128 Matching Annotations
  1. Jul 2023
    1. most people don't realize how vulnerable we are I mean for example the the food supply in the average city in the United States if it's not daily 00:01:44 renewed would run out in about three days there's not much of a buffer there
      • food supply chain vulnerability
      • most US cities would run out of food in 3 days if there was a major food supply chain disruption
  2. Aug 2022
    1. Given the strong coupling between data andcryptosystems in blockchains, the potential vulner-ability of these cryptosystems to quantum attacks,the likely introduction of capable quantum com-puters in the mid-term future—not to mention theusual high monetary value of the assets secured byblockchains—it is important to more deeply under-stand their current level of vulnerability.

      Author states its motivation: - strong coupling between data and cryptosystems in BCh - the cryptosystems potential vulnerability to quantum computers - the likely introduction of quantum computers in the mid-term future - also the high monetary value of the assets secured plus momentum of BCh.

  3. May 2022
  4. multidimensional.link multidimensional.link
    1. Love, Its like a playing card A wild card, Your “lucky card”. You throw it into play Hoping it will land you your win. You throw it wrong, Your hand is forced You have to fold- But it hurts.

      I want to know more...a deeper context to these emotions. Why do you think you need to fold? Are you afraid to be vulnerable? To take a chance? What will ease the pain?

  5. Mar 2022
  6. Feb 2022
  7. Oct 2021
  8. Sep 2021
    1. My father was sharing a book by Brené Brown, Dare to Lead. I shared this website I had created while I was an instructor at the University of the Fraser Valley.

      I pointed him to the TED talk by Brené Brown on The Power of Vulnerability.

  9. Aug 2021
    1. (2) David Fisman on Twitter: “Here’s some really simple modeling that hopefully will help provide some insight into why having a large, unvaccinated minority in Ontario is a problem for the population as a whole.” / Twitter. (n.d.). Retrieved August 23, 2021, from https://twitter.com/DFisman/status/1427940663925092354

  10. Jul 2021
  11. Jun 2021
    1. That means if an attacker can inject some JavaScript code that runs on the web app’s domain, they can steal all the data in localStorage. The same is true for any third-party JavaScript libraries used by the web app. Indeed, any sensitive data stored in localStorage can be compromised by JavaScript. In particular, if an attacker is able to snag an API token, then they can access the API masquerading as an authenticated user.
    2. But there’s a drawback that I didn’t like about this option: localStorage is vulnerable to Cross-site Scripting (XSS) attacks.
  12. May 2021
    1. the majority of XSS attacks target theft of session cookies. A server could help mitigate this issue by setting the HttpOnly flag on a cookie it creates, indicating the cookie should not be accessible on the client.
  13. Apr 2021
  14. Mar 2021
  15. Feb 2021
  16. Dec 2020
    1. Go is introducing publicly-visible API changes related to these issues in an upcoming major release, which risks making the vulnerabilities public without explicit public disclosure. 

      Whaaat ?!

  17. Oct 2020
    1. Could you please explain why it is a vulnerability for an attacker to know the user names on a system? Currently External Identity Providers are wildly popular, meaning that user names are personal emails.My amazon account is my email address, my Azure account is my email address and both sites manage highly valuable information that could take a whole company out of business... and yet, they show no concern on hiding user names...

      Good question: Why do the big players like Azure not seem to worry? Microsoft, Amazon, Google, etc. too probably. In fact, any email provider. So once someone knows your email address, you are (more) vulnerable to someone trying to hack your account. Makes me wonder if the severity of this problem is overrated.

      Irony: He (using his full real name) posts:

      1. Information about which account ("my Azure account is my email address"), and
      2. How high-value of a target he would be ("both sites manage highly valuable information that could take a whole company out of business...")

      thus making himself more of a target. (I hope he does not get targetted though.)

    2. That is certainly a good use-case. One thing you can do is to require something other than a user-chosen string as a username, something like an email address, which should be unique. Another thing you could do, and I admit this is not user-friendly at all, to let them sign up with that user name, but send the user an email letting them know that the username is already used. It still indicates a valid username, but adds a lot of overhead to the process of enumeration.
    1. How would you remediate this? One way could be to have the application pad the responses with a random amount of time, throwing off the noticeable difference.
    2. Sometimes, user enumeration is not as simple as a server responding with text on the screen. It can also be based on how long it takes a server to respond. A server may take one amount of time to respond for a valid username and a very different (usually longer) amount of time for an invalid username.
    1. When I received Chris’s comment, my first response was that I should delete my post or at least the incorrect part of it. It’s embarrassing to have your incorrect understandings available for public view. But I decided to leave the post as is but put in a disclaimer so that others would not be misled by my misunderstandings. This experience reminded me that learning makes us vulnerable. Admitting that you don’t know something is hard and being corrected is even harder. Chris was incredibly gentle in his correction. It makes me think about how I respond to my students’ work. Am I as gentle with their work as Chris was to mine? Could I be more gentle? How often have I graded my students’ work and only focused on what they did wrong? Or forgotten that feeling of vulnerability when you don’t know something, when you put your work out for others to judge? This experience has also reminded me that it’s important that we as teachers regularly put ourselves into situations in which we authentically grapple with not knowing something. We should regularly share our less than fully formed understandings with others for feedback. It helps us remember that even confident learners can struggle with being vulnerable. And we need to keep in mind that many of our students are not confident learners.

      I'm reminded here of the broad idea that many bloggers write about sooner or later of their website being a "thought space" or place to contemplate out in the open. More often than not, even if they don't have an audience to interact with, their writings become a way of thinking out loud, clarifying things for themselves, self-evolving, or putting themselves out there for potential public reactions (good, bad, or indifferent).

      While writing things out loud to no audience can be helpful and useful on an individual level, it's often even more helpful to have some sort of productive and constructive feedback. While a handful of likes or positive seeming responses can be useful, I always prefer the ones that make me think more broadly, deeply, or force me to consider other pieces I hadn't envisioned before. To me this is the real value of these open and often very public thought spaces.

      For those interested in the general idea, I've been bookmarking/tagging things around the idea of thought spaces I've read on my own website. Hopefully this collection helps others better understand the spectrum of these ideas for themselves.

      With respect to the vulnerability piece, I'm reminded of an episode of <cite>The Human Current</cite> I listened to a few weeks back. There was an excellent section that touched on building up trust with students or even a class when it comes to providing feedback and criticism. Having a bank of trust makes it easier to give feedback as well as to receive it. Here's a link to the audio portion and a copy of the relevant text.

  18. Sep 2020
  19. Aug 2020
  20. Jul 2020
  21. Jun 2020
    1. Goldman, P. S., Ijzendoorn, M. H. van, Sonuga-Barke, E. J. S., Goldman, P. S., Ijzendoorn, M. H. van, Bakermans-Kranenburg, M. J., Bradford, B., Christopoulos, A., Cuthbert, C., Duchinsky, R., Fox, N. A., Grigoras, S., Gunnar, M. R., Ibrahim, R. W., Johnson, D., Kusumaningrum, S., Ken, P. L. A., Mwangangi, F. M., Nelson, C. A., … Sonuga-Barke, E. J. S. (2020). The implications of COVID-19 for the care of children living in residential institutions. The Lancet Child & Adolescent Health, 0(0). https://doi.org/10.1016/S2352-4642(20)30130-9

  22. May 2020
  23. Apr 2020
  24. Feb 2019
    1. a belief thal we have an accurate memory of a past fact or demonstration or a belief that others have been correct in their proofs.

      We must trust in our memories, our senses and observations, and in others. Which of these do we have faith in more/most? And what are the consequences when we make ourselves vulnerable to that trust (and are proven wrong)?

  25. Jan 2019
    1. anguage come to be more trustworthy than matter?

      People seem to trust in themselves more than what's outside themselves. Even though language is constructed, it's our construct, something we made, and therefore (?) something we can place our faith in more so than in matter, something we had less of a hand in making. When we place our faith in things outside ourselves, we become more vulnerable--we open ourselves to other things as well as to the possibility of being wrong.

    1. CORRESPONDENCE

      Throughout this section, Foucault characterizes correspondence as a way to reveal the self: "a certain way of manifesting oneself to oneself and to others," to "show oneself," "a decipherment of the self by the self as an opening one gives the other onto oneself."

      This sort of 'opening' is to make oneself vulnerable, to be seen by others. (cf. Marback's "A Meditation on Vulnerability in Rhetoric")

      This is characteristic particularly of writing that is intended for others (correspondence), but in what ways are other forms of writing equally--if not more--revealing of the self?

      (That also makes me question whether any writing is truly for the self and not intended in some way for others. Even diaries/journals are written with the possible eventuality that someone other than the writer will read it.)

  26. May 2017
    1. Certain HP laptops have flawed audio drivers that record all your keystrokes to: C:\Users\Public\MicTray.log

      If these files exist, delete them: C:\Windows\System32\MicTray64.exe C:\Windows\System32\MicTray.exe

  27. Mar 2017
    1. I decided that I would respond to Terry's bravery and speak to the world 'ad hoc' in my turn and have faith in whatever came out of my mouth accompanied by a picture on the wall.

      vulnerability open improvisation emotion

    1. I have indeed succeeded in my ambition, I even referred to Mr Benn in a conference I did in Plymouth in 2011 entitled "In Search of Nomad's Land".

      vulnerability storytelling child/adult Historical Body Discourses

    1. Here's a sort of wallop:

      Act of being witness

    2. my mother had just died,

      Life and vulnerability.

    3. I was over the edge.

      Didn't care for social niceties

    4. I spoke, I was in tears at all the frustration I had felt, the people in the room were touched.

      This was me who was doing that.

      This was the best work that I could muster at that moment.

      Frustration at not having the means to communicate.

  28. Jan 2017
    1. Thousands of poorly secured MongoDB databases have been deleted by attackers recently. The attackers offer to restore the data in exchange for a ransom -- but they may not actually have a copy.

  29. Dec 2016
  30. Oct 2016
    1. The malware, dubbed "Mirai," spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords."

  31. Aug 2016
    1. "We demonstrate that well-known compression-based attacks such as CRIME or BREACH (but also lesser-known ones) can be executed by merely running JavaScript code in the victim’s browser. This is possible because HEIST allows us to determine the length of a response, without having to observe traffic at the network level."

      HEIST attacks can be blocked by disabling 3rd-party cookies.

      https://twitter.com/vanhoefm<br> https://twitter.com/tomvangoethem

  32. Jun 2016
    1. These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible.

      ...

      Tuesday's advisory is only the latest to underscore game-over vulnerabilities found in widely available antivirus packages.

      https://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html

  33. Apr 2016
    1. HID VertX and Edge controllers for security doors were discovered to have a command injection vulnerability that made it possible for attackers to open them via the Internet.

  34. Feb 2016
  35. Nov 2015
    1. Businesses need to be more careful to avoid revealing customers' personal information. And they should record calls, and watch them collectively over time for signs of suspicious activity.

      The harasser in this article tricked customer service representatives into giving him private details about his victims. Starting with whatever information he could find online (a birthdate, the name of a pet) he would call repeatedly until he succeeded in getting other details -- which would make him still more convincing, so he could get more details.

      In one case, he pretended to be a company technician for ISP Cox Communications. They didn't have a procedure to verify the ID of their own technicians?

      Social engineering)

    1. All new Dell laptops and desktops shipped since August 2015 contain a serious security vulnerability that exposes users to online eavesdropping and malware attacks.

      "At issue is a root certificate installed on newer Dell computers that also includes the private cryptographic key for that certificate. Clever attackers can use this key from Dell to sign phony browser security certificates for any HTTPS-protected site."

  36. Jul 2015
    1. The result? Students’ sense of vulnerability is skyrocketing.

      I had similar thoughts around the immensely popular video about street harassment made by hollaback! after a former partner compared an unwelcome invitation I had extended to see a concert together to street harassment. It got me wondering what disciplines have good dialectic for separating useful from harmful exposure. So far I have only an inkling that trauma therapy offers some hope, and it connects the conversation to concepts like triggers.