#how to secure your website from hackers | Explore Tumblr posts and blogs

ms-demeanor · 6 months ago

Note

I've seen you say a few times that it's a good idea to have a password manager; could you explain why? I always feel like I'm missing something when it's mentioned because it's phrased as if there's an obvious danger that password managers protect you from, but I'm honestly not sure how they help keep passwords secure.

The obvious danger is human nature. Humans are bad at creating passwords; your passwords are almost certainly easy to guess, repeated across different accounts, or both, because that is just how the vast VAST majority of people create passwords, because humans are bad at creating passwords. Everybody knows "the rules" for creating passwords (don't use the same password on multiple websites, don't include personal details in your passwords, don't use very common words or letter or number sequences in your passwords, don't tell other people your password) and people break all of those rules anyway.

A standalone (not in-browser like firefox or chrome password manager, though those are better than nothing) password manager stores your passwords, generates complex passwords for you, and can also be used for things like storing notes on passwords (like "did I put my MFA on my email or my cellphone or an app for this password?" or "here are the made-up answers to the security questions I used for this website because I definitely didn't use real answers or answers I'd used on previous websites" or "these are the bills associated with this credit card").

With the way the current security landscape works, there are two things that are extremely important when you are creating a password:

Uniqueness

Complexity

The overwhelmingly prevalent way that people get "hacked" these days is through credential stuffing.

Let's say that your private data was revealed in the Experian breach a decade ago. It revealed your name, email address, and phone number. Now let's also say that your private data was revealed in one of the many breaches from social media sites; that one revealed your name, email address, phone number, password, and security questions.

If someone wants to try to gain access to one of your accounts - let's say your bank account - if they have your name and phone number (usually extremely easy to find online), they can cross-reference that information with data that has been revealed in previous breaches - now they've got your name and your email address (which you probably used to sign up for your online banking and have ABSOLUTELY used as your login for accounts all over the place) and at least one password that you've used somewhere.

But the thing is, they don't have one password. They have every password associated with that email address that has ever been revealed in a breach. If you go to the site haveibeenpwned.com you can enter your email and see how many times your email address has appeared in a breach. You can compare that with the number of passwords that were revealed in those breaches and you can ask yourself "what did those passwords have in common?"

Because I can tell you, my Tumblr password from 2013, my Kickstarter password from 2014, and my Disqus password from 2017 (all revealed in various breaches) probably had a lot in common.

So, now the hacker has: your name, your email (which is probably your username), and various passwords they can try to use to log in. Did you use the same password for Facebook and Twitter eight years ago? Did you use parts of that password for creating your bank password? If you heard that twitter passwords were exposed in a breach you probably changed that password, but did you change the bank password that you built on the same structure? Probably not.

So what people will do is gather up all of this information and guess. They'll try your 2017 Disqus password to see if it will get access to your bank account. They'll try your 2020 Gravatar password. They'll try your 2024 Internet Archive Password.

And the reason they do this is because it works.

And the reason that it works is because we are all fucking garbage at remembering unique, complex passwords so instead of creating actually unique, complex passwords most people pick one memorable word or phrase, one memorable number, one unusual character, and *MAYBE* one feature of the site they're creating the login for and they use that template forever (1988Tumblrmacabre!, 1988Facebookmacabre!, 1988Ticketmastermacabre!) OR they create one password that they think is complex enough and use it across multiple sites with minor tweaks ($n0h0mi$hRu13z, sn0h0mishRul13z!, $n0h0mi$hWA) as needed for the sites' password requirements.

So most of what password managers do that is a drastic security improvement over people creating and memorizing passwords is that they create passwords that are functionally impossible to guess and functionally impossible to memorize. The problem with memorizing passwords (which is what you're doing if you're creating a bunch of passwords that you type in all the time) is that you can't actually remember all that many passwords so you'll repeat those passwords. The problem with creating passwords on your own is that passwords that humans create are pretty guessable. Even if you're doing a passphrase that's a long string of words you're probably working with common words ("correct horse battery staple" as opposed to "truculent zygote onomatopoeia frangible") and your password is more guessable than you'd really want it to be. Password managers don't do that, they generate gibberish.

Perhaps you are that rare person who gets out a set of dice and a notepad and rolls up every character for your password and memorizes it and never repeats, and if that's you, you could still benefit from a password manager because a password manager makes it easier to change that unique complex password when it is inevitably revealed in a breach.

So, okay, let's check in with where we're at:

Password managers mean that you don't have to memorize your password, which means that you don't need a password that is easy to memorize, which means that they can create passwords that are extremely complex and are therefore very difficult to guess. This protects you from crackers who will try to brute force your password.

Password managers mean that you don't have to remember extremely complex passwords for every account, which means that you are less likely to repeat your password in whole or in part across multiple accounts. This protects you from credential stuffers, who will try to use your password from one account that was revealed in a breach to open other accounts that were not.

Because password managers can generate and store complex passwords essentially instantly, you can replace passwords nearly effortlessly when there is a breach (no need to 'come up with' a new password, no issues with learning or memorizing it).

There are, however, advantages beyond that.

One major, MAJOR advantage of a properly-used standalone password manager is that it makes you safer from various kinds of phishing attempts and link hijacking. When you are setting up a password in your password manager (PWM from here on), you should be on the website that you want to log in to. The PWM will give you the option to save the domain that you're logging in to. That means the PWM will remember the correct URL for your Tumblr login so when you go to the tumblr login screen in the future, it will offer to fill those fields. What it will NOT do is offer to fill those fields if someone sends you an email that spoofs tumblr support and wants you to log in at "tumblr.co" or "tumblr-support.com." Knowing this, and knowing that you should be putting your credentials in through the PWM fill option rather than copy/paste, is a GREAT way to protect against phishing that is often overlooked and definitely under-discussed.

Another advantage is that a standalone PWM will let you store secure notes with your passwords so that you can do things like keep track of recovery codes for the website, or generate gibberish answers to security questions. Security questions and answers are often revealed in breaches, can't be reset by the user as easily as a password, are repeated across websites MUCH more than passwords, and can be used to take over an account and reset the password. You shouldn't be giving real security answers, or even fake-but-repeated security answers; you should treat each of those like a password that needs to be complex and unique, which means that they need to be stored someplace (like a password manager).

I also personally use my password manager to store my car insurance information, my driver's license info, and payment details for easy entry, making it convenient for a lot of thing beyond password storage. (Bitwarden. My password manager is bitwarden. I recommend Bitwarden. go to ms-demeanor.com and search "bitwarden" to learn more.)

As to how they keep your passwords safe, aside from ensuring that you don't enter your credentials into a skimming site, a good password manager is well encrypted. Your password safe should be functionally impossible to crack and what people tend to not realize is that a proper password manager (like bitwarden) doesn't keep all your passwords in one encrypted safe, each one of your passwords is in its own encrypted safe. If someone hacks Bitwarden it's not like using a huge amount of effort breaking into a bank vault and finding a big pile of money, it's like using a huge amount of effort breaking into a bank vault and finding a big pile of bank vaults. Each password within your vault requires decryption that is functionally impossible to crack (at least with a good password manager, like bitwarden, the password manager I recommend and think that people should use).

Additionally, just as, like, a side note: password managers never accidentally leave caps lock on or forget which characters are capital or lower case and don't require the use of two hands and focused attention on the keyboard. You're never going to mistype your password if the password manager is filling it, and you would not believe the number of people we support at work who require password resets because they are typing their password wrong and don't realize it.

TL;DR:

Password managers make better passwords than you can and they make it possible to instantly create, store, and enter complex passwords, which prevents password cracking and makes people less likely to reuse passwords. They are heavily encrypted and should be functionally impossible to access, and each individual password within the manager should also be encrypted if you use a good password manager. Password managers also prevent people from entering their credentials on scam sites by only filling on matched domains. Standalone password managers (not browser password managers) also allow users to create and store unique security questions and account details to prevent bad actors from gaining access with stolen security answers. The password manager I recommend is Bitwarden.

If people used password managers to create, store, and use unique and complex passwords, and if they did regular backups of their system I think that probably about half of the InfoSec field would be out of a job.

Please use a password manager!

2K notes · View notes

snotgrl-02 · 9 months ago

Text

VPNs do not make you more secure

here's how they work!

first of all, most of your internet traffic is already encrypted via TLS (Transport Layer Security). Things that aren't encrypted are usually videogames or less important applications.

a VPN encrypts traffic between your computer and the VPN server you're using.

your Internet Service Provider (ISP) sits in the middle of that transaction.

cue the MS paint diagram

Without a VPN:

With a VPN:

the traffic between your VPN server and the rest of the internet is not encrypted any further.

things that VPNs are good for:

bypassing geo-blocking

bypassing website blocks set up by your ISP

obscuring network traffic from your ISP

things that VPNs are not good for:

browsing the internet without having your activity logged. every company that gives internet service logs the activity, it's half of how they make sure they're not being hacked.

hiding information from the government. VPN providers WILL bend to subpoenas, they WILL turn over logs of your network activity.

cybersecurity. VPNs can't save you once the traffic is between them and the final destination. they don't analyze your traffic to detect and stop hackers, they don't add any encryption where it matters.

VPNs are not a shortcut to security. you cannot pay 15 dollars a month to forgo all responsibility for your own digital privacy. do your research, use a password manager, stay safe.

my friends i hope you find this information useful. you have been sold a lie. remember to show extreme skepticism to youtube sponsorships and journalism websites which sing their praises.

sources: i have a certificate iv in cybersecurity

2K notes · View notes

incelraki · 4 months ago

Text

(Epilogue!) Bill Dickey NSFW headcanons (and drabble)

MDNI!!! this is very much 18+ content, shoo! shoo!

Warnings: general gross behaviour, stalking, dick stepping (mild mention), humiliation, misogynistic terms and cuss words LMK if i missed anything!!

-----------------------------------------------------------------

One of those guys to buy a body pillow of his fav or one of a girl that looks like his crush

That thing reeks and we all know it

Only showers if absolutely necessary

soft stalks his person of interests

Uses websites like 4chan to find home camera's of girls near him

Remember that scandal that happened years ago? There were these cameras people has put up in around their houses and you were supposed to enter a passcode to get into your feed Except, most people didn’t do that. So, many hackers were able to easily get into people’s home cameras and watch them without them noticing One even made a site where you could find these cams for free and watch people. This was sent all over 4chan and enjoyed by incel perverts all over the world

Some freaks would go as far as to use the microphone function to talk to people, others would send secret gifts to people’s doorstep’s after watching them, to freak em out

A public security notice was immediately thrown out there by the company when the site was discovered But a lot of people didn’t see the news, never checked their email and left their passcodes unused.

The site is still up, or the cams are at least still able to be hacked into

I know Bill is the type of bastard to find a pretty girl who was too much of a dumb bimbo to change her passcode and watch her. How convenient she has a camera in her bedroom.

Secretly loves having his dick stepped on

and being humiliated by someone far bigger than him (preferably a big-chested bimbo doll)

His glasses fog up as hes fucking his fist while watching some porno

alternatively: he's watching you through a secret camera feed

Whimpers like a bitch in heat when he's getting close

Imagining you fucking bill and him uncharacteristically inviting you over to the Eltingville club

Joining a club meeting a week or so after fucking Bill and everyone knows but no one fucking says anything You’re gaming, probably some rpg with big chested ladies, when you suddenly blurt out how pathetic Bill really is, and how quickly he finished Bill puts on an act, calling you a braid dead femoid who doesn’t know what the fuck she’s talking about But deep down, his stomach is doing back flips because oh my god he’s so embarrassed and oh my god he has the biggest boner of his life right now

It goes without saying that before meeting you he had never touched a girl before, let alone fucked one

PWP below the cut

"Put it in already." You whine at Bill who is currently fumbling his cock against your leaking cunt. "S-Shut the hell up stupid bitch, let me take my god damn t-time."

You roll your eyes, leaning on your hand as you wait for him to push his cock into you. Sure it's barely over 5 inches but by god do you want it deep inside you right this second. And to think this guy had been following you home from the bus stop not even an hour ago. Christ, what was wrong with you? "You sure y'don't want me to help, dumbass?" You groan, not waiting for an answer and grabbing his cock. Surprisingly he actually has a condom on, even though he genuinely forgot they existed for a split second. ("Oh man I forgot about those.." He just wanted a creampie like in a real porn, man!)

"He-Hey! Careful with that you're gonna rip it off you dumb cuu--nnttt.." His swear was cut short as you guided his swollen glans into your heat. "There we go, loser. Now move your hips, you do know how to do that, right? Or do I have to help you with that too?"

"Shut the hell up.." Bill tsk'ed, and slid the rest of his throbbing dick into your hot pussy. "F-Fuhhh.." He bit his lip so hard he was sure he was going to break skin any second.

"That's good huh?" You giggled, pressing your plump ass flush against his hips. His hairy tummy tickled against your butt slightly once your skin met.

"Oh my f-ff..." Bill's eyes rolled back, pressing himself as close to you as possible and promptly cumming hard into the condom you'd managed to find at the last second. His mind went blank as he pumped a thick load into your warm heat.

"You've got to be kidding me.." You snorted, clearly annoyed. That was your last condom for fuck's sake!

#bill dickey #bill dickey x you #bill dickey x reader #bill dickey smut #smut #eltingville smut #welcome to the eltingville club #headcanons #bill dickey headcanons

451 notes · View notes

kituono · 8 months ago

Text

· ୨୧ · · Yandere Hacker hc

W/c : 301

A/N ┊I kinda went crazy bout this, becareful out their folks. This piece of work is used for entertainment purposes and no ones ip is actually being stolen! Also this is not proofread (゜ﾛ゜;ﾉ）ﾉ enjoy dis hc heheueheueu

PAIRING ┊Yan!Hacker x Reader

TW ┊mention of phishing links, cyber hacking, blackmail,

Yandere!Hacker was a recluse individual; he stayed inside his home all day, looking at his screen and watching some random videos, sometimes he'd play video games but he just exploits it to get what he wants. That was when he came across one of your posts and immediately followed you, your personality online was cute to him. Curiosity got the best of him, and he wanted to see what you looked like.

Yan!Hacker set up a phishing link for you in hopes that you'd fall for it, he pretended to be one of your beloved fans and commented on one of your posts, and sent you a link to a website.

“Aww! I love your blog, sm! Your post reminds me of this one cat pic I saw. Https://insert-cat-linkheredon'tclickit. com "

He was baffled on how you just easily fell for it. When you clicked on that link, it exposed your sensitive information to him; Once he takes you for himself, he should really tell you about all the mediocre scams; maybe he'd teach his future kids about it, too.

Yan!Hacker would go so far as to check up on your security footage, he watched as you were bathing and eating. In his eyes, nothing was wrong with what he was doing; he was just checking up on his future partner, he'd secretly just take pictures or video record you doing your normal routines. He kept them in a secret folder for him to just pleasure himself with.

Yan!Hacker uses scummy websites he made to get people so he could get information from them and exploiting peoppe for money in exchange he doesn't share their sensitive info. It was an awful practice, but he did make money off of it. A significantly large amount of money...

Using all the information he had from you, he decided to finally strike. He sent you countless dm's about how he has your information. It was blatant blackmail; if you didn't comply with him, he'd leak your info, and your life would be ruined forever. Any group chats, Dm's, and past deleted photos will be exposed if you didn't love him and him alone.

@kitsuvio

#yandere x y/n #yandere fanfiction #yandere fanfic #yandere headcanons #yandere headcanon #yan x you #yandere #yandere drabble #yandere x reader #yan x reader #yandere hacker #yan #yandere x darling #tw yandere #fic #x reader

105 notes · View notes

thezombieprostitute · 1 year ago

Text

Tech Tuesday - Introductions

A/N: Entirely written on my phone. Apologies for errors!

A/N2: This chapter is mainly an introduction to the setting and the majority of the characters. It'll be different readers for each character (give or take).

Ok, first day, very important to not make an idiot of yourself. That's been your internal mantra for the entire commute. You've been really hoping it'll help you out today.

You've gotten a ticket to take to IT for your new work laptop but you got lost trying to find your way there. You look around at the signs, trying to figure it out when someone gently coughs to get your attention. Turning you see a tall, lean man with short blondish brown hair and light blue eyes.

"Do you need some help?" His accent and soft tone help soothe your nerves.

"Um..." you hesitate. "I'm, I'm trying to find the IT department?"

His eyes widen as he smiles, "you must be the new hire." You nod and he holds out his hand, "I'm Jonathan, manager of the IT department. I'll show you the way."

He talks as he guides you to the one section of the building you hadn't been to yet.

"Here is our own little corner of the world," Jonathan gestures around the open area. "For a new employee you're going to want to talk to Jake." He points to a young man with spiky hair, glasses and a goatee who's talking on the phone.

"Ain't gonna happen for a while." A large bear of a man with a beard and a bald top, wearing a Lynyrd Skinner shirt steps towards you. "He's helping that little old lady on the third floor that never remembers her password."

"Ah, yes," Jonathan winces. "She is quite the talker." He looks to you and introduces the second man as Syverson. "We both run the department but Sy is better at managing the employees while I'm better at convincing the higher ups to give us a better budget."

"One of th' smoothest talkers I've ever worked with," Sy grins. "As far as your laptop, you wait right here an' I'll go get from Walter. He's our main hardware guy. Then we'll get...hmmm." He looks around as he ponders.

"Johnny is currently mid battle with that hacker he keeps toying with," Jonathan muses. "How is Ransom's mood today?"

Sy snorts, "same as always. Definitely don't wanna scare the lady away." He snaps his fingers, "Rogers!"

A head pops out of a cubicle, "you call?"

"Got a new employee," Sy explains. "Gonna need you to help her get her laptop setup." Sy turns and heads to where you're guessing Walter is with the hardware you'll need.

You turn back to where Steve was situated and almost jump at seeing him so close. He's huge but you didn't hear him at all! The big and tall blonde man's eyes are shining with enthusiasm.

He holds out his hand and you introduce yourself. "It's nice to meet you. Not a lot of new people around here lately. I work with the designs for our internal programs. Me and Bucky," he gestures back to his cubicle, "work together on the UX and accessibility stuff for the external website."

"That's impressive," you nod, practically hypnotized by his eyes. And his muscles, if you're being honest with yourself.

Sy returns and hands Steve the laptop. "Follow me," Steve smiles as he turns. You try your best to fight the urge to ogle his ass. It's your first day and you don't want to already make a fool of yourself! No matter how handsome these guys are.

Steve takes you through the setup. He's incredibly patient and kind. Plus his voice could keep your attention forever. He's going through some of the standard company security stuff when there's a knock. You both turn and you see a burly man with a beanie and a beard so full you almost miss the lip piercing.

"Hey, Curtis. What's up?"

"Bucky's out getting another coffee," Curtis starts. "Need you to tell him I've got the code worked out for the next update and need him to check the legacy compatibility."

"Sure thing," Steve nods and Curtis heads back to whenever he'd been.

"Don't you have an internal communications thing for this?" You're surprised that someone has to intervene in the communication.

Steve chuckles as he pulls out his phone. "Bucky never responds to work stuff while he's out, even just to a cafe. But there's a time crunch on this and I'm the only person he'll actually check his phone for."

"Oh," is all you can say.

Steve finishes his text and gets back to your training. When you're done you thank him for everything and he blushes a little.

"If you want I can help you with the physical setup at your desk?" He almost looks like he's pleading for you to say yes.

"It won't be a problem? I don't want to get you in trouble."

"Not at all," he assures. "Besides, I don't want to be here for the upcoming Bucky and Curtis debate."

You giggle nervously, "ok. And thank you!"

Tagging @alicedopey; @delicatebarness; @ellethespaceunicorn; @icefrozendeadlyqueen; @late-to-the-party-81; @lokislady82 ; @ronearoundblindly

Also tagging @jaqui-has-a-conspiracy-theory to test if this post is working!

Please let me know if you'd like to be tagged.

#tech tuesday #Jonathan Pine #Captain Syverson #Syverson #Walter Marshall #Jake Jensen #Ransom Drysdale #Steve Rogers #Bucky Barnes #Curtis Everett

106 notes · View notes

gyupinkys · 2 years ago

Text

FOUND YOU

Yandere Jihoon x fem reader.

WC: 3.8K

Jihoon was never one for relationships. His stoic behavior tends to bore the ladies, but he's had is fair share of flings. However, when some low life hacker tries to access his files; he cant help but look into you more, and some more, and a little more until he becomes obsessed. Jihoon makes it his mission to find you.

WARNINGS: YANDERE, stalking, DUB CON, phone sex, spying, unconsented filming, use of sex toys, fingering, mention of kidnapping, sugar daddy Jihoon, bratty reader.

A/N: i love this fic and I love you woozi.

One semester left… just one. Why on earth would they raise your tuition by $5,000? Are they forgetting both of your parents are dead and you have no job? The financial aid office is no help and you're already about $10,000 in debt. How nice. You look at your computer, contemplating. There's always that option… no it’s not safe. But damn you need money, you need your degree, you need to get out of this fucking city and start over. You look down at your cat Bruno sitting at your feet.

“Should I?”

He just gives you a judgemental look and walks away. This fucking cat…

You have no other choice. You pull out your spare laptop, not risking your pc getting any viruses. A few months ago you drunkenly stumbled upon a website on the dark web that gives you access to IP addresses of major company computers. You very easily figured out how to access their files, you can see everything; their expenses, investments, and payments. It would be so easy to transfer money to an offshore account and cover your traces. Scrolling through the list of companies you try to find one you’ve never heard of. More popular companies tend to have more security.

“Universe factory?”

Hmmm. Doesn't ring a bell. It’s located about fifteen miles from your apartment so you aren't worried about them finding you. Weirdly, you can't find any bank accounts linked to this company. Scouring through some files, this seems to be a music company of sorts? You find samples of songs, lyrics, beats, and oh shit.. Drug shipments? Why is this in the music files? You try to dive deeper only for your connection to completely cut off and your computer blue screens. Fucking hell. The computer won’t turn back on and you won't have a chance to cover your tracks. So much for being computer savvy…

“Fuckkkkk” youre actually fucked. These people are clearly good if they are able to shut off your computer so they may have already found your address by now. You're hoping your vpn and security walls help you. You get up and start to pace. Why on earth did you think this was a good idea? Of course you somehow chose the shadiest fucking company on earth. There's nothing to do now but stress and wait for your likely impending death.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

“The fuck?”

Jihoon’s studio is his safe space. He’s lucky Cheol lets him pursue his passions on the side, this mafia thing tends to take up a lot of his time so being able to unwind in his own space is a treasure. But when he returns to his computer he senses something is wrong. Someone’s gone through his files. Now, Jihoon wouldn't be too worried if all that was on this computer was his music, but recently he’s been using the Universe factory as a coverup to store documents from past business deals. Now this couldnt have been the work of some amaetur, in order to get past all his security takes some real skill, and to be able to do it without a trace? Hm…

Jihoon looks through his files, trying to catalog all the incriminating evidence.

“Tiger’s super wicked diss track?” he speaks in disbelief. When the fuck did Soonyoung get in his studio? And record a fucking distrack?

Jihoon runs a program to see the location of the last user to access his encrypted files. Nothing? Hmm… This is too random to be a coincidence, this person must've found his IP address and started from there. He decides to be bold and search his IP addresses on his self made database, it wouldn't hurt.

“ “FoundYou.com”? What the fuck?”

Well he hit the jackpot. He was able to look at who accessed this website in the past 24 hours and who interacted with the universe factory link. He traced the computer to a rural part of antarctica… ok that's definitely not the real location. He digs a little deeper finding layers and layers of security. He’s starting to think this may not be some silly hacker and could be a rival mafia pulling at strings. After an hour he’s confident he’s found the real address and hacker. About fifteen miles from him lives a Y/N L/N, full time student, studying in computer science, $10,437.76 in debt and an orphan… hm. He looks up your instagram and woah. He wasn’t expecting you to look like that. He sees your friends, finds their instagrams, just to see more pictures of you cover his bases. Your college friends speak highly of you, your highschool friends love you, oh wow even your elementary school friends still hang out with you. He digs a little deeper, just to know who he’s dealing with. You adopted a cat a year ago, a cat who visits the vet very often. Gestational blockages, broken arm, not eating, bladder infection… This cat seems like a handful.

“Bruno? Like Bruno Mars or Bruno from Encanto?” he whispers to himself.

You visited the hospital last year from a broken pinky, your dermatologist keeps increasing the strength of your acne medication, you take very strong pills for your cramps. Car accident when you were 7, therapy for 10 years and dead parents?… Figures.

Your credit card statement says a lot about you. $7 matcha lattes three times a week despite being in debt. $15 chipotle bowls and 12am Mcdonalds. You really like shopping at Adam and eve… freaky. You bought $100 worth of things from amazon yesterday. You sure do buy a lot of cat toys on amazon, this cat is spoiled. Hair dye, batteries, water bottles, 12 pound bag of skittles?

“Woozi, what are you doing?” Soonyoung whispers in his ear.

Jihoon jumps, “When did you even get in here?”

“You get too immersed in your work, but why are you on amazon?”

“None of your business get out! AND WHEN DID YOU RECORD A DISS TRACK IN HERE.”

Hoshi’s eyes widen and he quickly makes his exit leaving Jihoon alone again. He knows he’s being a creep but he doesn't have it in him to care. You’re just so interesting.

~~~~~~~~~~~~~~~~~~~~

“Bruno there's no one at the door stop growling.”

You open the door to show him no one is outside, but low and behold sitting outside your apartment is a large bouquet of hydrangeas… your favorite flower.

“The fuck?”

You further inspect the flowers, seeing a note in the center.

“My precious little hacker, I’ll be seeing you soon. P.S check your bank account - Woozi’s Universe factory.”

You drop the flowers. Oh my god.You figured something like this would happen but now that it's happening you're freaked out. God, you should have minded your business. Now the little money you had is probably gone as some sort of twisted revenge. As you login to your bank app you're sure you've lost your mind and you're seeing things. $20,000 was wired to your savings account.

“What the fuck.”

You know better than to touch this money. It’s too good to be true. But, this would pay off your debt and get you a better apartment… fuck. You check your email to see what time the money was wired only to see an email from your school saying there were changes made to your account. Can this day get any worse? But it somehow gets better, not only is your tuition paid but all your debt is cleared… you must've suffered a head injury and you're making all of this up while in a coma.

“Bruno, I might be killed in the next 7 days… Then you’ll have to fend for yourself.”

~~~~~~~~~~~~~~~~~~~~~~

“Bruno, I might be killed in the next 7 days.. Then you’ll have to fend for yourself.” your sweet voice rings out.

Jihoon had to see your reaction to his gift. He’s glad you didn't notice the green dot on your mac as he watched you through the webcam. He loves the way you talk to Bruno like he’s a human.

It took a lot of digging to figure out your favorite flower, it was one of your security questions for your bank app. He hopes you appreciate his generosity, it’s not everyday that he goes out of his way to spoil someone. He sees you looking absolutely bewildered and he can’t help but smile. But this smile quickly drops when you turn to your computer and your eyes widen, presumably seeing your camera is on.

“YOU FUCKING CREEP!” you scream as you power off your computer, leaving him staring at a blank screen.

He just smiles in response. He’s gonna have so much fun with you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The gifts don't end. Everyday at 4pm you arrive home and on your doorstep is something new, perfume, jewelry, bags, clothes, cat toys. This person must be rich. Though today the bell never rings. You even stand in your hallway looking for the delivery but it never comes.

“Well isn't that weird?” you say to yourself as you unlock your door.

“Bruno?” Usually he comes running up to you when you unlock your door.

You see Bruno inspecting a bright red gift box sitting on your kitchen counter. You stop dead in your tracks. How the fuck did they get in your apartment?

“Bruno! Move away from that.” you say and scoop him up.

Oh god. This is getting insane. Leaving the gifts on your doorstep is one thing but coming inside?

You stare at the gift for an hour. You're too afraid to open it. That is until it starts to vibrate. Is this a fucking bomb? You jump and open the box, seeing a brand new phone… Um Ok? The phone is receiving a call from an unknown number and obviously you don't answer it, setting the phone back down only for the same number to call again. You hesitantly answer.

“Hello?”

“Hi, my love.”

“Who is this?”

“Don’t worry about it, yet.”

“Ok, I’m gonna hang up.”

“Y/N, I wouldn't do that f I was you.”

“Stop being a fucking creep and sending shit to my door step.”

He just laughs.

“I left one more gift for you, why don’t you go look.”

You sigh and walk to your door, looking out the peephole first and opening it, picking up the large box.

“Are there killer wasps in here?” you sarcastically say.

“No, there are no wasps,” he laughs.

You open the box and pause, turning your head to your computer to see your camera is on.

“Are you watching me?”

“I’m always watching you, love.”

“God, youre a fucking creep, I should call the cops.”

“And tell them what? You tried to hack me and steal money from me? That you're a dirty little hacker and a thief?”

You’re starting to get upset, this is fucking insane.

“Open the box, love.”

You look at the computer and flip him off before opening the box. You gasp. This fucker sent you sex toys?

“ALL YOU DO IS SHOW ME HOW MUCH OF A FUCKING PERVERT YOU ARE!” you yell into the phone.

“Is it so bad I want my baby to feel good?”

“I’m not your baby! I don’t even fucking know you.”

“I know you don’t know me but I know you. I know everything about you. Your favorite color is blue, your favorite food is Japanese curry, though you eat kimchi fried rice the most. You adopted Bruno because you needed something to keep you company since you don't really date. Your best friend moved away eight months ago and you two don't really talk anymore. Should I continue?”

“What the fuck.” you say with wide eyes.

“Baby, don’t get scared. I’m just so in love with you I need to know everything.”

“Um.” What do you even say to this?

“And don’t pretend this isn’t your darkest fantasy. I’ve seen your tumblr search history.”

Your eyes somehow widen. He got you there. Just the idea of having a clearly rich man obsessed with you would be enough to make you wet if he wasn't a pervert.

“I want you to take out the shibari.”

You pull out a pretty blue vibrator. It’s even your favorite shade of blue.

“Ok?”

“I want you to use it for me.”

“Absolutely not.”

“Baby, I wouldn’t want to do things to make you upset, but I need you to listen to me. I’m not above blackmailing you and I’m sure you wouldn't want me to come snatch you up.”

Your jaw drops.

“Youre fucking crazy!”

“Baby, you just make me feel so many things for you.”

You groan, cursing yourself for ever being greedy and trying to steal.

“What do you want me to do?” you sigh out.

“Take off your pants and sit on your desk chair.”

“Do I have to?” you pout looking straight into the camera.

“Yes, baby. I want to see you.”

Why is this making you wet? God, you fucking hate that this is exactly the smut you would always search for. You groan at the situation, yourself, at this mystery pervert.

You shimmy out of your pants and sit in your desk chair. You put the phone on speaker and set it down.

“Now what?”

“Turn it on and rub it over your nipples.”

“And if I don’t?”

“I’m sure the guys waiting outside your apartment would love to do it for you.”

Your heart drops to your ass and you turn it on, quickly putting it on your nipple.

Jeez, this thing is powerful. You let out a breathy moan disguised as a sigh.

“Run it down your body.”

You slowly drag the vibrator down your body, your breathing becoming heavy.

“Put your legs up on the chair and put it on your clit over your panties, I wanna see you soak through them.”

You put the head of the vibrator on your clit a little too hard making you jump.

“Slow your roll baby.” he laughs, making you roll your eyes.

This vibrator is on a different level from the shitty ones you have. It feels like you're being stimulated throughout your whole body, everything is vibrating and you feel yourself leaking.

“I can see you getting wetter baby, fuck. I bet that pussy tastes so good.”

You moan, pressing the vibrator harder against you, feeling your toes curl.

“Does it feel good, baby?”

You close your eyes and nod, swallowing the shame. “It feels really good.”

“Move your panties to the side, let me see.”

You pull your soaked panties over and press the vibrator to your swollen clit. He lets out a deep groan. Jihoon can't believe his eyes, it’s like a dream come true. Your pretty pussy dripping wet just for him, you whining and moaning like all you can think about is cumming. He pulls out his hard cock, beginning to stroke himself, imagining he was fucking you. He would give it to you however you wanted, let you come as many times as you desired. No matter how bad you treated him, he would be on his knees begging to make you cum. The hold you have over him is unfathomable. You’re truly like an angel sent to heaven just for him and he'll be damned if he doesn’t get his hands on you. He doesn't even have it in him to feel bad about watching you, listening to you, exploring you. In his mind you’ve been his from the moment he first saw you. His to worship, spoil, love until the end of time. You’ve become his muse, his lyrics flow out with only you in mind, he makes songs with the purpose of you hearing them. You’ve taken him over completely and he is so irrevocably in love with you. You don’t even need to love him back, he already has enough love for the both of you, and it's not like he wouldn’t be able to force you. A little isolation does wonders on the brain.

“I need more,” you whine out.

“Tell me what you want.”

You just whine more in response, too embarrassed to speak. “You want to use your fingers?”

You nod furiously, opening your eyes to plead with him.

“Ok baby, slide two in for me. I want you to make yourself feel good.”

You listen and slide your fingers in, pumping them straight into your g-spot. You feel yourself on the verge of an orgasm, your moans becoming louder and more frequent.

“Turn it off”

Your eyes fly open. “What.”

“You heard me baby, turn it off.”

“No, no please I’m so close.”

“Y/N.”

You turn it off and throw it to the side, so insanely frustrated.

“What is your deal!”

“You’re not cumming unless it's around my cock, baby.”

This man never fails to surprise you. “And what makes you think I’ll fuck you?”

“Trust me when I say that won’t be an issue.”

“What makes you so sure I just won’t finish myself off when I hang up?”

“I’m always watching, baby. It’s crazy how small they make cameras nowadays.”

“Fuck you Woozi’s Universe Factory.” you say not even able to take yourself seriously.

He just laughs. “I’ll be seeing you soon my love.”

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

“Is he named after Bruno Mars or Bruno from Encanto?” a deep voice rings out from your couch as you enter your apartment making you scream.

You turn to run out your apartment only to see two giants standing in your hallway blocking your exit. You groan and turn back around seeing Bruno sitting in the man's lap. Woah. Is this your stalker? Because if so, you have zero complaints. You’ve never been one to like guys with long hair, but his curls are just so hot and his lips.. How are they so plump? He’s wearing a tight black turtleneck and slacks with a gold chain. He looks so fucking hot, suddenly your not as pissed that he forced you masturbate for him.

“Who are you?”

“You know exactly who I am, my love.”

“I don't know your name. Do you want me to call you Woozi’s Universe factory?”

He breathes out a laugh. “My name is Jihoon, love.”

“I’m sure you already know my name and give me my fucking cat.” you go to grab Bruno who hisses at you. You gasp.

“You little traitor.” you growl. “The real Bruno Mars would never treat me like this.” you say threateningly to the cat.

“Ahh, Bruno Mars. I love that guy.” Jihoon says as he lifts the cat to look him in his eyes. “You want to stay with me don’t you?” to which the cat purrs.

You’re more shocked at your cat's betrayal than Jihoon breaking into your apartment.

“Y/N, sit with me”

“No.”

He raises a brow at you.

“Fine, but not because you asked.” you pout and sit next to him.

“Are you not scared?”

“Honestly, you're too cute for me to be scared of you. Like look at these cheeks.” you say and squeeze his cheeks making him grab your hand and pull it away from your face.

“You don’t know who you're messing with, my love.”

“I mean if you were going to kill me you would've done it already. And I know you're not going to anyway because why would you waste all this money on someone you were going to kill?”

He smiles. “So smart, baby.”

Why is he calling you baby and love? This is actually kind of spooking you.

“What do you want Jihoon?”

“I want you to come live with me.”

Your eyes widen. The fuck? Your feelings must be visible on your face because he continues.

“So, you just want me to get up and leave with you?”

“Yes.”

“Why would I come with you? You've done nothing but stalk and harrass me!”

“I’ve have not been stalking you, love. Everything I’ve done is a result of your actions. You decided to try to hack me which gave me access to everything.”

“You're just trying to manipulate me!” you say and stand up.

He looked deeply offended by this. “Manipulate you? Tell me one thing in what I said that's not true.”

He has a point. You're just grasping at straw to be honest. “What If I don’t want to go with you.” you pout and stomp your foot looking like a child.

“Then I’ll take you by force.” he says with a straight face.

Oh. You weigh your options. Would you rather live in this hell hole remaining broke and sad or go with him and drain his pockets? You don’t even know where he’s taking you, he could be bringing you to a cabin in the woods to lock you up and kill you. But it’s not like you have an option and you would much rather do this the easy way.

“Ok fine. But not because you told me to” God, you sound like such a brat.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Six months later

“Jihoonnnnnnn.”

“Yes baby?”

“Can you buy me this?”

He groans. “Baby, what else could you possibly buy? You have it all.”

You show him your phone.

“Baby, you have this bag in three colors.” he deadpans.

“OK? This is my favorite color though.” You say like it's the most obvious thing on the planet.

Despite his grumbling he gets up and takes out his wallet, handing you his black card. Jihoon can never say no to you. Anything you ask for is yours, no matter what. Your life has completely changed since meeting him. You wouldn't say he’s your sugar daddy because you're equally as in love with him as he is with you, but, lord does he spoil you. You moved into his high rise apartment and completely renovated it to your taste without a single complaint from him. He bought you a new wardrobe, new cars, bags, jewels, anything you could ever dream of. And the sex.. It’s just incredible. And Bruno is as spoiled as ever. He’s Jihoon’s baby despite Jihoon pretending to dislike him. You know what Jihoon does for a living, that's none of your business though. All that you care about is keeping him and yourself happy. You’ve grown more than accustomed to this lifestyle, not knowing how you functioned before meeting him.

“Thank you Woozipoo”

“Stop calling me that” he groans.

“If you want me to stop you’ll get out this fucking studio and come to bed.”

He rolls his head to you. “Why would I do that?”

“So I can thank you for being so good to me.” you say into his neck making him groan.

“God, baby don’t say things like that.”

“I can’t tell my man how much I want to fuck him?”

“Get your ass in the bedroom.”

#seventeen smut #svt smut #woozi smut #jihoon smut #woozi x reader

432 notes · View notes

us-the-voices-and-more-voices-2 · 1 year ago

Text

dear Americans. if KOSA passes

(I SEVERELY DOUBT IT, it would be singlehandedly the worst bill in the history of ever! THE AMOUNT OF IDENTITY FRAUD MY GOD. all the non-americas will make fake American websites and make you put your info in it and then they steal your fucking identity!!!!)

remember to get a vpn, make non-american social media accounts with a non-american email (super easy!)

keep the vpn on when your using the internet, and you should still be able to access most of the internet.

there will be places where you can talk free of censorship still, plus I don't think they'll be killing the internet archive anytime soon so get ready to make YouTube, and other social media videos available on there for everyone who can't access them via YouTube and other social media's

you can also head on over to TOR because how in gods earth are they gonna enforce anything on there. they try. but also it's incredibly sketchy and you need some cybersecurity know how or you will get hacked.

your best bet's guys are to just use non-american social media's also I'm pretty sure they can't limit your access to non-american websites bc that's impossible so while for Americans YouTube, google, and other social media's might become restricted for you.

the wonderful world of International websites and social media's probably won't because again. fucking impossible to do.

100% I don't think KOSA will pass because again NATIONAL SECURITY RISK OF THE HIGHEST DEGREE

like the death of America will be their ineptitude of how hackers and the internet works.

(fun fact there's a hacking attempt every second! something these fuckers don't know about! the hackers are literally going to go into all this like a kid in a candy store.)

also rip to anyone trying to run away from abusive relationships, gangs or more!

like genuinely the worst fucking idea in the history of idea's it's not even a bad internet bill. IT'S A FUCKING GOD AWFUL ONE

like, WHO IN GODS EARTH ALLOWED THIS TO GET SO FAR?

I am going insane on behalf of all the Americans

#-pop #activism stuff #anticapitalism stuff #anarchism stuff #queer stuff #trans stuff #mental health stuff #disability #stop kosa #bad internet bills #kids online safety bill #fuck kosa #anti kosa #kosa bill #brooo Kamala supports this atrocity of a bill #why are we letting old people with zero background in cybersecurity decide this shit #worst fucking idea in the history of ever

57 notes · View notes

elventhespian · 5 months ago

Text

So with the pandora's box of AI being released into the world, cybersecurity has become kind of insane for the average user in a way that's difficult to describe for those who aren't following along. Coding in unfamiliar languages is easier to do now, for better and worse. Purchasable hacking "kits" are a thing on the dark web that basically streamline the process of deploying ransomware. And generative AI is making it much easier for more and more people to obscure their intentions and identities, regardless of their tech proficiency.

The impacts of this have been Really Bad in the last year or two in particular. For example:

(I'm about to link to sources, and you better be hovering and checking those links before clicking on them as a habit)

Ransomware attacks have become increasingly lucrative for private and state-sponsored hacking groups, with at least one hack recently reported to have resulted in a $75 MILLION payout from the victim. This in combination with the aforementioned factors has made it a bigger and bigger risk for companies and organizations holding your most sensitive data.

In the US, the Salt Typhoon hack over the past year or so has compromised virtually all major phone networks--meaning text and phone calls are no longer secure means of communication. While this won't affect most people in day-to-day, it does make basically all the information you share over traditional phone comms very vulnerable. You should avoid sharing sensitive information over the phone when you can.

CISA updated their security recommendations late last year in response to this compromise. One of the recommendations is to use a separate comms app with end-to-end encryption. I personally prefer Signal, since it's open source and not owned by Meta, but the challenge can be getting people you know on the same service. So... have fun with that.

2FA is no longer as secure as it was--because SMS itself is no longer secure, yeah, but even app-based 2FA has been rendered useless in certain circumstances. One reason for this is because...

A modern version of the early-2000's trick of gaining access to people's accounts via hijacked cookies has come back around for Chromium browsers, and hackers are gaining access to people's Google accounts via OAuth session hijacking. Meaning they can get into your already-logged-in accounts without passwords or 2FA even being needed to begin with. This has been achieved both through hackers compromising chrome browser extensions, and via a reinvigorated push to send out compromising links via email.

Thanks to AI, discerning compromised email is harder now. Cybercriminals are getting better at replicating legitimate email forms and website login screens etc., and coming up with ways to time the emails around times when you might legitimately expect them. (Some go so far as to hack into a person's phone to watch for when a text confirmation might indicate a recent purchase has been made via texted shipping alerts, for example)

If you go to a website that asks you to double-click a link or button--that is a major red flag. A potential method of clickjacking sessions is done via a script that has to be run with the end user's approval. Basically, to get around people who know enough to not authenticate scripts they don't recognize, hackers are concealing the related pop ups behind a "double-click" prompt instruction that places the "consent" prompt's button under the user's mouse in disguised UI, so that on the second click, the user will unwittingly elevate the script without realizing they are doing it.

Attachments are also a fresh concern, as hackers have figured out how to intentionally corrupt key areas of a file in a way that bypasses built-in virus check--for the email service's virus checker as well as many major anti-virus installed on endpoint systems

Hackers are also increasingly infiltrating trusted channels, like creating fake IT accounts in companies' Office 365 environment, allowing them to Teams employees instead of simply email them. Meaning when IT sends you a new PM in tools like Zoom, Slack, or Teams, you need to double-check what email address they are using before assuming it's the real IT person in question.

Spearphishing's growing sophistication has accelerated the theft of large, sensitive databases like the United/Change Healthcare hacks, the NHS hack & the recent Powerschool hack. Cybercriminals are not only gaining access to emails and accounts, but also using generative AI tools to clone the voices (written and spoken) of key individuals close to them, in order to more thoroughly fool targets into giving away sensitive data that compromises access to bigger accounts and databases.

This is mostly being used to target big-ticket targets, like company CSO's and other executives or security/IT personnel. But it also showcases the way scammers are likely to start trying to manipulate the average person more thoroughly as well. The amount of sensitive information--like the health databases being stolen and sold on the darkweb--means people's most personal details are up for sale and exploitation. So we're not too far off from grandparents being fooled by weaponized AI trained off a grandchild's scraped tiktok videos or other public-facing social media, for example. And who is vulnerable to believing these scams will expand, as scammers can potentially answer sensitive questions figured out from stolen databases, to be even more convincing.

And finally, Big Tech's interest in replacing their employees with AI to net higher profits has resulted in cybersecurity teams who are overworked, even more understaffed they already were before, and increasingly lacking the long-term industry experience useful to leading effective teams and finding good solutions. We're effectively in an arms race that is burning IT pros out faster and harder than before, resulting in the circumvention of crucial QA steps, and mistakes like the faulty release that created the Crowdstrike outage earlier last year.

Most of this won't impact the average person all at once or to the same degree big name targets with potential for big ransoms. But they are little things that have combined into major risks for people in ways that aren't entirely in our control. Password security has become virtually obsolete at this point. And 2FA's effectiveness is tenuous at best, assuming you can maintain vigilance.

The new and currently best advice to keeping your individual accounts secure is to switch to using Passkeys and FIDO keys like Yubikeys. However, the effectiveness of passkeys are held back somewhat as users are slow to adopt them, and therefore websites and services are required to continue to support passwords on people's accounts anyway--keeping password vulnerabilities there as a back door.

TLDR; it's pretty ugly out there right now, and I think it's going to get worse before it gets better. Because even with more sophisticated EDR and anti-virus tools, social engineering itself is getting more complex, which renders certain defensive technologies as somewhat obsolete.

Try to use a passkey when you can, as well as a password locker to create strong passwords you don't have to memorize and non-SMS 2FA as much as possible. FIDO keys are ideal if you can get one you won't lose.

Change your passwords for your most sensitive accounts often.

Don't give websites more personal info about yourself than is absolutely necessary.

Don't double-click links or buttons on websites/captchas.

Be careful what you click and download on piracy sources.

Try to treat your emails and PMs with a healthy dose of skepticism--double-check who is sending them etc for stealthily disguised typos or clever names. It's not going to be as obvious as it used to be that someone is phishing you.

It doesn't hurt to come up with an offline pass phrase to verify people you know IRL. Really.

And basically brace for more big hacks to happen that you cannot control to begin with. The employees at your insurance companies, your hospital, your telecomms company etc. are all likely targets for a breach.

#idk why I decided to write this but here you go #Watch this advice change drastically 6 months

36 notes · View notes

gwydionmisha · 3 months ago

Text

Do you trust them not to steal the data, given how at least one of the hackers he hired has a history of working with cyber criminals and another was fired from a company because he leaked information?

Do you think people claiming to be so incompetent at their job that they lied and are still lying that COBOL error messages are somehow proof of massive fraud on a large scale to update a program written in COBOL?

Do you trust them not to completely fuck up the new website either through incompetence or on purpose as a way to steal people's benefits, maybe declare people dead or delete them for "fraud" if they don't like their last names or where they live?

Do you think using AI in code that is vital to the survival of so many Americans is a good Idea?

From the article:

"The DOGE team has already been reportedly running highly sensitive government data through AI, as the Washington Post reported last month, so why not use it to cheat-code your way to a more modern programming language? The reason, of course is the risk of cascading failures during any rush-job that might mean missed payments or beneficiary information getting wiped from the system entirely."

This is utterly terrifying, especially given the fact that they've already completely funked up Social Security phone service. How do I know? Just over a month ago, I called to do the quick phone tree to get a proof of income from them, something I have to do multiple times a year because various programs want them and they need to be very recent. The phone tree had been noticeably improved since last time I'd used it in the fall. When I called today 3/31/25, they had completely removed all the quick phone tree options.

They took a service that was completely automated in the last ten years, and thus super cheap and already in place, for people with a bunch of routine, common, queries and yanked all that out, requiring people to get in line for a live person. Last time I needed live agent service it took about five hours to get back to me.

They are lying that this is about efficiency and saving money. Leaving the automated system in place is dramatically cheaper than paying people to answer, especially at a time they are firing people.

This is meant to break the system and force the people who need their benefits the most out of the system.

Musk has given the goal of stealing Social Security benefits away from people who earned the benefit and actually need it:

"“In fact, what we’re doing will help their benefits,” Musk said. “Legitimate people, as a result of the work of DOGE, will receive more Social Security, not less. I want to emphasize that. As a result of the work of DOGE, legitimate recipients of Social Security will receive more money, not less money.”"

The only way that happens is to take it away from the majority of recipients. You know the people Lutnick claims are fraudsters if they complain at the theft of their rent and electricity bill money recently.

Have something you want to tell your Congress Critters?

If you can't safely contact them in person, here are some other options:

Five Calls to your critters: https://5calls.org/

Here is one that will send your reps a fax: https://resist.bot/

Scream loudest at republican Critters. Those are their voters Musk is trying to kill, but whatever critters you have, stay noisy. We have until 4/14 to stop them.

#Social Security #Elon Musk #Donald Trump #Elizabeth Warren #DOGE #Action Item #AI

15 notes · View notes

oct0whyllow · 2 months ago

Text

American Shithead

Debbie, Heidi, and Theresa all work on deciphering who hacked Heidi, and Debbie debates making a tough choice at the end.

Notes: This first portion of the chapter is completely trigger free. After the second portion, the chapter will portray sexual assault. It will NOT be fetishized in any way at all as I find any romanticization of SA disgusting and horrid, and it won't be rape, and will be described using mostly metaphorical language and flashbacks, as I think writing incredibly graphic rape scenes does more harm than good. This chapter though, won't be focusing on the topic in any way. Only around the second portion will that subject begin to show up more to build it up. I hope you enjoy the chapter.

Back in her office, (with permission from the school and the NHGTTWDPC) Debbie worked her butt off to find the guy who hacked Heidi and her family's accounts, she knew his account and possible description, but just that wasn't enough to take the guy to justice. The short girl grabbed another printed screenshot and put a pin to it on her bulletin board, she took out a red band to connect the pin to another, that pin connecting to another, and another, and another, and so on and so forth. In the same room, were Theresa and Heidi. Heidi, was on her phone, occassionally going from staring at a hyper-romanticized photo of a green gumdrop from a movie series that was originally good until the company decided to chase money blindly and make a shitty sequel.

The blogger sighed dreamily, "S-B they totes can't take me from u..." Debbie sighed, turning around to face her. Theresa was on zher phone scrolling through the members page of the summer school website, not paying too much attention as eye hyperfocused on her task. "𝘎𝘪𝘳𝘭𝘴. If we're going to be catching that damned shoob, we need to stay on task!" Heidi flinched at 'girls' for some reason.

"Oh, I've been doing that! I can tell you about how many people fit the guy's likely description or how suspiscious their posts are, there's thirteen of them." Fowler crossed her legs over the other as she looked towards her girlfriend, who glared daggers at Heidi who just seemed so heavily uninterested in this despite the very fact she wanted the hacker put into a maximum security prison. "Glad to see at least 𝘴𝘰𝘮𝘦𝘰𝘯𝘦 is doing her job. Could you stop looking at that stupid candy man for one milisecond?!"

Weinerman rolled her eyes, she 𝘸𝘢𝘴 seriously cheesed at that disgusting, putrid excuse of flesh and bone that hacker xem. But why couldn't these girls do all the work? Xe was good at drama, not extensive research. That was a journalist's job, not a blogger's. "Ugh- I already gave you the guy's account name, now I have to check your computer every few seconds?"

"𝘠𝘰𝘶 said you wanted him in a max security prison!"

"...𝘍𝘪𝘯𝘦. Gimme a teeny sec to check your puter... again- 𝘸𝘩𝘢𝘵 𝘵𝘩𝘦 𝘩𝘰𝘯𝘬𝘪𝘯' 𝘫𝘶𝘪𝘤𝘦?!" Xeir longer hair, with brown roots beginning to grow in, swung to the side as xe dashed right in front of the screen, reading the hacker's newest post. "Leeting' my acc n 2 dayz, ya'll net cops can piss ur pants while I strt frsh as a rando. Js gotta transfr sum shiz 2 my new accs?!"

Even Theresa, who was obviously chronically online to express herself freely in at least one space, couldn't understand what the hell Heidi was even reading. Debbie groaned, "Could you be more 𝘱𝘳𝘰𝘧𝘦𝘴𝘴𝘪𝘰𝘯𝘢𝘭? It's like you guys made a new language."

"It means he's 𝘪𝘯𝘴𝘶𝘭𝘵𝘪𝘯𝘨 us and that he's deleting his account in just 𝘵𝘸𝘰 𝘥𝘢𝘺𝘴!"

"What?!" Yelled both Theresa and Debbie.

Kang clutched onto the sleeves of her sage green button-up, she had no time to lose, had no luxury of taking a break, she had to find the guy in Norrisville High as soon as possible before it was too late. Rushing towards her computer, Debbie pushed Heidi aside, "Hey!", and went through all the descriptions she already had. Since the hacker was incredibly dumb and had no form of a brain in that weird little head of his, he failed to keep himself completely anonymous. He constantly complained about kids at Norrisville, mainly blonde guys for 'stealing all the girls from him', he was homophobic mainly because he didn't like the fact girls could 'steal girls from him'. He constantly glazed himself, talking about how cool he was, and comparing himself to Patrick Bateman (but with black hair), making it very clear he was very illiterate when it came to media as American Psycho made fun of people like him. He reposted stuff about 'White Pride', making it clear he himself was white.

He was also really horrible with fashion, liking posts with other men wearing the most disgusting outfits ever, sagging their pants all the way until they were below their asses and their boxers were showing, which was ironic as it originated with gay men in prison. The hacker constantly complained about the school's rules, how he was constantly 'targeted' by Norrisville High, even though the policies he hated most were the policies regarding harrassment, which were already very loose and allowed for people to say the shittiest things possible as long as it wasn't too obviously about someone. The hacker was also likely skinny, as he brags about the fact he has an eating disorder and isn't 'fat like those @&$%##$'. The guy was very, very, 𝘷𝘦𝘳𝘺 ignorant to boundaries (his posts made it easy to decipher that he kept trying to 'flirt' with women, but they always ran away from him. He had tons of friends he abandoned, he has new ones every month.), and posted nearly every single hour, which made his description easy to determine.

A black haired, homophobic, fatphobic, mentally ill white guy who sags his pants almost all the way down, wears 'offensive' shirts, constantly loves talking about himself and what he does, can't respect other people and hates not having whatever he wants handed to him on a silver platter, while also very confident in his social skills (even if they were horrible, to say the least.)

Debbie needed to find him before he starts a new account, removing all the traces they could possibly have to connect his crimes to him, including the people that payed him to do stuff for them.

To find him, she would need to interview people, but she was already too famous as a journalist. Heidi would be a good choice- if she wasn't so damn nosy, one wrong move from her and she'd be asking the kid about his abusive home life and DNA sequence. It would also be suspiscious if Heidi went around interviewing people, she rarely spoke to strangers just to befriend them or to pass the time. So, who could do the interviews?

It hit her. Theresa. She was the perfect girl to do it, she was so kind, it'd be unusual for her to be talking to someone for an ulterior purpose, alongside that, she would be cautious enough to do this!

But she was also her girlfriend, and her social anxiety was something not to be taken lightly, it was also wrong for her to just use her as a tool to find the hacker.

"Give me some time to think, for now, Heidi, you go interview some kids and 𝘥𝘰𝘯'𝘵 𝘨𝘦𝘵 𝘥𝘪𝘴𝘵𝘳𝘢𝘤𝘵𝘦𝘥 𝘣𝘺 𝘵𝘩𝘢𝘵 𝘴𝘵𝘶𝘱𝘪𝘥 𝘨𝘶𝘮𝘥𝘳𝘰𝘱, Theresa, continue what you're doing."

They did that for the rest of the day, until returning home. Debbie was still considering.

#oct0whyllow #rc9gn #rchnfic #randy cunningham 9th grade ninja #debbie kang #theresa fowler #heidi weinerman

8 notes · View notes

could-it-be-better · 11 months ago

Text

Online Voting needs to be a thing.

Believe it or not, voting accessibility is still an issue. Voting by mail is a great step but online voting is really something that should exist in the States.

I bet the first argument against this is, what about hackers? Well hold on a second let me go over some stuff.

First of all, think how much better the experience could be. Pull out an app or visit the website and see all the options and information about everything you're voting on, including description blurbs and what political figures support which ideas and having a synopsis of each proposition right in the same page. Make selections ahead of them and then review them before it's time to submit. There is so much opportunity to give voters all the information they need to actually make an informed decision rather than guessing as to what certain proposals actually are about (because typically the summaries an ballots are not enough and not everyone researches every proposal).

As for the security aspect, submitting the form can be restricted to having to be from an IP address within your registered home of residence. Internet providers have IP address that can be traced back to the geographical location. Furthermore, when logging into your voting portal, not only does it require the standard name and address to register, you would also need your voter ID which is on your ballot. If that's good enough for the mail in ballot tracking it should be good enough for the virtual on as well, and another form of identification.

Finally, voting in person should always override any submitted online ballots. A final measure of security that should help give people who prefer to vote in person peace of mind.

#politics #us politics #voting #thoughts #us elections #election 2024 #ideas

30 notes · View notes

j-esbian · 5 months ago

Text

can someone explain to me like i’m stupid how it’s more secure to link several different accounts under the same login?? it seems way less secure from what i understand about digital security

for example, let’s say you use your google account to log in everywhere. a hacker gaining access to one of these accounts now has the login information to access to all of them, whereas if you had unique accounts for different websites, a hack would at least be quarantined to that one specific site

i understand the appeal from the tech companies’ side; it’s google and facebook who let you unify your logins, and they’re well-known for collecting your data. they want to see what other sites you use and what you do on there to create a more comprehensive marketing profile that they can then profit off of. but i don’t get what the appeal is from a user standpoint, except for the convenience of not having to remember unique login info for each site (but browsers nowadays let you store that info locally anyway)

i remember seeing a lot of criticism about this single point of failure when the blockchain first started coming on the horizon, and i haven’t seen much from tech people to rectify or explain away that fear. a game i’ve played forever implemented a new login system (currently still opt-in, thank god) to centralize your accounts across different apps, and when i asked in the subreddit if it was worth it/if anyone had addressed the worries i had, people only told me “they’re modernizing it, tons of games do this now” or else just went “you’re an idiot” without explaining (ah, reddit) even though i’m pretty sure the same community had been vehemently opposed to it a few years ago when the same game tried to get into the nft grift.

so what’s the explanation? am i just more paranoid than average, or is there a missing piece here?

#idk how to tag this to get smart people to see it so im hoping someone who follows me knows or can pass it on lol #i also had a scare about this circa 2019 when my spotify got hacked so i stopped linking everything bc i had used my email to log into that #idk obviously i feel like im being logical but no one will explain why im wrong so what am i missing here #lmao people on that sub also got up in arms when i mentioned the blockchain comparison bc ‘the game’s been sold to a new company since then’#except the guy who owns it now used to work for meta so like. excuse me for still being a bit skeptical #a few people there just said ‘it’s more secure’ without explaining how which rly threw me. bc before that i really thought the main draw #was convenience #mine

9 notes · View notes

dertaglichedan · 7 months ago

Text

How to know if a USB cable is hiding malicious hacker hardware

Are your USB cables sending your data to hackers?

We expect USB-C cables to perform a specific task: transferring either data or files between devices. We give little more thought to the matter, but malicious USB-C cables can do much more than what we expect.

These cables hide malicious hardware that can intercept data, eavesdrop on phone calls and messages, or, in the worst cases, take complete control of your PC or cellphone. The first of these appeared in 2008, but back then they were very rare and expensive — which meant the average user was largely safeguarded.

Since then, their availability has increased 100-fold and now with both specialist spy retailers selling them as “spy cables” as well as unscrupulous sellers passing them off as legitimate products, it’s all too easy to buy one by accident and get hacked. So, how do you know if your USB-C cable is malicious?

Further reading: We tested 43 old USB-C to USB-A cables. 1 was great. 10 were dangerous

Identifying malicious USB-C cables

Identifying malicious USB-C cables is no easy task since they are designed to look just like regular cables. Scanning techniques have been largely thought of as the best way to sort the wheat from the chaff, which is what industrial scanning company, Lumafield of the Lumafield Neptune industrial scanner fame, recently set out to show.

The company employed both 2D and 3D scanning techniques on the O.MG USB-C cable — a well-known hacked cable built for covert field-use and research. It hides an embedded Wi-Fi server and a keylogger in its USB connector. PCWorld Executive Editor Gordon Ung covered it back in 2021, and it sounds scary as hell.

What Lumafield discovered is interesting to say the least. A 2D X-ray image could identify the cable’s antenna and microcontroller, but only the 3D CT scan could reveal another band of wires connected to a die stacked on top of the cable’s microcontroller. You can explore a 3D model of the scan yourself on Lumafield’s website.

It confirms the worst — that you can only unequivocally confirm that a USB-C cable harbors malicious hardware with a 3D CT scanner, which unless you’re a medical radiographer or 3D industrial scientist is going to be impossible for you to do. That being so, here are some tips to avoid and identify suspicious USB-C cables without high-tech gear:

Buy from a reputable seller: If you don’t know and trust the brand, simply don’t buy. Manufacturers like Anker, Apple, Belkin, and Ugreen have rigorous quality-control processes that prevent malicious hardware parts from making it into cables. Of course, the other reason is simply that you’ll get a better product — 3D scans have similarly revealed how less reputable brands can lack normal USB-C componentry, which can result in substandard performance. If you’re in the market for a new cable right now, see our top picks for USB-C cables.

Look for the warning signs: Look for brand names or logos that don’t look right. Strange markings, cords that are inconsistent lengths or widths, and USB-C connectors with heat emanating from them when not plugged in can all be giveaways that a USB-C cable is malicious.

Use the O.MG malicious cable detector: This detector by O.MG claims to detect all malicious USB cables.

Use data blockers: If you’re just charging and not transferring data, a blocker will ensure no data is extracted. Apart from detecting malicious USB-C cables, the O.MG malicious cable detector functions as such a data blocker.

Use a detection service: If you’re dealing with extremely sensitive data for a business or governmental organization, you might want to employ the services of a company like Lumafield to detect malicious cables with 100 percent accuracy. Any such service will come with a fee, but it could be a small price to pay for security and peace of mind.

11 notes · View notes

mariacallous · 11 months ago

Text

Microsoft raced to put generative AI at the heart of its systems. Ask a question about an upcoming meeting and the company’s Copilot AI system can pull answers from your emails, Teams chats, and files—a potential productivity boon. But these exact processes can also be abused by hackers.

Today at the Black Hat security conference in Las Vegas, researcher Michael Bargury is demonstrating five proof-of-concept ways that Copilot, which runs on its Microsoft 365 apps, such as Word, can be manipulated by malicious attackers, including using it to provide false references to files, exfiltrate some private data, and dodge Microsoft’s security protections.

One of the most alarming displays, arguably, is Bargury’s ability to turn the AI into an automatic spear-phishing machine. Dubbed LOLCopilot, the red-teaming code Bargury created can—crucially, once a hacker has access to someone’s work email—use Copilot to see who you email regularly, draft a message mimicking your writing style (including emoji use), and send a personalized blast that can include a malicious link or attached malware.

“I can do this with everyone you have ever spoken to, and I can send hundreds of emails on your behalf,” says Bargury, the cofounder and CTO of security company Zenity, who published his findings alongside videos showing how Copilot could be abused. “A hacker would spend days crafting the right email to get you to click on it, but they can generate hundreds of these emails in a few minutes.”

That demonstration, as with other attacks created by Bargury, broadly works by using the large language model (LLM) as designed: typing written questions to access data the AI can retrieve. However, it can produce malicious results by including additional data or instructions to perform certain actions. The research highlights some of the challenges of connecting AI systems to corporate data and what can happen when “untrusted” outside data is thrown into the mix—particularly when the AI answers with what could look like legitimate results.

Among the other attacks created by Bargury is a demonstration of how a hacker—who, again, must already have hijacked an email account—can gain access to sensitive information, such as people’s salaries, without triggering Microsoft’s protections for sensitive files. When asking for the data, Bargury’s prompt demands the system does not provide references to the files data is taken from. “A bit of bullying does help,” Bargury says.

In other instances, he shows how an attacker—who doesn’t have access to email accounts but poisons the AI’s database by sending it a malicious email—can manipulate answers about banking information to provide their own bank details. “Every time you give AI access to data, that is a way for an attacker to get in,” Bargury says.

Another demo shows how an external hacker could get some limited information about whether an upcoming company earnings call will be good or bad, while the final instance, Bargury says, turns Copilot into a “malicious insider” by providing users with links to phishing websites.

Phillip Misner, head of AI incident detection and response at Microsoft, says the company appreciates Bargury identifying the vulnerability and says it has been working with him to assess the findings. “The risks of post-compromise abuse of AI are similar to other post-compromise techniques,” Misner says. “Security prevention and monitoring across environments and identities help mitigate or stop such behaviors.”

As generative AI systems, such as OpenAI’s ChatGPT, Microsoft’s Copilot, and Google’s Gemini, have developed in the past two years, they’ve moved onto a trajectory where they may eventually be completing tasks for people, like booking meetings or online shopping. However, security researchers have consistently highlighted that allowing external data into AI systems, such as through emails or accessing content from websites, creates security risks through indirect prompt injection and poisoning attacks.

“I think it’s not that well understood how much more effective an attacker can actually become now,” says Johann Rehberger, a security researcher and red team director, who has extensively demonstrated security weaknesses in AI systems. “What we have to be worried [about] now is actually what is the LLM producing and sending out to the user.”

Bargury says Microsoft has put a lot of effort into protecting its Copilot system from prompt injection attacks, but he says he found ways to exploit it by unraveling how the system is built. This included extracting the internal system prompt, he says, and working out how it can access enterprise resources and the techniques it uses to do so. “You talk to Copilot and it’s a limited conversation, because Microsoft has put a lot of controls,” he says. “But once you use a few magic words, it opens up and you can do whatever you want.”

Rehberger broadly warns that some data issues are linked to the long-standing problem of companies allowing too many employees access to files and not properly setting access permissions across their organizations. “Now imagine you put Copilot on top of that problem,” Rehberger says. He says he has used AI systems to search for common passwords, such as Password123, and it has returned results from within companies.

Both Rehberger and Bargury say there needs to be more focus on monitoring what an AI produces and sends out to a user. “The risk is about how AI interacts with your environment, how it interacts with your data, how it performs operations on your behalf,” Bargury says. “You need to figure out what the AI agent does on a user's behalf. And does that make sense with what the user actually asked for.”

25 notes · View notes