Python Programming Language - Run Code In Interpreter To Change Code Or Adjust Parameters Without Recompile

Electromagnetic Cavitation

Electromagnetic Cavitation

you know with the whole narrative framing device in the book being that Dooku painstakingly saved EVERYTHING from his Jedi years, including private correspondence, journal entries, recorded conversation, and holopics, it's almost miraculous Asajj didn't find a folder of dick pics in there

(via Genetics firm 23andMe says user data stolen in credential stuffing attack)

gee how UNEXPECTED

except for everybody that has been expecting this to happen...

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service (ENS), a blockchain equivalent of the popular internet naming convention known as the Domain Name System (DNS). Nick received a very official looking security alert about a subpoena allegedly issued to Google by law enforcement to information contained in Nick’s Google account. A URL in the email pointed Nick to a sites.google.com page that looked like an exact copy of the official Google support portal.

As a computer savvy person, Nick spotted that the official site should have been hosted on accounts.google.com and not sites.google.com. The difference is that anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did. Attackers increasingly use Google Sites to host phishing pages because the domain appears trustworthy to most users and can bypass many security filters. One of those filters is DKIM (DomainKeys Identified Mail), an email authentication protocol that allows the sending server to attach a digital signature to an email. If the target clicked either “Upload additional documents” or “View case”, they were redirected to an exact copy of the Google sign-in page designed to steal their login credentials. Your Google credentials are coveted prey, because they give access to core Google services like Gmail, Google Drive, Google Photos, Google Calendar, Google Contacts, Google Maps, Google Play, and YouTube, but also any third-party apps and services you have chosen to log in with your Google account. The signs to recognize this scam are the pages hosted at sites.google.com which should have been support.google.com and accounts.google.com and the sender address in the email header. Although it was signed by accounts.google.com, it was emailed by another address. If a person had all these accounts compromised in one go, this could easily lead to identity theft.

How to avoid scams like this

Don’t follow links in unsolicited emails or on unexpected websites.

Carefully look at the email headers when you receive an unexpected mail.

Verify the legitimacy of such emails through another, independent method.

Don’t use your Google account (or Facebook for that matter) to log in at other sites and services. Instead create an account on the service itself.

Technical details Analyzing the URL used in the attack on Nick, (https://sites.google.com[/]u/17918456/d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/edit) where /u/17918456/ is a user or account identifier and /d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/ identifies the exact page, the /edit part stands out like a sore thumb. DKIM-signed messages keep the signature during replays as long as the body remains unchanged. So if a malicious actor gets access to a previously legitimate DKIM-signed email, they can resend that exact message at any time, and it will still pass authentication. So, what the cybercriminals did was: Set up a Gmail account starting with me@ so the visible email would look as if it was addressed to “me.” Register an OAuth app and set the app name to match the phishing link Grant the OAuth app access to their Google account which triggers a legitimate security warning from [email protected] This alert has a valid DKIM signature, with the content of the phishing email embedded in the body as the app name. Forward the message untouched which keeps the DKIM signature valid. Creating the application containing the entire text of the phishing message for its name, and preparing the landing page and fake login site may seem a lot of work. But once the criminals have completed the initial work, the procedure is easy enough to repeat once a page gets reported, which is not easy on sites.google.com. Nick submitted a bug report to Google about this. Google originally closed the report as ‘Working as Intended,’ but later Google got back to him and said it had reconsidered the matter and it will fix the OAuth bug.

Access Credentials

Confronting the Security Risks of Copilots

New Post has been published on https://thedigitalinsider.com/confronting-the-security-risks-of-copilots/

Confronting the Security Risks of Copilots

More and more, enterprises are using copilots and low-code platforms to enable employees – even those with little or no technical expertise – to make powerful copilots and business apps, as well as to process vast amounts of data. A new report by Zenity, The State of Enterprise Copilots and Low-Code Development in 2024, found that, on average, enterprises have about 80,000 apps and copilots that were created outside the standard software development lifecycle (SDLC).

This development offers new opportunities but new risks, as well. Among these 80,000 apps and copilots are roughly 50,000 vulnerabilities. The report noted that these apps and copilots are evolving at breakneck speed. Consequently, they are creating a massive number of vulnerabilities.

Risks of enterprise copilots and apps

Typically, software developers build apps carefully along a defined SDLC (secure development lifecycle) where every app is constantly designed, deployed, measured and analyzed. But today, these guardrails no longer exist. People with no development experience can now build and use high-powered copilots and business apps within Power Platform, Microsoft Copilot, OpenAI, ServiceNow, Salesforce, UiPath, Zapier and others. These apps help with business operations as they transfer, and store sensitive data. Growth in this area has been significant; the report found 39% year-over-year growth in the adoption of low-code development and copilots.

As a result of this bypassing of the SDLC, vulnerabilities are pervasive. Many enterprises enthusiastically embrace these capabilities without fully appreciating the fact that they need to grasp how many copilots and apps are being created – and their business context, too. For instance, they need to understand who the apps and copilots are meant for, which data the app interacts with and what their business purposes are. They also need to know who is developing them. Since they often don’t, and since the standard development practices are bypassed, this creates a new form of shadow IT.

This puts security teams in the difficult position with a lot of copilots, apps, automations and reports that are being built outside of their knowledge by business users in various LoBs. The report found that all of the OWASP (Open Web Application Security Project) Top 10 risk categories are ubiquitous throughout enterprises. On average, an enterprise has 49,438 vulnerabilities. This translates to 62% of the copilots and apps built via low-code containing a security vulnerability of some kind.

Understanding the different types of risks

Copilots present such significant potential threat because they use credentials, have access to sensitive data and possess an intrinsic curiosity that make them difficult to contain. In fact, 63% of copilots built with low-code platforms were overshared with others – and many of them accept unauthenticated chat. This enables a substantial risk for possible prompt injection attacks.

Because of how copilots operate and how AI operates in general, stringent safety measures must be enforced to prevent the sharing of end user interactions with copilots, sharing apps with too many or the wrong people, the unneeded granting of access to sensitive data via AI, and so on. If these measures are not in place, enterprises risk increased exposure to data leakage and malicious prompt injection.

Two other significant risks are:

Remote Copilot Execution (RCEs) – These vulnerabilities represent an attack pathway specific to AI applications. This RCE version enables an external attacker to take complete control over Copilot for M365 and force it obey their commands simply by sending one email, calendar invitation or Teams message.

Guest accounts: Using just one guest account and a trial license to a low-code platform – typically available free of charge across multiple tools – an attacker need only log in to the enterprise’s low-code platform or copilot. Once in, the attacker switches to the target directory and then has domain admin-level privileges on the platform. Consequently, attackers seek out these guest accounts, which have led to security breaches. Here’s a data point that should strike fear into enterprise leaders and their security teams: The typical enterprise has more than 8,641 instances of untrusted guest users who have access to apps that are developed via low-code and copilots.

A new security approach is needed

What can security teams do against this ubiquitous, amorphous and critical risk? They need to make certain that they have put controls in place to alert them to any app that has an insecure step in its credential retrieval process or a hard-coded secret. They also must add context to any app being created to make sure that there are appropriate authentication controls for any business-critical apps that also have access to sensitive internal data.

When these tactics have been deployed, the next priority is to make sure appropriate authentication is set up for apps that need access to sensitive data. After that, it’s a best practice to set up credentials so that they can be retrieved securely from a credential or secrets vault, which will guarantee that passwords aren’t sitting in clear or plain text.

Securing your future

 The genie of low-code and copilot development is out of the bottle, so it’s not realistic to try to put it back in. Rather, enterprises need to be aware of the risks and put controls in place that keep their data secure and properly managed. Security teams have faced many challenges in this new era of business-led development, but by adhering to the recommendations noted above, they will be in the best possible position to securely bring the innovation and productivity enterprise copilots and low code development platforms offer toward a bold new future.

Create New Users and Join Synology NAS to Active Directory

Microsoft Active Directory Domain Services (AD DS) are a directory service that help organize network resources within Active Directory environment. It supports user/group management, group policies, multiple directory servers (i.e., domain controllers), Kerberos authentication, etc. In this article, we shall learn how to Create New Users and Join Synology NAS to Active Directory. Please see How…

View On WordPress

Your mobile password manager might be exposing your credentials | TechCrunch

A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps. The vulnerability, dubbed “AutoSpill,” can expose users’ saved credentials from mobile password managers by circumventing Android’s secure autofill mechanism, according to university researchers at the IIIT Hyderabad, who discovered the…

View On WordPress

Server Saturday: Controlling Access to Your Network - A Guide to Access Control

Welcome to Server Saturday, where we embark on a humorous and informative journey into the world of network access control. In this edition, we’ll unravel the mysteries of access control, using common analogies, playful emojis, and a funny tone to help novice readers understand this essential aspect of network security. Get ready to tighten the reins and control who enters your digital kingdom!…

View On WordPress

"Genetics firm 23andMe confirms user data theft in a credential stuffing attack. The hackers released 1 million lines of data targeting Ashkenazi Jews and Chinese descent" this is so scary, wtf

OK followers this is not a drill. This is now the time to start calling out the antisemitism in your friends and family. This is truly some nazi level eugenics shit. I'm at work but I'd appreciate more help boosting what to do.

mod ali

Update:

Please send this to all your Jewish and Chinese friends and family. Stay safe and please boost this.

TOTAL BATTLE LOGİN - PRO+

Welcome to the ultimate gaming experience with Total Battle, a strategic online war game that challenges your tactical skills while immersing you in a captivating medieval world. In this article, we’ll explore the essentials that every player needs to know, including how to navigate the Total Battle login process, maximize your gameplay, and delve into comprehensive guides that will elevate your strategies. Whether you're a seasoned general or just starting your journey, you’ll find valuable insights and tips to help you conquer your foes and build a formidable empire.

Total Battle Login

Accessing your gaming experience has never been easier with the total battle login. This streamlined process allows players to quickly enter the highly immersive world of Total Battle, ensuring that your journey toward strategy and conquest begins without delay.

Once you reach the total battle login page, you'll find an intuitive interface designed to facilitate your entrance. Whether you're a seasoned commander or a new recruit, you can swiftly log in using your credentials and pick up right where you left off in your quest for dominance.

In addition to great accessibility, the total battle login ensures your data protection and provides a seamless connection across devices. This means you can enjoy your favorite strategies on-the-go, enhancing your gaming flexibility and freedom.

Don't let obstacles stand in your way! Experience the thrill of Total Battle with a fast, reliable login process. Explore the possibilities at your fingertips – dive into engaging gameplay today with the total battle login!

Total Battle

Total Battle offers an immersive gaming experience that combines strategic warfare with resource management, making it a go-to choice for gamers looking for depth and excitement. The focal point of the game revolves around building your empire, forming alliances, and engaging in epic battles. Players can expect to dive into various gameplay modes designed to enhance their strategic skills and test their tactical abilities.

One of the significant advantages of total battle is its comprehensive total battle guide that aids both new and experienced players. This guide provides players with vital information on unit formations, resource allocation, and battle tactics, ensuring that you always stay one step ahead of your opponents. With regular updates and community contributions, this guide evolves alongside the game, maintaining its relevance and usefulness.

When you visit totalbattle, you are welcomed with a user-friendly interface that simplifies the login process, allowing you to jump straight into action. The platform is designed to be intuitive, making it easy for players of all skill levels to navigate and find helpful tools and resources that enhance their gameplay experience.

Join a thriving community of players who engage in strategic discussions, share their experiences, and dominate the battlefield. With Total Battle's dynamic gameplay and community-driven atmosphere, you will not just be a player— you will become part of a unified force aimed at conquering new territories and achieving glorious victories.

Total Battle Guide

Welcome to your ultimate total battle guide, designed to help you navigate through the exciting world of Total Battle efficiently. Whether you are a newcomer seeking to understand the basics or a seasoned player looking for advanced strategies, this comprehensive guide is here to enhance your gameplay experience.

Understanding Game Mechanics

Total Battle combines elements of strategy, city-building, and warfare. Familiarize yourself with the core mechanics to maximize your success:

Resource Management: Balance your resources like gold, wood, and food to ensure steady growth of your empire.

Unit Types: Learn about the various units available, including infantry, cavalry, and siege equipment, and understand their strengths and weaknesses.

Buildings: Upgrade your city by constructing essential buildings that boost your economic and military might.

Strategic Gameplay Tips

To gain an edge over your opponents, implement these tips into your strategy:

Scout Before Attacking: Always scout enemy positions to make informed decisions before launching an attack.

Join an Alliance: Collaborating with other players provides support and enhances your strategic options.

Daily Login Rewards: Make sure to log in daily to claim valuable rewards that will assist you in your quest.

Explore Tactical Features

The game offers various tactical features to gain dominance over your rivals. Mastering these can lead to significant advantages:

Hero Development: Develop your heroes by equipping them with powerful gear and leveling them up for enhanced abilities.

Battle Tactics: Experiment with different formations and tactics to find the best approach during battles.

Event Participation: Engage in special events that often yield unique rewards and opportunities for bonuses.

Utilizing this total battle guide will empower you as you embark on your journey in Total Battle. For further assistance or in-depth lore, don’t forget to check out TotalBattleLogin.com. Start your adventure today and conquer your foes with confidence!

Totalbattle

Discover the captivating world of Totalbattle, where strategy and action collide! Immerse yourself in the exhilarating gameplay designed to challenge even the most seasoned gamers. From building your powerful empire to forging alliances with other players, the Total Battle experience is ever-evolving and engaging.

The game seamlessly blends elements of classic strategy with modern features, ensuring that every session is unique. Whether you are a newbie or a veteran, the Total Battle guide is your essential tool for mastering gameplay tactics and optimizing your journey.

Accessing the game through the Total Battle login portal opens doors to exclusive events, rewards, and updates that keep the excitement alive. Enhance your gameplay experience by diving into rich lore and strategic warfare mechanics that Total Battle has to offer.

Join a vibrant community of players who share tips, strategies, and camaraderie in their quest for dominance. Don’t miss out on the opportunity to enhance your skills and achieve greatness. Take the first step by visiting Total Battle and preparing yourself for an epic adventure!

Important PSA

(Important PSA)

If you get asks claiming to be “technical support staff” asking you to click a link to verify your e-mail because they need your banking credentials or get DMs from similar accounts asking you they need your e-mail address for verification reasons and want your name..

That is a phishing scam impersonating tumblr staff and you should not be posting the asks with a live link in it or trusting the DMs and sending your information! This is an extremely old kind of scam that has began resurfacing and you need to take internet safety into consideration.

It is safer to take a simple screenshot of the ask so the link won’t be spread and lead to a mass hack of users who fell for the attempt. You can warn people without putting their account in danger because some people don’t care what you say and will go to the link anyway.

Please be careful.

A 25-Year-Old With Elon Musk Ties Has Direct Access to the Federal Payment System

A 25-year-old engineer named Marko Elez, who previously worked for two Elon Musk companies, has direct access to Treasury Department systems responsible for nearly all payments made by the US government, three sources tell WIRED. Two of those sources say that Elez’s privileges include the ability not just to read but to write code on two of the most sensitive systems in the US government: The Payment Automation Manager (PAM) and Secure Payment System (SPS) at the Bureau of the Fiscal Service (BFS). Housed on a top-secret mainframe, these systems control, on a granular level, government payments that in their totality amount to more than a fifth of the US economy. Despite reporting that suggests that Musk's so-called Department of Government Efficiency (DOGE) task force has access to these Treasury systems on a “read-only” level, sources say Elez, who has visited a Kansas City office housing BFS systems, has many administrator-level privileges. Typically, those admin privileges could give someone the power to log into servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to. “You could do anything with these privileges,” says one source with knowledge of the system, who adds that they cannot conceive of a reason that anyone would need them for purposes of simply hunting down fraudulent payments or analyzing disbursement flow. "Technically I don't see why this couldn't happen," a federal IT worker tells WIRED in a phone call late on Monday night, referring to the possibility of a DOGE employee being granted elevated access to a government server. "If you would have asked me a week ago, I'd have told you that this kind of thing would never in a million years happen. But now, who the fuck knows." A source says they are concerned that data could be passed from secure systems to DOGE operatives within the General Services Administration (GSA). WIRED reporting has shown that Elon Musk’s associates—including Nicole Hollander, who slept in Twitter’s offices as Musk acquired the company, and Thomas Shedd, a former Tesla engineer who now runs a GSA agency, along with a host of extremely young and inexperienced engineers—have infiltrated the GSA, and have attempted to use White House security credentials to gain access to GSA tech, something experts have said is highly unusual and poses a huge security risk.

🔎Scam Exam(ination)🔍(updated 2/12/25)

Seen as: Selling HRT / Testosterone Scam Type: Fake Product / Fraud

Platform: Tumblr

Accounts running this scam: sirwinz

-----

This scam mostly targets LGBTQ+ individuals, mainly Trans folk who post in such related tags.

Those who do may receive a DM, comment, ask, or any such related contact from another tumblr user who claims to be a certified™ Doctor, Therapist, Pharmacist, ect, who is trying to offer you a 'new and amazing' drug that's not on the market, or a 'cheap alternative medicine' to name brand HRT or Testosterone.

One such account that popped up recently of this is drfelixortega.

Here is what their tumblr page looks like:

And this is the ask that they are sending users:

(Screenshot taken from this post.)

If you visit their page, you will only find six posts.

All very generic in nature.

None of which link to any sort of certification or credentials that prove that this person is a 'real' doctor. They just say they are a totally real (no fake) Doctor and expect people to go with it.

Like most scammers usually to do.

Here's another version of where another HRT scammer leaves comments on peoples posts:

-----

Why this is a scam:

1 - The risk.

Purchasing any sort of drug online from a shady dealer is not only a good way to get scammed, it's a good way to get sick and possibly even die. You have no idea what sort of ingredients are in the pills these supposed Doctors online are trying to sell you.

There was a story that surfaced on my local news station that talked about how in South Korea, capsules were seized that contained the contents of herbs and a mixture of human flesh/DNA.

When tested, the human material was found to belong to infants.

If you wish to read more, you can find the 2015 article here. But be warned, it is very disturbing. (No pictures)

2 - The scam.

I know that getting HRT or even Testosterone can be hard, and I know how the struggle and the desire to truly be yourself can become overwhelming. Your insurance may not pay for it, or you might not even have insurance to begin with, leaving without hope at all in your journey to begin transitioning.

But that still doesn't mean you should believe every offer that seems too good to be true the moment you're offered it online. In more cases than none, you will give these people money, and never receive a product.

Think about these things for a second:

Why would a doctor, surgeon, pharmacist, what have you, be on Tumblr of all places? Why would they browse the trans tag, or other such related tags, to find potential 'clients?' Don't you usually have to make an appointment with a doctor? For your insurance to then pay for to cover your medicine? How can a board certified pharmacist.. be a gender assessment surgeon at the same time? (it's a lie, that's why.)

3 - The truth.

The truth of the matter is, you cannot, unfortunately, get HRT or Testosterone without seeing a doctor for a prescription.

And buying it online from any sort of 3rd party website or manufacturer is simply putting not only your wallet at risk, but your life at risk.

Here is a screenshot taken from this GoodRX article:

Here is an article on the risks and dangers of buying unregulated / unlicensed HRT. One big one being that they can be contaminated.

And a final, general consensus from google:

-----

Final Thoughts:

As I've said in a few of my past scam Exam(inations), if something seems too good to be true, it most likely is. I know how life changing something can be and how desperate wanting it can make you, but please don't risk your wallet, or your life, for it.

Remember: These are just words these people offer you.

Ask for proof. In most cases they will not send you any and will get combative that you asked. If they do send you any kind of images, remember, you can reverse image search them to try and find the source. If you get pushy in asking for their credentials they'll probably end up blocking you and just want you to 'trust them' or send you clearly edited photos made in photoshop.

Never give anyone your personal information such as name, adress, phone number, occupation, birth date, SSN, a photo of yourself or your ID, or any kind of credit card information online who is selling you a product, especially if it's via a DM or chatroom type service or e-mail.

And never go to a strange website you don't know or have never heard of without googling it first.

You can also run it through something like VirusTotal to check if any of the big/main websites like Bitdefender or Kaspersky that detect things like phishing, viruses/trojans/maware, and all that fun stuff, have picked up on it being malicious.

Just... Be safe.

Please make sure you think before you talk to people like this.

Take care everyone. <3

----

Disclaimer: Tags are relevant to the content of this post. This is not 'tag spam' or 'unrelated'. I'm just spreading awareness about this scam targeting people taking hormone drugs like HRT which also includes people other than just trans folk. :)

How to watch UCONN WOMEN'S BASKETBALL GAMES (streams added below)

NOTE: Watching via SNY or FOX, you will need to sign in through a tv provider/cable.

To watch SNY:

Source: https://sny.tv/info/live-faq

You must be in their broadcasting territory. you can't watch SNY outside of its regional territory, which includes New York, Connecticut, parts of New Jersey, and parts of Pennsylvania.

you must also be an SNY subscriber through a participating TV provider. List of providers: https://sny.tv/watch-now

If you meet these conditions, you're good to go!

To watch on FOX Sports (if you don't have SNY or live outside of tristate area):

Out-of-market fans (those who don't have SNY from tv providers and people who live outside broadcast region meaning other states) you will be able to stream UConn's SNY games at no additional cost to authenticated subscribers who have FOX as part of their television package. Users will need to sign in with their TV provider credentials at https://www.foxsports.com/ or in the FOX Sports app. The games can also be accessed at www.fox.com/sports or in the FOX Now app. Source:https://uconnhuskies.com/watch/search

Source:

About UCONN+ (website and app)

Unless noted UCONN+ (web and app) will ONLY have audio. This is because they do not have rights to broadcast games. And to my knowledge they also do not have rights to post replays either. They will live stream post game conferences though (not sure if for all games though.)

For everyone without access to SNY or FOX and international fans:

Theres no hope. lol just kidding. There is some hope. As of now (8am est) I've checked a few popular sports streaming sites(vipbox, methstreams, NBAstreams, sportsurge, crackstream, streameast and some iptv channels for sny) and unfortunately they don't have the game listed on their upcoming events but these sites do sometimes put up links under "basketball" and/or "NCAA" but those links only go up around game time (~30 min before tip off). unfortunately women's college isn't as popular as the men's 🙄 so it's hard to find. If I do find anything, I will post

Edit: stream links

This one has replay available:

Sidenote: please save and use the following uconnwbb's tv schedule to see which networks will air the games throughout the season

(thank you to the anons that shared the streams)

I am none of the other anons or named users, but I ... hmm. *leafing through my rolodex of credentials* Eh, none of these add validity of my worth.

I *ahem* hmm. My platform as anon is that monsters are cool. We should have more monster sculptures on building ledges, railings, and interior courtyards.

Yeah I'll second that. We should bring back the little guys we place on buildings but except everywhere.