Autor Bono (Post 3827334)

Koji model fortija vrtis doma? 😀

Sent from my SM-S931B using Tapatalk

Autor medo (Post 3827340)

40F koji uskoro ide u decommision. Stiže 70G :)

Microsoft Teams is about to deal a heavy blow to those who like to work from home for peace and quiet. In a new feature update rolling out December 2025, the platform will track a worker's location using the office Wi-Fi, to see whether you're actually there or not. From a boss' perspective, this would eliminate any of that confusion as to where your team actually is. But for those people who have found their own sanctuary of peaceful productivity by working from home, consider this a warning that Teams is about to tattle on you.

The outage that hit Amazon Web Services and took out vital services worldwide was the result of a single failure that cascaded from system to system within Amazon's sprawling network, according to a post-mortem from company engineers. [...] Amazon said the root cause of the outage was a software bug in software running the DynamoDB DNS management system. The system monitors the stability of load balancers by, among other things, periodically creating new DNS configurations for endpoints within the AWS network. A race condition is an error that makes a process dependent on the timing or sequence events that are variable and outside the developers' control. The result can be unexpected behavior and potentially harmful failures. In this case, the race condition resided in the DNS Enactor, a DynamoDB component that constantly updates domain lookup tables in individual AWS endpoints to optimize load balancing as conditions change. As the enactor operated, it "experienced unusually high delays needing to retry its update on several of the DNS endpoints." While the enactor was playing catch-up, a second DynamoDB component, the DNS Planner, continued to generate new plans. Then, a separate DNS Enactor began to implement them. The timing of these two enactors triggered the race condition, which ended up taking out the entire DynamoDB. [...] The failure caused systems that relied on the DynamoDB in Amazon's US-East-1 regional endpoint to experience errors that prevented them from connecting. Both customer traffic and internal AWS services were affected. The damage resulting from the DynamoDB failure then put a strain on Amazon's EC2 services located in the US-East-1 region. The strain persisted even after DynamoDB was restored, as EC2 in this region worked through a "significant backlog of network state propagations needed to be processed." The engineers went on to say: "While new EC2 instances could be launched successfully, they would not have the necessary network connectivity due to the delays in network state propagation." In turn, the delay in network state propagations spilled over to a network load balancer that AWS services rely on for stability. As a result, AWS customers experienced connection errors from the US-East-1 region. AWS network functions affected included the creating and modifying Redshift clusters, Lambda invocations, and Fargate task launches such as Managed Workflows for Apache Airflow, Outposts lifecycle operations, and the AWS Support Center.

Autor tomek@vz (Post 3827650)

> Techspot

Autor mkey (Post 3827799)

PA ima na jobito onaj frajer koji maltretira Indijske scammere. Pred već barem pola godine je bio složio svoj garažni call centar gdje ti njegovi "AI" botovi dovode indijce do ludila i to uživo. Ne znam koliko je roknuo u hardware, ali mislim da je imao istovremeno 12 linija koje roštaju cijeli dan. Kit Boga, kako li se zove.

Autor Bono (Post 3828317)

EY Data Leak - Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure

A massive 4TB SQL Server backup file belonging to global accounting giant Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure.

The file's naming convention screamed SQL Server backup (.BAK format), which typically contains full database dumps, including schemas, user data, and, crucially, embedded secrets such as API keys, credentials, and authentication tokens.

A simple HEAD request designed by researchers to retrieve metadata without downloading content revealed a massive size: 4 terabytes of data, which is equivalent to millions of documents or the contents of an entire library.

https://cybersecuritynews.com/ey-data-leak/

Sent from my SM-S931B using Tapatalk

NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following "https:" prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser's address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default. An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a "copy link" button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user's integrated applications or logged-in sites like Google Drive, NeuralTrust said.

"This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT's persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user's account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes.... "What makes this exploit uniquely dangerous is that it targets the AI's persistent memory, not just the browser session," Michelle Levy, head of security research at LayerX Security, said. "By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT's memory was tainted, subsequent 'normal' prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards...." LayerX said the problem is exacerbated by ChatGPT Atlas' lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity's Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages.

Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn't malicious code — it's a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation.

Autor OuttaControl (Post 3828680)

https://www.instagram.com/reel/DPHFw...YybGJsdTRsYg==

TLDR
Auto skuplja podatke o voznji, GM ih prodaje data brokeru, data broker ih prodaje osiguranju.
U ovom slucaju covjeku je skocila cijena osiguranja 80% zato jer je imao puno "near crash events at night" crash events at night su bile njegove macke koje izlete pred auto svaku večer jer je dosao kuci. Inace prate kad vozis, koliko vozis, kako vozis, gdje vozis, kako kocis, kako ubrzavas itd. itd.
GM kaze sve pise u terms and conditions :)

Poanta je i kako je on kaznjen, za krive podatke i netocne informacije, tako da nam sljeduje i gore sa AI radnicima, al korporacije nije briga, njima je to profit :)

Autor OuttaControl (Post 3828680)

https://www.instagram.com/reel/DPHFw...YybGJsdTRsYg==

TLDR
Auto skuplja podatke o voznji, GM ih prodaje data brokeru, data broker ih prodaje osiguranju.
U ovom slucaju covjeku je skocila cijena osiguranja 80% zato jer je imao puno "near crash events at night" crash events at night su bile njegove macke koje izlete pred auto svaku večer jer je dosao kuci. Inace prate kad vozis, koliko vozis, kako vozis, gdje vozis, kako kocis, kako ubrzavas itd. itd.
GM kaze sve pise u terms and conditions :)

Poanta je i kako je on kaznjen, za krive podatke i netocne informacije, tako da nam sljeduje i gore sa AI radnicima, al korporacije nije briga, njima je to profit :)

Autor Libertus (Post 3828734)

Upitno da li je istina ili nije, ali svejedno dobar primjer za ove koji "nemaju što skrivati" pa im je svejedno da li im država snima i skenira sve poruke koje primaju i šalju.

Autor Bono (Post 3828739)

A nemojte misliti da je kod nas isto zdravstvo zagarantirano, moglo bi i kod nas biti kao u americi. I kod nas je vec bilo, ako osiguranje sazna da imas rak ne zeli te osigurati, pa sad ti zamisli koliko su im vrijedni ti podaci.

The user, Harishankar, decided to block the telemetry servers' IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after... He sent it to the service center multiple times, wherein the technicians would turn it on and see nothing wrong with the vacuum. When they returned it to him, it would work for a few days and then fail to boot again... [H]e decided to disassemble the thing to determine what killed it and to see if he could get it working again... [He discovered] a GD32F103 microcontroller to manage its plethora of sensors, including Lidar, gyroscopes, and encoders. He created PCB connectors and wrote Python scripts to control them with a computer, presumably to test each piece individually and identify what went wrong. From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware. From this, he looked at its software and operating system, and that's where he discovered the dark truth: his smart vacuum was a security nightmare and a black hole for his personal data. First of all, it's Android Debug Bridge, which gives him full root access to the vacuum, wasn't protected by any kind of password or encryption. The manufacturer added a makeshift security protocol by omitting a crucial file, which caused it to disconnect soon after booting, but Harishankar easily bypassed it. He then discovered that it used Google Cartographer to build a live 3D map of his home. This isn't unusual, by far. After all, it's a smart vacuum, and it needs that data to navigate around his home. However, the concerning thing is that it was sending off all this data to the manufacturer's server. It makes sense for the device to send this data to the manufacturer, as its onboard SoC is nowhere near powerful enough to process all that data. However, it seems that iLife did not clear this with its customers. Furthermore, the engineer made one disturbing discovery — deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life.