Elephant0991

Here's the paper: https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf

Some OpenVPN and Wireguard clients are impacted. See the paper.

Summary

• Scientists at the Department of Energy's Pacific Northwest National Laboratory have developed a new way to detect denial-of-service attacks.
• The new technique is more accurate than current methods, correctly identifying 99% of attacks in testing.
• The technique works by tracking the evolution of entropy, a measure of disorder in a system.
• During a denial-of-service attack, two measures of entropy go in opposite directions. At the target address, many more clicks than usual are going to one place, a state of low entropy. But the sources of those clicks, whether people, zombies or bots, originate in many different places—high entropy. The mismatch could signify an attack.
• The new technique is automated and doesn't require close oversight by a human to distinguish between legitimate traffic and an attack.
• The researchers say that their program is "lightweight"—it doesn't need much computing power or network resources to do its job.
• The PNNL team is now looking at how the buildout of 5G networking and the booming internet of things landscape will have an impact on denial-of-service attacks.

Vow, what a grisly mystery.

For non-professional cybersecurity, I like:

• https://feeds.feedburner.com/TheHackersNews
• https://krebsonsecurity.com/feed/
• https://www.kaspersky.com/blog/feed/
• https://feeds.feedburner.com/NakedSecurity

Like, but somewhat spammy:

• https://blog.knowbe4.com/rss.xml

For computer & society:

• https://www.eff.org/rss.xml

https://www.inoreader.com is great. Love it.

> Worldcoin, founded by US tech entrepreneur Sam Altman, offers free crypto tokens to people who agree to have their eyeballs scanned.

> It claims to be creating a new global “identity and financial network”.

> Altman, who founded Open AI, which built chat bot ChatGPT, says he hopes the initiative will help confirm if someone is a human or a robot. He also says this could lead to everyone being paid a universal basic income but it is not clear how.

Sure, bud, hand over our biometrics for your private fiat money, for the promise of unclear-how basic income, meanwhile with your exploiting the poors and manipulating the laws to favor yourself.

PWM saves the URL with the password record. It doesn't auto-fill username/password on a website that the user hasn't already approved, so it provides some phishing-resistance when the URL is unknown, or is just similar to the originally saved URL.

All the way. Don't settle for just chrome plating.

Well, I saw pregnant women, how the baby got there was a complete mystery. Right before puberty, there were wild speculations about what boys and girls do for the girls to become pregnant.

One more, just in case.

Haha, all I know is the admins of my instances are most likely no Steve. Admins are as pseudonymous as I am, although we probably have similar hope of prospering in communities that are better than corporate-controlled ones.