This isn’t a new issue. Wolfram alpha has been around for 15 years and can easily handle high school level math problems.

Artists who rips off other great works are still developing their talent and skills. They can then go on to use to make original works. The machine will never produce anything original. It is only capable of mixing together things it has seen in its training set.

There is a very real danger that of ai eviscerating the ability for artists to make a living, making it where very few people will have the financial ability to practice their craft day in and day out, resulting in a dearth of good original art.

Still works for me with a combination of Firefox, uBlock and a VPN. I assume sharing an IP with thousands of other people screws up their detection algorithm.

What? There’s lots of reasons to complain about Microsft, but their legacy support is not one of them. Almost every product they make gets 10 years of support + 3 more if you pay for it. In comparison, Postgres only does 5, MySQL is 8, and Mongo is 3.

It’s mostly the responsibility of the client to build defense in depth. If is a straight shot from your Solarwinds server to your ADFS server, where the SAML signing keys are stored, that’s your fault, not Solarwinds or Microsoft. Well, I would still blame Solarwinds, because they were encouraging horribly insecure practices, like doing “agentless” monitoring using a highly privileged account.

In this case, yes, not letting a SAML assertion signed by the ADFS server authenticate to Azure reduces defense in depth. But if you’re at the point where your authentication servers have been compromised, you’re already so turbo-fucked that it’s very unlikely a wall like that would stop an attacker for long.

USB devices have a hard coded vendor identifier and product identifier built into them that are issued from a central authority. The ones I saw were easily identifiable as not legitimate mice.

Oof, that was painful to read as someone in cybersecurity. I respect ProPublica, but they have no idea what they’re talking about.

The Solarwinds hack was caused by Solarwinds being absolutely god awful at cybersecurity. The password to their update server was “solarwinds123”, which we know because they accidentally published it in a public Github repo. The company is a complete and utter clown show.

As for Golden SAML, almost nobody in cybersecurity would consider it a vulnerability. It’s just a fundamental part of how asymmetric cryptography works. HTTPS suffers from the same issue. If your private key gets stolen and used to forge signatures, the problem is you not properly protecting it, not the technology requiring you to keep it secret.

A more valid complaint is that Microsoft has been neglecting their on-prem software in favor of Azure. There are tons of security features that they’ve added to Azure that will probably never make their way to ADFS or Exchange.

I’ve been the one identifying the people who use jigglers. Usually it was a manager coming to us to look for a reason to fire a poor employee or a contractor trying to bill a suspiciously large number of hours for the work produced. If it was just poor performance, HR would make us do a PIP and waste 3 months on them. Violating security procedures and falsifying time sheets was an immediate termination. And for the contractors, you need evidence in order to refuse payment.

Btw, if you want to get away with it, don’t use a software or USB one. Get one that interfaces with a regular mouse. Modern cybersecurity software logs every process executed and device connected.

If you click other versions, there are installers without the adware.

Before SHAKEN/STIR was implemented, they probably would have gotten away with it. Hell, they probably did get away with it.

The main difference that makes this worse is that they can get persistence and maintain access even if the user resets their password (i.e. revoke session tokens). Hackers are usually limited to the fairly short lifetime of the session token (usually a few hours).

“If you can convince the lowest white man he’s better than the best colored man, he won’t notice you’re picking his pocket. Hell, give him somebody to look down on, and he’ll empty his pockets for you.”

-LBJ

Yeah, it’s quite ballsy of them to do this when they haven’t released anything good in several years.

More like they took on a shitload of very low interest debt back when the fed rate was 0%. Now that the fed rate is 5.5%, they can’t just roll over the loans and have to start paying them back.

Sure, but how is that going to make more money for rich people?

That’s just because Edge is integrated with O365 and can pass device compliance information. There’s actually a plugin to enable Chrome to do the same thing, but nothing yet for Firefox.