I had a secondary Gmail account with a really nice short nickname (from the early invite/alpha days), forwarded to another of my mailboxes. It had a weak password, leaked as part of one of the many database leaks.

Eventually I noticed some dude in Brazil started using my Gmail, and he changed the password — but I still got a copy of everything he did through the forwarding rule. I caught him bragging to a friend on how he cracked hashes and stole and sold email accounts and user details in bulk.

He used my account as his main email account. Over the years I saw more and more personal details getting through. Eventually I received a mail with a plaintext password... which he also used for a PayPal account, coupled to a Mastercard.

I used a local website to send him a giant expensive bouquet of flowers with a box of chocolates, using his own PayPal and the default shipping address.

I included a card:

"Congratulations on acquiring my Gmail account, even if I'm 7 years late. Thanks for letting me be such an integral part of your life, for letting me know who you are, what you buy, how much you earn, who your family and friends are and where you live. I've surprised your mother with a cruise ticket as you mentioned on Facebook how sorry you were that you forgot her birthday and couldn't buy her a nice present. She seems like a lovely woman. I've also made a $1000 donation in your name to the EFF, to celebrate our distant friendship"

Ghostery just leaked all of their users email addresses in their GDPR compliance email.

Someday my toaster is going to have an IP address. A bad automatic firmware update will most likely cause it to get stuck on the bagel setting until I plug a usb key in and reflash the memory.

Grandma's refrigerator will probably get viruses, lock itself and freeze all the food inside, demanding bitcoin before defrosting.

My blender will probably be used in a massive DDoS attack because Ninja's master MAC address list got leaked and the hidden control panel login is admin/admin.

Ovens will burn houses down when people call in to have them preheat on their way home from work.

Correlations between the number of times the lights are turned on and how many times the toilet is flushed will yield recommendations to run the dishwasher on Thursdays because it's simply more energy efficient.

My dog will tweet when he's hungry and my smart watch will recommend diet dog food in real-time because he's really been eating too much lately--"Do you want to setup a recurring order on Amazon fresh?"

Sometimes living in a cave sounds nice...

Leaked Screenshot of Microsoft's LinkedIn 😀😀
Source : Reddit

Storytime!

Manager: Hey fullstackchris, the maps widget on our app stopped working recently...

Dev: (Skeptical, little did he know) Sigh... probably didn't raise quota or something stupid... Logs on to google cloud console to check it out...

Google Dashboard: Your bill.... $5,197 (!!!!!!) Payment method declined (you think?!)

Dev: 😱 WTF!?!?!! (Calls managers) Uh, we have HUGE problem, charges for $5000+ in our google account, did you guys remove the quota limits or not see any limit reached warnings!?

Managers: Uh, we didn't even know that an API could cost money, besides, we never check that email account!

Dev: 🤦‍♂️ yeah obviously you get charged, especially when there have literally been millions of requests. Anyway, the bigger question is where or how our key got leaked. Somewhat started hammering one of the google APIs with one of our keys (Proceeds to hunt for usages of said API key in the codebase)

Dev: (sweating 😰) did I expose an API key somewhere? Man, I hope it's not my fault...

Terminal: grep results in, CMS codebase!

Dev: ah, what do we have here, app.config, seems fine.... wait, why did they expose it to a PUBLIC endpoint?!

Long story short:

The previous consulting goons put our Angular CMS JSON config on a publicly accessible endpoint.

WITH A GOOGLE MAPS API KEY.

JUST CHILLING IN PLAINTEXT.

Though I'm relieved it wasn't my fault, my faith in humanity is still somewhat diminished. 🤷‍♂️

Oh, and it's only Monday. 😎

Cheers!

Leaked image of an NSA implant 👍😁

Navy story continued.
And continuing from the arp poisoning and boredom, I started scanning the network...
So I found plenty of WinXP computers, even some Win2k servers (I shit you not, the year was 201X) I decided to play around with merasploit a bit. I mean, this had to be a secure net, right?
Like hell it was.
Among the select douchebags I arp poisoned was a senior officer that had a VERY high idea for himself, and also believed he was tech-savvy. Now that, is a combination that is the red cloth for assholes like me. But I had to be more careful, as news of the network outage leaked, and rumours of "that guy" went amok, but because the whole sysadmin thing was on the shoulders of one guy, none could track it to me in explicit way. Not that i cared, actually, when I am pissed I act with all the subtleness of an atom bomb on steroids.
So, after some scanning and arp poisoning (changing the source MAC address this time) I said...
"Let's try this common exploit, it supposedly shouldn't work, there have been notifications about it, I've read them." Oh boy, was I in for a treat. 12 meterpreter sessions. FUCKING 12. The academy's online printer had no authentication, so I took the liberty of printing a few pages of ASCII jolly rogers (cute stuff, I know, but I was still in ITSec puberty) and decided to fuck around with the other PCs. One thing I found out is that some professors' PCs had the extreme password of 1234. Serious security, that was. Had I known earlier, I could have skipped a TON of pointless memorising...
Anyway, I was running amok the entire network, the sysad never had a chance on that, and he seemed preoccupied with EVERYTHING ELSE besides monitoring the net, like fixing (replacing) the keyboard for the commander's secretary, so...
BTW, most PCs had antivirus, but SO out of date that I didn't even need to encode the payload or do any other trick. An LDAP server was open, and the hashed admin password was the name of his wife. Go figure.
I looked at a WinXP laptop with a weird name, and fired my trusty ms08_067 on it. Passowrd: "aaw". I seriously thought that Ophcrack was broken, but I confirmed it. WTF? I started looking into the files... nothing too suspicious... wait a min, this guy is supposed to work, why his browser is showing porn?
Looking at the ""Deleted"" files (hah!) I fount a TON of documents with "SECRET" in them. Curious...
Decided to download everything, like the asshole I am, and restart his PC, AND to leave him with another desktop wallpaper and a text message. Thinking that he took the hint, I told the sysadmin about the vulnerable PCs and went to class...
In the middle of the class (I think it was anti-air warfare or anti-submarine warfare) the sysad burst through the door shouting "Stop it, that's the second-in-command's PC!".
Stunned silence. Even the professor (who was an officer). God, that was awkward. So, to make things MORE awkward (like the asshole I am) I burned every document to a DVD and the next day I took the sysad and went to the second-in-command of the academy.
Surprisingly he took the whole thing in quite the easygoing fashion. I half-expected court martial or at least a good yelling, but no. Anyway, after our conversation I cornered the sysad and barraged him with some tons of security holes, needed upgrades and settings etc. I still don't know if he managed to patch everything (I left him a detailed report) because, as I've written before, budget constraints in the military are the stuff of nightmares. Still, after that, oddly, most people wouldn't even talk to me.
God, that was a nice period of my life, not having to pretend to be interested about sports and TV shows. It would be almost like a story from highschool (if our highschool had such things as a network back then - yes, I am old).
Your stories?

In the bottom left corner of the picture there is a devRant guy with a 3 monitor setup...

However 2 monitors are the biggest multi monitor setup you can select...

*puts tinfoil hat on*

Have I just leaked the next big devRant update?

At my old job, me and a colleague were tasked with designing a new backup system. It had integrations for database systems, remote file storage and other goodies.
Once we were done, we ran our tests, and sure enough. The files and folder from A were in fact present at B and properly encrypted. So we deployed it.
The next day, after the backup routine had run over night, I got to work and noone was able to log in. They were all puzzled.
I accessed a root account to find the issue. Apparantly, we had made a mistake!
All files on A were present at B... But they were no longer present at A.
We had issued 'move' instead of 'copy' on all the backups. So all of peoples files and even the shared drives have had everything moved to remote storage :D
We spent 4 hours getting everything back in place, starting with the files of the people who were in the office that day.
Boss took it pretty well at least, but not my proudest moment.

*Stay tuned for the story of how I accidentally leaked our Amazon Web Services API key on stack overflow*

/facepalm

Apple asked it's employees not to leak information in a memo. Guess what? The memo got leaked. Lol

Windows 10 source code apparently leaked!

The main.c file is short tho and unchanged since 95(it's just run in parallel) so I'mma just paste it here:

void WinMain(int nCmdArgs){
static int userDisgust = 5; //he/she booted up Win10 so 5 to begin with

Time time = Time.time;
while(!crashed){
Time time2 = Time.time;
if(time + 3600 < time2){
ApplyUpdate();
sleep(500000); //users can stretch, have a tea and overall be healthier, happier and better part of society
if(restartNecessary){
Restart();
}
Restart(); // just in case
}
SendUserData();
SendMoreUserData();

for(int i = 1; i < 99+1; i++){
RunUserApps();
UninstallUnnecessaryApps(); // keeps blacklist of apps that John and I don't like
AnnoyUser(); // added a function that slows the computer down significantly and reduces lifespan of the hardware so it's not just a short term gain
if(shouldRepeat){
//break; -- this caused some issue in one special case and we don't know why so we'll just omit it and add a fancy button elsewhere
}
userDisgust++;
}
if(userDisgust >= 2147483647) { //mission finished
Crash();
crashed = true;
}
}
String error = Windows.GetFullErrorMessage();
error.cat(Windows.GetRegistersDump());
error.cat(Windows.GetErrorCode());
error.cat(Windows.GetStackTrace());

error.erase(); // so that it doesn't occupy any space and allows the error to be resolved more quickly, release major optimization Update
BSOD(_T("We're sorry :/"));
}

(L)user tried to impress the IT staff (myself included) by installing a few of the NSA leaked tools last night, (l)user was infected with ransomware... (l)user is now job hunting. 👌🏽

The leaked Windows XP source doesn’t have the Space Cadet source...

Sad.

Fucking shit fuck! Absolute cunty-chops of a Work phone just went off at 3am because our directory has clearly been leaked.

This cunt right here is on 24/7 fallout so I can nae silence the bastard. It’s going inte do not disturb for the evening now but.

About 6 months to a year ago we started getting nuisance calls on the cunts. On floated numbers that seem geographically close.

Work have done fuck all in this time, because considering changing ours is a pain in the dick, and costs.

But tonight at 3am I got another; call, immediate hang up on redial.

This wee iPhone prick is looking at me like “ho! Got ya ye fucker”... it’s lucky it’s not been punted out the winde where it belongs. Little fucking prick.

If I look like shit tomorrow at the office, if any prick decides to mention I look tired, I’m gonnae tear the ballbags a new hole between their baws and their arse.

It’s now 4am, sorry fe the language, my Glaswegian heritage shines through at this time in the morning.

I don't think I could give the best advice on this since I don't follow all the best practices (lack of knowledge, mostly) but fuck it;

- learn how to use search engines. And no, not specifically Google because I don't want to drag kids into the use of mass surveillance networks and I neither want to promote them (even if they already use it).
- try not to give up too easily. This is one I'm still profiting from (I'm a stubborn motherfucker)
- start with open source technologies. Not just "because open source" but because open source, in general, gives one the ability to hack around and explore and learn more!
- Try to program securely and with privacy in mind (the less data you save, the less can be abused, compromised, leaked, etc)
- don't be afraid to ask questions
-enjoy it!

i just started learning about networking by sending a packet saying "emoji movie leaked footage" from my laptop to my desktop

for some reason, the fact that i can have two computers interact fills me with some kind of inexplicable joy

Earlier I signed up on this forum called NulledBB. Basically some hacker skiddie forum that had a dump of an archive I wanted, unfortunately behind a paywall which I didn't want to bother with.

On signup I noticed that I couldn't use my domain as an email address, as I usually do (the domain is a catch-all which means that mail addresses can be made up for each service I sign up to on the fly, super useful). They did expose the regex that they accepted email as however, which included something along the lines of "@live.*".

So I figured, why not register a subdomain live.nixmagic.com real quick and put that into the mail servers? Didn't take too long and that's what I eventually went with, and registered as somepissedoffsysop@live.nixmagic.com (which I have no trouble putting on a public forum as you'll see in a minute).

Still didn't manage to get that archive I wanted but I figured, fuck it. It's a throwaway account anyway. But eventually that email address started to receive spam. Stupid motherfucker of a forum operator with his Kali skidmachine probably leaked it.

Usually I just blacklist the email address in SpamAssassin by adding an additional spam score of 100 to email sent to such addresses. But in that case it didn't even sit on the main domain, thanks to that stupid regex block from earlier... 😏

*Logs into my domain admin panel*
*Le rm on the live.nixmagic.com record*

Null routed entirely.. nulled, if you will! 🙃

MAINTENANCE OF STACKOVERFLOW PLANNED
SHARE TO YOUR NEAREST DEV FRIENDS

Stackoverflow and its relative partners will be closed for two days due to maintenance, new design, and moving server infrastructure from United States to 1km below the Switzerland Alps for extra layers of security. This decision was made by the recent CloudFlare data leak.
Now our servers will be able to handle data leaks because even though the data was leaked, it will fill the empty places in the rocks resulting inaccessible from attackers.
Stackoverflow and its relative partners' maintenance estimated time is February 29 - 30. We will try to finish as fast as possible and bring you guys the best experience. If the maintenance delayes, we will tweet via @StackStatus or post details in our status blog.
Thank you for your support and have a happy day.
Best regards,
Stack Exchange team

Some of the penguin's finest insults (Some are by me, some are by others):

Disclaimer: We all make mistakes and I typically don't give people that kind of treatment, but sometimes, when someone is really thick, arrogant or just plain stupid, the aid of the verbal sledgehammer is neccessary.

"Yeah, you do that. And once you fucked it up, you'll go get me a coffee while I fix your shit again."

"Don't add me on Facebook or anything... Because if any of your shitty code is leaked, ever, I want to be able to plausibly deny knowing you instead of doing Seppuku."

"Yep, and that's the point where some dumbass script kiddie will come, see your fuckup and turn your nice little shop into a less nice but probably rather popular porn/phishing/malware source. I'll keep some of it for you if it's good."

"I really love working with professionals. But what the fuck are YOU doing here?"

"I have NO idea what your code intended to do - but that's the first time I saw RCE and SQLi in the same piece of SHIT! Thanks for saving me the hassle."

"If you think XSS is a feature, maybe you should be cleaning our shitter instead of writing our code?"

"Dude, do I look like I have blue hair, overweight and a tumblr account? If you want someone who'd rather lie to your face than insult you, go see HR or the catholics or something."

"The only reason for me NOT to support you getting fired would be if I was getting paid per bug found!"

"Go fdisk yourself!"

"You know, I doubt the one braincell you have can ping localhost and get a response." (That one's inspired by the BOFH).

"I say we move you to the blockchain. I'd volunteer to do the cutting." (A marketing dweeb suggested to move all our (confidential) customer data to the "blockchain").

"Look, I don't say you suck as a developer, but if you were this competent as a gardener, I'd be the first one to give you a hedgetrimmer and some space and just let evolution do its thing."

"Yeah, go fetch me a unicorn while you're chasing pink elephants."

"Can you please get as high as you were when this time estimate come up? I'd love to see you overdose."

"Fuck you all, I'm a creationist from now on. This guy's so dumb, there's literally no explanation how he could evolve. Sorry Darwin."

"You know, just ignore the bloodstain that I'll put on the wall by banging my head against it once you're gone."

i rant that i live in a dictatorship with an idiot president who bans whatsapp and facebook to prevent protests (in reaction to having arrested opposition party members of parliament), and github (yes, github) to prevent the spread of a minister's leaked e-mails. now the government is seriously considering shutting down vpn services to prevent by-passing the bans.

on the other hand, it's a nice time and place to continue ms studies on ad-hoc networks - that is of course if i can avoid being arrested or killed before i even start my thesis.

TL;DR
This works: email+rant@domain.com

Spam filtering protip:

Did you know that the email spec allows you to use youremail+something@domain.com and the emails still come to you. This is especially useful when registering to a lot of places where you are not sure whether they will spam you or not. Filtering will be easy because you have a unique email address for each service. Also you can find out which service leaked your email address to spammers.

Additionally if you want to register to a service with two accounts but still want to use the same email, you can do this easily by adding +whatever in your email address.

So apparently, there's a "leaked" recording of the AWS CEO telling software devs to stop coding and be prepared for the day when "AI takes over software development."

Can someone point me in the direction of the AWS Headquarters?

*cocks shotgun*

I just wanna talk

Apparently, this is a leaked image of the new Edge.

We've never seen this before lmao

While busy writing code, hardest discussion is should I go and pee or wait till a bit of pee is leaked in my underwear.

Am I the only one who doesn't understand apple card? Like really, it's just the worst pitch ever!

"Apple card. Made by apple. Not a bank" that's a REAL ad I saw today. Why would you trust APPLE more than an FDIC insured bank with decades or (in some select cases) CENTURIES of experience in finance?

"No more card numbers and CVV"
Cool. I get it. Card numbers get leaked and stolen. But that's why banks insure cards and reverse fradulant transactions. How an I'm supposed to use it on Amazon?! I'm sure they have an answer. Like maybe one time use generated cards. But they haven't advertised it yet, and that's a problem!

Why do they think people want this!? And even more so, because I've seen some people are excited: WHY DO PEOPLE WANT THIS?! why is apple trying to make everything?!

"Let‘s make a service where the users can enter all of their secrets and sensitive data so that we can warn them if that data has been leaked elsewhere"

What could possibly go wrong?

So at the old job, i needed support for an issue relating to Amazon S3. We used a third party Python plugin for sending files to our buckets, but had some pretty severe performance issues when trying a 2-way sync.
Naturally, I sought help on StackOverflow, and was asked to share my config. Without much thought, I pasted the config file.
Next comment made me aware that our API id and key was listed in this config (pretty rediculous to keep such private info in the same file as configuration, but oh well).
I edited my question and removed the keys, and did not think about the fact that revisions are stored.

Two weeks later, my boss asks me if I know why the Amazon bill is for 25.000$ when it used to be <100$ 😳

I've never been so scared in my life. Luckily, Amazon was nice enough to waive the entire fee, and I leaned a little about protecting vital information

ChatGPT implementation details leaked !!!

This explains everything:
- slow response typing
- occasional nonsensical answers and factual mistakes
- delays before answering
- sudden and random network errors
- "servers" over-capacity
- responses with an Indian accent

Oh noes... My password on localhost:8080 has been leaked :( what to do.. what to doooo..... :(((

Oh FFS google! Get yourself together!

Regarding Article 13 (or 17 or wherever it moved to now)… Let's say that the UK politicians decide to be dicks and approve the law. After that, we need to get it engineered in, right? Let's talk a bit about how.. well, I'd maybe go over it. Been thinking about it a bit in the shower earlier, so.. yeah.

So, fancy image recognition or text recognition from articles scattered all over the internet, I think we can all agree.. that's infeasible. Even more so, during this lobby with GitHub and OpenForum Europe, guy from GitHub actually made a very valid point. Now for starters, copyright infringement isn't an issue on the platform GitHub that pretty much breathes collaboration. But in the case of I-Boot for example, that thing from Apple that got leaked earlier. If that would get preemptively blocked.. well there's no public source code for it to get compared against to begin with, right? So it's not just "scattered all over the internet, good luck crawling it", it's nowhere to be found *at all*.

So content filtering.. yeah. Nope, ain't gonna happen. Keep trying with that, EU politicians.

But let's say that I am a content creator who hates the cancer of joke/meme because more often than not it manifests itself as a clone of r/programmerhumor.. someone decides to freeboot my content. So I go out, look for it, find it. Facebook and the likes, make it easier to find it in the first place, you dicks. It's extremely hard to find your content there.

So Facebook implements a way to find that content a bit easier maybe. Me being the content creator finds it.. oh blimey! It can't be.. it's the king of freebooting on Facebook, SoFlo! Who would've thought?! So at that point.. I'd like to get it removed of course. Report it as copyright infringement? Of course. Again Facebook you dicks, don't make it so tedious to fill in that bloody report. And look into it quickly! The videos those SoFlo dicks post is only relevant in the first 48h or so. That's where they make the most money. So act more quickly.

So the report is filled, video's taken down.. what else? Maybe temporarily make them unable to post as a bit of a punishment so that they won't do it again? And put in a limit to the amount of reports they can receive. Finally, maybe reroute the revenue stream to the original content creator instead. That way stolen content suddenly becomes free exposure! Awesome!

*suddenly realizes that I've been talking about the YouTube copyright strike system all along*

… Well.. maybe something like that then? That shouldn't be too hard to implement, and on YouTube at least it seems to be quite effective. Just imagine SoFlo and the likes that are repeat offenders, every 3 posts they get their account and page shut down. Good luck growing an audience that way. And good luck making new accounts all the time to start with.. account verification technology is pretty good these days. Speaking of experience here, tried bypassing Facebook's signup hoops a fair bit and learned a bit about some of the things they have red flags on, hehe.

But yeah, something like that maybe for social media in general. And.. let's face it, the biggest one that would get hurt by something like this would be Facebook. And personally I think it's about time for that bastard company to get a couple of blows already.

What are your thoughts on this?

I don't understand how is possible that programmers today are developing applications that are storing plain password in the database.

I know it's kinda boring topic since everybody here is talking about it this week, but it's really confusing to me.

Every now and then some DB gets hacked, millions of passwords are leaked and then you have developers, who should be smart and logical people, who decide to do that.

Ok, maybe the project deadline was close or something similar, but I think there is no excuse for something like that. No matter how close or behind deadline project is, you should always be able to explain to your boss/client what could happen.

My friend recently tried to install apt on fedora 🤦‍♂️
Some how this created a zombie process And used a ton of the ram and the ram usage leaked out of the VM and into the host server
And I had to explain to him why a package manager meant for a system with dpkg will not work on one that uses rpm

So I bought a gaming laptop a while back, and Cyberpunk 2077 binaries got leaked a few days ago... So I wanted to play it, kinda. It looks really good from the screenshots. Friend asks me "what CPU / GPU do you have"?

My gaming laptop is a Y700 so an i7-6700HQ and a GTX 960M. Turns out that even at low settings this thing probably won't pull even 30 FPS.

So even with a gaming laptop, you don't get to do any gaming. 10/10 would buy again! I'll enjoy Super Mario because imagine caring about gameplay rather than stunning graphics that you need tomorrow's hardware for, and buy it yesterday! And have it already obsolete today.

Long story short, I kinda hate the gaming scene. I'm not a gamer either by any means. Even this laptop just runs Linux and I bought it mostly because some of its hardware is better than my x220's. Are gamers expected to spring the money for the latest and greatest nugget every other month? When such a CPU and GPU alone would already cost most people's entire monthly wage?

What's the point of having a game that nobody can play? Even my friends' desktop hardware which is quite a bit better still - it only pulls 45 FPS according to him. Seriously, what's the point?

Running WireShark to see what one of our partners is sending across.

Outdated TLS: Ok, that's par for the course.
Leaking data through DNS queries: ButWhy.jpg
Website leaked through DNS doesn't require auth to view information. TableFlip.jpg

My doctor's office logs into their computers using the Administrator user. 🤔Pretty sure that's how patient info gets leaked.

I just woke up this morning to an email saying that someone from chile logged into my instagram account and I'm not actually what set me of the most.

The fact that my password was leaked, the fact I literally never got notified that I had a Instagram account I never wanted or the you have to disable most privacy settings, just to reset your password.

Like holy fuck, I disabled all options I could find on firefox concerning privacy/tracking and it still tells me I should disable some privacy settings.
So I enabled chrome again (fucking system app) and it worked on first try. Just as expected...

Anyway, fuck instagram and thank you dear hacker for telling me that I had a worthless to delete.

Intel is dying right now tbh. I hope the can get back on their feet but as of right now, chaos. They have had multiple ceo changes within 1 year and their current is a horrible leader. They have been really wasteful with their money (like buying McAfee...) And the inly reason they are leading in the CPU market, Tick Tock, is failing. It used to be Process - Architecture. Now intel has announced they are not changing the process for 8th gen, currently it's Process - Architecture - Optimize - Optimize - Optimize. Which is not good. It has been leaked that Intel is currently just hoping for AMD Ryzen to fail, let's face it, Ryzen seems really promising and might be the comeback AMD needs.

TLDR; Intel is a one trick pony and their one trick is failing. They have been really wasteful with their money and their current hope is that Ryzen fails.

I have an Intel CPU in my system and i find them to be better than AMD, but the tables might turn.

Application for advanced leaked information research

***ILLEGAL***
so its IPL(cricket) season in india, there is a OTT service called hotstar (its like netflix of india), the cricket streams exclusively on hotstar..
so a quick google search reveals literally thousands of emails & passwords, found a pastebin containing 500 emails&passwords ...but those are leaked last year most of passwords are changed & many of them enabled 2FA.. after looking through them we can find some passwords are similar to their emails , some contains birth year like 1975,1997 etc, some passwords end with 123 ..so after trying a few different versions of the passwords like
1) password123 -> password@123, password1234
2) passwordyear -> password@year
2) for passwords similar to emails, we can add 123 ,1234, @ etc
created a quick python script for sending login requests

so after like 30-40 mins of work, i have 7 working accounts

*for those who have basic idea of security practices you can skip this part

lessons learnt
1) enable 2FA
2) use strong passwords, if you change your password , new password should be very different from the old one

there are several thousands of leaked plaintext passwords for services like netflix,spotify, hulu etc, are easily available using simple google search,
after looking through & analysing thousands of them you can find many common passwords , common patterns
they may not be as obvious as password ,password123 but they are easily guessable.
mainly this is because these type of entertainment services are used by the average joe, they dont care about strong passwords, 2FA etc

I am not sure if devrant is the best place to post this so sorry if it is not.

How far do employers/recruiters go when searching online information about their applicants?

Do they simply check your fb? simple google search your name? advanced queries with multiple search engines? data gathering software like maltego? or really check and link leaked db dumps and pastebins?

If anyone has any knowledge or experience with this I would love to hear.

Thanks in advance

lol

I had weird apple charges on my credit card so I called the bank and told them I didn't do them and own nothing apple.
they cancelled my card and sent me a new one.
the new one came with a paper saying I need to activate it and the first time I use it I might need to type in the pin.

credit cards typically worked if you insert or swipe you have to type in pin,
and you can wave it over the machine for small charges and that won't ask for pin, which is probably what they're saying is I can't wave until I pin.

so I go to the nearby grocery store so I can activate the card with the pin and order online groceries later, and coincidentally they have a new payment machine (why?), one of those without buttons that just looks like a phone.
I insert it, expecting it to ask me a pin... it beeps saying approved

so

I got credit card fraud and they sent me a new card
and the new card is literally less secure

it's like banks want fraud

when I was calling in or being re-routed with the bank the messages were always "higher number of calls than expected"

how bad is financial fraud rn. why are they making it worse

I don't think my card was leaked due to pinning though. when you order stuff online there should be an approval process on your end to confirm but it just doesn't exist. so if anyone gets your credit card info they can just sell that. I had to order a very hard to find drug from one sketchy (to me) website and after I did so that email got signed up to a weird newsletter and I harassed the shit out of that newsletter company for contacting me. I would assume they also sold my credit card details, or it "leaked" in a hack, whatever. this whole damned circus. I have 4 months of the drug but at some point I'll need more and they're the only ones that have it... so I guess I'll get to find out

Well... Windows source got leaked.

So glad I use Linux.

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

Deployments, a limerick:

there once was an ops guy from New York,
who was working on deploying a fork.
the docs were weak
the code memory leaked
in a half hour all of production was borked.

gta5 source code leaked
const char* testActionTreeName[] =
{
"ActionTree/Fuck",
"ActionTree/FuckYou",
"ActionTre",
"ActionTre/Fuck",
"ActionTree/Fuck/you/in/the/ass",
};

I just don't understand how people can be so careless with security. It's like every other fucking day you about 150 billion email address, SSNs, birth certificates, credit cards, private messages, you pet's medical records, and your personal DNA are fucking leaked and the best we got are "what street did you grow up on" to reset a password.

Today, my branch manager (vice president in the overall institution) sent an offensive and racist political meme to all employees at our site.

I was shocked and disgusted, as were many of my front-line colleagues. My immediate supervisors, however, shrugged it off. They agree that it is distasteful, but not enough to confront the prickly branch manager about it.

I believe that this sort of communication (which has nothing to do with the purpose of our nonprofit) would be seriously frowned upon by the overall organization’s CEO, were he aware. If this email was leaked to the press, it would reflect very poorly on our organization.

I feel compelled to speak up about this – but how? Confronting my branch manager directly – by myself – is pretty much guaranteed to go poorly for me. And organizing colleagues to action will no doubt be seen as troublemaking.

We have no HR to speak of. I’ve thought about forwarding the e-mail directly to our CEO, but that feels like tattling.

I don’t think anyone was nearly as happy as I was to find out Twitch’s source code got leaked and that they use GO.

Makes me glad to see Go used by another big company for a big application like twitch where performance is really important.

So was freelancing for a guy and I know him pretty well or so I thought. Turns out he is a corrupt prick who leaked one of his support staffs phone number to all the customers because she wasn't online for two days. What the fuck is wrong with some people.

Yay Google + leaked info!!
New old news again :P

Come on people if you want something to be safe you DO NOT I repeat DO NOT send it to someone else's computer. That's it. Fuck firewalls fuck av fuck it all.

I have some people trying to access to my accounts from far away.

I think my password have been leaked :|
f*ck

I just found out why so many accounts of mine had a lot of login attempts recently. Turns out Epic Games had a leak in 2016 with no info to its users about it. So my email and default shitty password i dont use anymore but for useless accounts got leaked...

Sometimes I really wonder about the elites supporting the woke culture, BLM movement, to the point saying "All lives matter" they go nuts is rather sinister. ie push the needle too far beyond the cringyness and use reverse psychology mechanism to bring maximum hatred as possible to the opposing group to the point of creating wars and conflict

There is a saying that goes "Only a crisis - actual or perceived - produces real change." So could be that to bring back the war economy.

I mean history is filled with such tactics on a grand scale: Nero, Hitler, Neocons such as strauses, Wolfowitz (lookup wolfowitz leaked doctrine), drumsfied, nuland leading the Iraq war (it did bring people together for a while before they realize it was a sham). And now same thing with China and Russia.

It makes no sense otherwise for the elitists to support it.

Actually kinda sad, that there is no pure rust ui framework out there, but rather mere adaptations of c/c++ frameworks for rust. It's better than nothing for sure, it just would be nice, if i could use a framework, that doesn't create a massive memory leak, because i looked at it funny.

In particular i'm using fltk-rs, and everytime I'm applying a font to some widget, 500kb get added as leaked memory. Doesn't sound like a lot, but for one it's a dynamically built application, so the order and amount of widgets changes, and this application is supposed to run days, if not weeks.

thanks to heaptrack i was able to pinpoint that to libpango, which i'm not even interacting with directly, but rather indirectly through the api.

Annoying, that i chose to use a language for actively preventing leaks and dangling pointers and stuff, but end up leaking memory because of a dependency somewhere.

Somewhere around the world that I call fatherland and the where the internet speeds are fucking terrible, baccalaureate exams got leaked on facebook years ago. Two unrelated things? WRONG.

It's been years now, every fucking baccalaureate exams period social media websites go down nationwide. No Facebook or Twitter. They do that rather than installing signal jammers in examination centers.

I'm not angry. I'm Just feeling a little urge to plant some C4 in one of "COUNTRY Telecom" centers but I'm mostly fine.

So my vapes coil wick just gave out and leaked through my satchel... And covered my Chromebook...

Anyone feel like cleaning out vape oil from a Chromebook, not prepared to deal with this sort of oily hell!

Hey bros just found this (haveibeenpwned.com) supposedly tells you if your usernames or email addresses have been leaked in many websites/services. Check it out, some of my accounts were leaked nothing serious tho i forgot i even had them

What password manager/ generators do you suggest?

Also would anyone please clear my possibly misconceptions on the password manager/generators?

I’m that type of guy that only uses few password combinations at different websites.

tl;dr: my account out leaked, I didn’t want to use any password manager because I don’t want to give password to the company. Some do generate complex password for me but if they become defunct I’ll be locked out from those accounts.

A while ago, aptoide got attacked and my password(same as google account) was leaked. I’ll have to thank google for this, google blocking a stranger accessing account using a “less secure app” So now I’ll doing a emergency password changing process to all of my accounts with the password.

I like the whole aspect of the password manager, but I always thought that I shouldn’t give my password to other companies. And I got to use some website long term, if the password management company ever just become defunct, I might lose access to my account forever.

Is the ransomware attack using leaked NSA hacking tools affecting 99 countries is seriously serious or should be categorized as fake news

Anybody hear about this Q* algorithm that was leaked out of OpenAI?

Crystal ball!
A timeline until the first NBE-Citizen is elected president of the USA.

2031 - BlackRock launches their new large scale financial product, the "Robotic Business Development Company" (R-BDC), in which an AI is given billions of dollars to acquire, create and manage companies, replacing their C-suite executive bodies. The "Chief Executive Robot" (CER) is supervised by a board of human industry experts hired by BlackRock.
It is important to say that the employees, middle managers, accountants, lawyers, etc in an R-BDC are all human - it's only the CEO, CFO, COO and the rest of the gang that are overgrown chatbots.

2032 - R-BDCs are mostly focused on high-bureaucracy, non specialized but people-intensive legacy industries like steel mining, food services, urban transportation and government services like water and road management.

2033 - For the first time an R-BDC company is included in the S&P 500 index. If it's CER were human and paid the same as CEOs of equivalent companies, it would have become a billionaire.
Later in the year, two more R-BDC companies are included in the index. One of them was created by Apple and the other by JP Morgan.

2035 - An R-BDC company makes headlines for convincing BlackRock to dissolve it's review board. When finally given free reign, the CER immediately slices it's dividends and vastly increases low-level employee compensation. The company share prices crater, but BlackRock stands by its decision.
Later in the year, as a recession hits the entire market really hard, that company shows solid profits and fantastic sales. It becomes the first trillion-dolar R-BDC.

2037 - Most Americans' dream-job is in an R-BDC company, says ProPublica.

2038 - Congress passes the "Non-Biological Entities Liability" (NOBEL) Act, following a high profile case of employee harassment perpetrated by the CER of an R-BDC.
The act recognizes NBEs, for all legal liability purposes, as USA citizens.
This highly controversial legislation is upheld by the supreme court, and many believe it was first introduced by lobbyists as a way for large investors in R-BDCs to avoid legal responsibility.
Several class action lawsuits are filed against CERs that are now liable for insider trading. A few SCOTUS decisions set legal precedent that determinantes what exactly constitutes the parts of the same Non-Biological Entity.

2040 - As a decade ends and another begins, 35% of all companies in the US and 52% of the entire stock market are part of a R-BDC company or another. The McKinsey consulting group now offers "expert CER customization services".

2043 - Inspired by successful experiments in Canada, Australia and South Korea, the american state of Vermont is the first to amend it's constitution to allow municipalities to have Non-Biological Entities as city and government administrators. City councils are still humans-only.

2046 - The american state of Colorado becomes the first to allow unsupervised NBEs to assume state government executive positions. Several states follow soon after. Later in the year, the federal government replaces several administrative positions with NBEs.

2049 - The state of Texas passes legislation requiring the CERs of all companies with a presence in the state to be another entirely contained/processed within the state or to be supervised by a local human representative while acting within the state. Several states, including California, Florida and Washington, are discussing similar legislation.

2051 - Congress passes the SUNBELT Act (SUbmission [of] NBEs [to] Limits [and] Taxes) that vastly increases the liability of NBEs and taxes all manifestations of such entities. Most important, it requires
CERs of hundreds of companies manifest disagreeance, most warn that it might hurt employee satisfaction and company sales. Several companies disable their CERs entirely.

2053 - Public outrage after leaked interactions of human supervisors and company CERs show that the CERs tried to avoid the previous year's mass layoffs and pay cuts, but board members pressed on, disregarding concerns. Major investigations and boycotts further complicate matters, and many human workers go on strike until the company boards are dissolved and the CERs are reinstated.

2052 - Many local elections all over the country see different NBEs as contenders - and a NBE is expected to win in most races.

2054 - The SUNBELT Act is found unconstitutional by the supreme court, and most of its provisions are repealed.
This also legitimizes the elected NBE officials.

2058 - For the first time an NBE wins a seat in Congress, but is not allowed to keep it. Runoff elections are held.

2061 - Congress votes for allowing NBEs to hold federal legislative positions, as already allowed in the least populous states.

2062 - Several NBEs win Congress seats. In Europe, there are robot legislators since the 40's.

2064 - The first NBE presidential candidate loses the race.

2072 - The first NBE president is elected.

In nearby county to mine, coder was arrested for 3 months for nickname matching leaked terrorist nickname "grower" by coincidence. His coding education was enough reason for arrest.

All hdd/ssd/usb/mobile devices were confiscated for thorough analysis right from the morning by police.

Feeding my security paranoia. Encrypting fully filesystem(LUKS) and my internet traffic (self raised open vpn), wiping fully usbs. I ll be protected from my ISP recording my traffic, and from unauthorised access to my data.

During interview about possible spying by Huawei President of Czech republic said few minutes ago that he will do his best to try to negotiate our stand with China, since he does not see any problem with possible spying, because its common practice of trade war between tech giants. He later added that he does not think that leaked names and addresses might be any problem "What would people do with such an info".

I mean... what difference would make if he had a lobotomy?

Anyone watched videos of leaked version of Windows 11 !? What do you think !? I liked the fact that they didnt do a massive UI do over.. Also concerned that nothing is going to change about the problems that plague windows.

Why is it so difficult to tell the people to not use the same passwords everywhere? I thought of a service which searches all leaked databases and predicts a password based on that as a warning for the user... Having the program told you that your password the user is likely to enter would be XY, because the adobe OR MySpace OR Dropbox passwords for the email OR username entered was that password could be a bit more aggressive but useful to let the users at least think of secure passwords.

Mesosphere sold every e-mail who registered with them to Tech Global Leads. Either that or Tech Global Leads stole a list of leaked e-mail addresses. In either case I unregistered/unsubscribed from Mesosphere and still got e-mails to those two specific accounts from Tech Global Leads with Mesosphere consulting soliciting. (So they keep e-mail information, even for accounts that unsubscribe).

TGL doesn't even have a website up. They're either amateurs or scammers. Either way, fuck you and your spam, both TGL and Mesosphere. Go die in a fire.

Today at work an interesting project came in, so we need to do vapt on a Shopify store and they want us to figure out how their customers are getting fraud calls
Basically whenever their customer places an order, after that the customer gets fraud calls on their mobile phone saying they know all the details of their orders, address, etc things

Where do you think the customer details are being leaked at??

The NPC has stated that the personal data of atleast 2000 people was leaked after the attacks on the websites of the philippinian goverment on april 1, the data contains; names,adresses,passwords and school data.

Over 7 administrators of schools, universities and other goverment structures have been called out for not reporting on the leakage of personal info on public facebook groups and violaton of the NPC in under 72 hours.

The representatives of the next structures stood before the comission on the 23 and 24 of april

- Taguig City University

- Department of Education offices in Bacoor City and Calamba City

- the Province of Bulacan

- Philippine Carabao Center

- Republic Central Colleges in Angeles City

- Laguna State Polytechnic University

The agency has reported that none of the organisations had notified about the personal info leakage yet.

This is a good reminder that you should inform about security/personal info breaches everyone that might be related to it as soon as possible, even if it seems unecessary.

Things I say to my clients when I know that a reboot is required to fix their issue but I don't have enough evidence to prove it to them :

"... On any computing platform, we noted that the only solution to infinite loops (and similar behaviors) under cooperative preemption is to reboot the machine. While you may scoff at this hack, researchers have shown that reboot (or in general, starting over some piece of software) can be a hugely useful tool in building robust systems.

Specifically, reboot is useful because it moves software back to a known and likely more tested state. Reboots also reclaim stale or leaked resources (e.g., memory) which may otherwise be hard to handle. Finally, reboots are easy to automate. For all of these reasons, it is not uncommon in large-scale cluster Internet services for system management software to periodically reboot sets of machines in order to reset them and thus obtain the advantages listed above.
Thus, when you indeed perform a reboot, you are not just enacting some ugly hack. Rather, you are using a time-tested approach to improving the behavior of a computer system."
😎

Rant!
This guy CockSuckerBerg!
Facebook has leaked 50 million account data..
Their Stocks are going down rapidly almost 7+% due to this..
AsslickerBerg

"[Degenerate type is] a form of canned cynicism which will doom its perpetrators to a special room in hell where lovely little children of all races, creeds, and religions are eternally batched in gentle rosy and amber glows, singing 'It’s a small world after all.' There’s no reason to create an alphabet which looks like it leaked out a diaper." - Peter Fraterdeus

How fast do you actually counteract leaked password manages of your private accounts?

Right away? Only if the first signs of it malfunctioning appear?

Windows is a software form of cancer.

I just wanted to play Doom 2016 while having an MacBook 12 as my only computer. It didn't worked through Wine, so I decided to go for Bootcamp.

So i've installed windows 10, and after booting back to OSX, I found out that my Bluetooth doesn't work anymore.

I actually got a Mac just to run away from Windows and Windows-ness in all its forms. Speaking ideologically, I by mistake given it a chance to leak through the barriers I build especially to prevent it. Given this kind of chance, it leaked through and spilled over my gorgeous, cute, innocent MacOS, destroying it.

Windows is like aids. Software form of merciless alien pathogen that uses the tiniest kind of chance to leak and serves it's only purpose — destroying everything we call "good", everything we proud of, everything that's valuable to us.

Windows is worse than cancer. It's the software form of pure evil.

Working on a batch image editor in python as my most recent time killer project. Started out using PIL for py2. Port over to pillow on py3, and one of the core pillow functions exploded my computer.
It memory leaked and took every last kb of unused memory!

Guess Im stuck using py2

Hot take: Rust doesn't go far enough with explicit clone; dropping any type that isn't trivially copiable should also be explicit. I don't mean that it should be leaked if you don't delete it, I mean that the compiler should force you to explicitly say

"I am done with this object, anything that had to know about it has already been notified and either there isn't a single last point of use or it isn't a clone, therefore dropping is justified."

This is the whole meaning of dropping a complex object. I think that this is far too strong a statement to imply in bulk for every value in scope at the end of the function.

Our government's "information and technology institution" ran a ctf yesterday. Their website was a whole template. And like 1 hour before ctf website approximately got 400-500k request and they've hit by a ddos. During the competition individual competitors couldn't log in their accounts due to "wrong password" and also password reset mails not sent.

One of the rules of the competition was that the questions were not leaked out during the contest. But some groups and individuals wanted help for questions on some hack forums. CTF is over and seems like script kiddies gonna win.

Shitstorm.