@amolith

Some Relief for Test Anxiety Is Found in an Unusual Treatment

"After the two-week intervention, however, the placebo group showed a significant reduction in test anxiety, along with significant improvement in self-management skills."

scientificamerican.com/article

Time to get some pill shaped candy and label them For Anxiety Relief. I wonder if that works for filing taxes.

Nextcry post mortem. It was the php/Nginx vulnerability.

Nextcry or how a hacker tried to exploit a NGINX issue with 2 Nextcloud servers out of 300.000 hit and no payout

nextcloud.com/blog/nextcry-or-

It's been fixed since July, but still...

Google, Samsung Camera App Bug Lets Other Apps Record Video, Take Pictures

If you have it, update it.

bleepingcomputer.com/news/secu

Xantulon boosted

In order to secure your #Nextcloud from the #NextCry attack, you should keep all writable data on a volume that is mounted with `noexec`. Of course you should also make sure you have your setup up-to-date and check the current security best-practices for nextcloud.

Finally you should also make sure you have very regular backups of your data, don't consider synchronized data as backup.

#infosec #tips #security #linux

Something to keep an eye on.

New NextCry Ransomware Encrypts Data on NextCloud Linux Servers

"A representative from Nextcloud told BleepingComputer that they are currently investigating the incidents and will provide more information as it becomes available."

bleepingcomputer.com/news/secu

Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

"As a proof-of-concept (code on GitHub), researchers tested and managed to recover 256-bit ECDSA and ECSchnorr private keys by collecting signature timing data with and without administrative privileges."

thehackernews.com/2019/11/tpm-

AI Doesn't Actually Exist Yet

"So if it isn’t AI, what technologies are businesses using today?

For many, it’s automation. Organizations are using processes that have existed for decades but have been carried out by people in longhand (such as entering information into books) or in spreadsheets."

"Some businesses today are using machine learning, though just a few. [...] With these tools, machines figure out how to improve their own results over time."

blogs.scientificamerican.com/o

Add Another Animal to the List of Tool Users: Pigs

scientificamerican.com/article

"[...] establishing Priscilla as the least dominant female. This result is significant because in other species, it is usually not the dominant members who are credited with innovation. Across observations, [...] she can be credited with first using the bark and sticks as tools, a behavior that was then social transmitted to the other family members."

Xantulon boosted

This article about Google's project to store and analyze millions of Americans' health care data confirms my suspicions about the Fitbit acquisition.

Many people who don't care about mass data collection because "I've got nothing to hide" change their tune when it's health care data. #privacy

wsj.com/articles/google-s-secr

Xantulon boosted

With the redirection of my podcast shifting towards more coverage of , and for beginners. And the recent start up of another podcast with virtually the same name. Im considering rebranding my podcast to "Control" with a slogan of "Keeping control of your data and privacy for dummies."
Should I do it or keep The Self Hosted Podcast?
**BOOSTS ARE VERY MUCH APPRECIATED**

Xantulon boosted

What if the constant rise and fall of chat applications, web sites, forums, wikis, content management systems, social media sites from Google+ to Facebook to MySpace, Twitter and Mastodon – what if this constant churn was something the people in power actually liked? It disrupts our social ties, makes us start again from scratch, distracts us from organizing out there under the blue sky. Account migration, nomadic identities, federation: these are very important pieces to break the cycle.

Funny how virtual reality sort of fell off the face of the earth when Google stopped pushing it. And $500 smart watches, and fully autonomous cars, and light gray on white user interfaces...

Google open sources Cardboard so developers can build educative VR experiences in their apps

xda-developers.com/google-open

thehackernews.com/2019/11/ring

"Entering into the configuration mode turns on a built-in, unprotected wireless access point,[...] the initial communication between the Ring app and the doorbell,[...], is performed insecurely through plain HTTP."

It's just once on setup, BUT

"by continuously sending de-authentication messages to the device, an attacker can trick the user into believing that the device is malfunctioning"

And they monitor while you reset it

What?

Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light

'According to the researchers, these attacks can be mounted "easily and cheaply," using a simple laser pointer (under $20), a laser driver ($339), and a sound amplifier ($28). For their set up, they also used a telephoto lens ($199.95) to focus the laser for long-range attacks.' And it works through windows. From at least 230 feet away.

thehackernews.com/2019/11/hack

Google officially acquires Fitbit for $2.1 billion

' Fitbit says it’s “health and wellness data will not be used for Google ads,” but naturally people will still be concerned.'

And Google doesn't just collect data for ads, they also have all those ai algorithms to train, and ads aren't the only way to monitize your (health) data.

xda-developers.com/google-offi

If for some reason you use Chrome:

New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now!

"Thus, both flaws could enable remote attackers to gain privileges on the Chrome web browser just by convincing targeted users into visiting a malicious website, allowing them to escape sandbox protections and run arbitrary malicious code on the targeted systems."

thehackernews.com/2019/11/chro

Wow can these guys spin words.

Facebook Vows Strict Privacy Safeguards as it Rolls Out Preventive-Health Tool

"The company vowed not to share the data generated through the tool with third parties."

Wait for it...

"[...]though they might see targeted ads if they click through to another website or navigate away to like the page of a health care organization."

scientificamerican.com/article

This Video Watches You Back
Stealing Ur Feelings sounds an alarm about how companies could use emotion-recognition technology
(Hint: companies already have patents for it.)
stealingurfeelin.gs/

From scientificamerican.com/article

"Dear GitLab User,"
"Starting with GitLab 12.4, existing customers who use our proprietary products (that is, GitLab.com and the Enterprise Edition of our self-managed offerings) may notice additional Javascript snippets that will interact with GitLab and/or third-party SaaS telemetry service (such as Pendo)."

I'm glad I have Gitea up and running. Time for some house cleaning.

Show more
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!