

'Scripture is very clear': New House Speaker tells Congress God has 'ordained' them in c/nottheonion@lemmy.world
[–] charonn0@startrek.website 0 points 2 years ago* (last edited 2 years ago) (2 children)

I believe that Scripture, the Bible is very clear that God is the one that raises up those in authority.

I'm not sure which would be worse: that he didn't think this claim through to its logical conclusion, or that he did and didn't see the problem.

That's unfortunate in c/memes@lemmy.ml
[–] charonn0@startrek.website 0 points 2 years ago* (last edited 2 years ago) (1 children)

I'll never understand this attitude that Europeans have towards Americans. I thought we were friends.

Why you shouldn't use Brave Browser in c/technology@lemmy.world
[–] charonn0@startrek.website 1 points 2 years ago

Where was the nuance in Proposition 8?

view more: ‹ prev next ›