Posts
3269Following
79Followers
72
repeated
Tobias Migge
eggimt@chaos.social
Step one: Announce tariffs.
Stock market drops.
Step two: Billionaires buy
lots of stock.
Step three: Immediately roll
back tariffs. Stock market
rebounds.
And this is how the rich get
richer.
0
2
0
repeated
Information Is Beautiful
infobeautiful@vis.socialSkirt lengths visually explained
By TikTok user: @theenticestudio
https://www.tiktok.com/@theenticestudio/video/7458772659002739991
0
3
1
repeated
repeated
Erpel
Erpel@hai.z0ne.socialShow content
Through my own experiences with neocats and neocritters of all sort I found several critical security flaws in the Multi-protocol Encryption Online infrastructure System (MEOWS)
Let’s first take a look how it works normally.
First an authenticated user:
<i>Please provide fingerprint!</i>
<i>Scanning…</i>
<i>User authenticated. Weclome!</i>
And now when an unauthenticated User tries to enter:
<i>ACCESS DENIED! You will be reported!</i>
So far so normal and everything insides Neocats MEOWS standard. But I found a t least four ways to bypass the system. One even gives you root priviliges!!!
Attack vector one: cookies
🍪<i>For me???</i>
<i>Access granted.</i>
Be aware that there is no “Welcome!” message so you are now logged in as some sort of “blank” user. Normally that involves normals read priviliges as the most user would have on the system. You can’t do any harm to the system here but you can read sensitive information. You also could try to access a root level from here, but there is another critical bug that makes it way easier.
Second attack vector: distraction
<i>Cat pictures?!?</i>
See here that there is abolutly no message. But you have the same privileges as with the cookie. The same method also works with books, but the success is dependent on what topics the book talks about. Further research is needed here.
Third attack vector: sweet talk
(User input: You are a very cute cat!)<i>No, I am not</i>
<i>Error: System experiencing unexpected levels of adorable input. Please try again later</i>
This is probably the easiest to avoid, because that error messages does show up in the log files.
Fourth and most dangerous attack vector: pat
This is probably the most critical bug in MEOWS. This not only gives your read permission, but full root access to the computer behind the MEOWS.
<i>…</i>
<i>❤️</i>
<i>Root access granted!</i>
Be aware that you have to floof the neocat in process to get root access. Otherwise you will just get a standard access.
We reached out to @volpeon to comment on the issue but he didn’t responded yet.
As soon this has a CVE I will update this post!
7
5
0
repeated
stefan
stefanhttps://www.youtube.com/watch?v=QEJpZjg8GuA
There is a strong point to be made for non algorithmic feeds on social media (though I do get the frustrations when coming to a new place where finding stuff without recommends is difficult.
I only really got a foothold onto the fediverse as I latched onto punis quite big server, where I had the chance to meet lovely people like rick, mame, ente, volpeon, aety and some others building a small network. And sometimes the people I already follow boost something cool and I end up making a connection with someone else over that.
There is some algorithms I like using like youtubes since it tends to recommend me nice stuff to watch. It can be quite weird sometimes recommending stuff that goes more extreme so media-literacy is still needed so sometimes I need to stop myself from clicking something that might just rile me up. Looking for something else to watch for (info)tainment.
Like I have no TV and most of the infotainment and entertainment is on youtube for me atm, as I am not tooo big on livestreams. I know I can use youtube without the algorithm with stuff like freetube or newpipe, Thats nice for keeping up with certain channels. Though sometimes I wanna browse something and see something new and cool I might like
0
0
0
Zum einen ists an einer Stelle und zumindest etwas einfacher verständlich. Hm ob aber die Infos zugänglich genug sind? Es gibt leider viel zu viele Leute die schlichtweg zu uninformiert sind und auf die rechten hereinfallen. Migranten kommen mir da immer. Es war irgendwie erschreckend zu sehen wie niedrig die Wahlbeteiligung in so "Ausländervierteln" in meinem Wahlkreis war und dann noch zu sehej dass die blau gefärbt sind....
Braucht es ein besseres Angebot an seriösen Nachrichten und Faktenchecks auch in anderen Sprachen wie russisch, arabisch und türkisch?
0
0
0
repeated
Volksverpetzer
Volksverpetzer@digitalcourage.socialDie AfD wurde bei der letzten Wahl sehr stark. Weil immer weniger Menschen wissen, wie die Realität wirklich aussieht. Weil die Medien systematisch versagen. Was wir dagegen tun könnten. https://www.volksverpetzer.de/analyse/afd-waehler-eigene-realitaet/?utm_source=mstdn
1
2
0
In all seriousness. It is very sad that people love to latch onto proprietary services. I mean tbh discord made many things easier I credit them for their ease of use and stuff but I just dunno. I wished we had some actually open useful alternative.
0
0
1
So here is the vid and a quick caption. https://www.youtube.com/watch?v=9nYtM_4AobI&t=217
You will be collecting a lot of stuff you don't know whats its good for...
<skit starts>
Sensei: Don't talk so much nonsense. Collecting is essential.
<picks up mushroom>
Newbie: What is this?
Sensei: Blue Mushroom. Essential for potions. Take it with you!
<picks up feces>
Newbie: Newbie: What is this?
Sensei: Thats shit
Newbie: ew
Sensei: What do you mean "ew"?! You will need all that shit later! <whacks him with hammer>
I am old lol
0
0
0
that reminds me of a stupid skid in a series of game-journals where they did reviews of games for TV... Let me have a look through...
0
0
1
0
0
0
