rowdyrockets

joined 7 months ago
[–] rowdyrockets@lemm.ee 4 points 1 week ago (1 children)

Hey! There are dozens of us!

[–] rowdyrockets@lemm.ee 4 points 3 weeks ago* (last edited 3 weeks ago)

Was CVE-2024-44133 Already Exploited?

After concocting their exploit, Microsoft started scanning customer environments for activity that aligned with what they'd found. On one device, lo and behold, they spotted something quite closely resembling what they were looking for.

It was a program digging into the victim's Chrome configuration settings, adding approval for microphone and camera access to a specific URL. It also did more: gathering user and device information, laying the groundwork for a second-stage payload.

I’m not sure if this article is disingenuous or if I’m just confused… but it states when MS scanned their customers’ environments, they discovered malware making changes to the Chrome config. And the Safari CVE was patched in September. So we don’t have proof of this happening in the wild then?

What’s more, the Safari exploit requires making changes to a protected directory. But no indication of how that is done by just the browser exploit. Did the attackers already have access to the machine? If so, this article is a nothing burger.

[–] rowdyrockets@lemm.ee 5 points 4 weeks ago (1 children)

That wasn't condescending. They are telling you that you are wrong, which you are. It's okay to be wrong - it's how you handle it that matters...

[–] rowdyrockets@lemm.ee 5 points 4 weeks ago (1 children)

Yeah that's what they said. You're the one who said lifetime, which was never true.

[–] rowdyrockets@lemm.ee 7 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

AppleCare still exists. So this is misinformation.

And just as an anecdote, I have not felt like Apple has ever “pulled the rug out” on me and I’m an Apple product consumer. Are you?

[–] rowdyrockets@lemm.ee 104 points 4 weeks ago (4 children)

This article boils down to “man enables feature, is slightly surprised when feature functions.”

[–] rowdyrockets@lemm.ee 19 points 1 month ago (3 children)

That’s not Steve-o from Jackass. That’s just some jackass named Steve-o. Come on man, don’t be like these idiots on twitter just seeing a name and believing it’s that person.

[–] rowdyrockets@lemm.ee 23 points 2 months ago (1 children)

The icon and hover to reveal previous title has been available in the extension for a long while.

[–] rowdyrockets@lemm.ee 3 points 2 months ago* (last edited 2 months ago)

I would have happily put that on a credit card and issued a chargeback while they were still standing there.

[–] rowdyrockets@lemm.ee 2 points 2 months ago* (last edited 2 months ago) (1 children)

While I agree with what others are saying about not using LLMs for fact checking. It is a useful tool to gain context before gathering more research, so I think the downvotes are a bit harsh. I’d recommend using a different LLM - GPT4o had no issues providing me with some context.

[–] rowdyrockets@lemm.ee 6 points 2 months ago

Seems like a good feature for those who’d like it. If this is implemented, please include a toggle to disable seeing display names.

view more: next ›