• 1 Post
  • 10 Comments
Joined 1 year ago
Cake day: June 5th, 2023
  • ironsoap@lemmy.onetoNews@lemmy.worldFlorida's new COVID booster guidance is straight-up misinformationEnglish
    21·
    12 days ago

    I read this on the 14th or so and did a face palm. Floridaland is for the alligators apparently.

    Additionally, the federal government has failed to provide sufficient data to support the safety and efficacy of COVID-19 boosters, or acknowledge previously demonstrated safety concerns associated with COVID-19 vaccines and boosters, including:

    • prolonged circulation of mRNA and spike protein in some vaccine recipients,
    • increased risk of lower respiratory tract infections, and
    • increased risk of autoimmune disease after vaccination.

    And my favorite:

    • Potential DNA integration from the mRNA COVID-19 vaccines pose unique and elevated risk to human health and to the integrity of the human genome, including the risk that DNA integrated into sperm or egg gametes could be passed onto offspring of mRNA COVID-19 vaccine recipients.

    Apparently we are at risk of covid immune babies!

  • ironsoap@lemmy.onetoTechnology@lemmy.worldYoutube has fully blocked InvidiousEnglish
    11·
    13 days ago

    While I agree, I have a hard time seeing how people will stop using it until the field changes. Maybe in 10 years it will the the MySpace of the sitcom era, but right now it’s still growing. That growth is giving it carte blanche to manipulate the users as it sees fit. Regulation might impact it, but it’s still a bit of a Goliath.

    • Compared to 2023, YouTube’s user base has grown by 20 million this year, representing a 0.74% increase. From Global media insights

    Also the active user base is 2.7 billion people in 2024 from the same source above.

    The alternatives are out there, but just not in the same league.

  • ironsoap@lemmy.onetoTechnology@lemmy.worldHacking Millions of Modems (and Investigating Who Hacked My Modem)English
    25·
    4 months ago

    If this request worked, it meant that I could use an “encryptedValue” parameter in the API that didn’t have to have a matching account ID.

    I sent the request and saw the exact same HTTP response as above! This confirmed that we didn’t need any extra parameters, we could just query any hardware device arbitrarily by just knowing the MAC address (something that we could retrieve by querying a customer by name, fetching their account UUID, then fetching all of their connected devices via their UUID). We now had essentially a full kill chain.

    I formed the following HTTP request to update my own device MAC addresses SSID as a proof of concept to update my own hardware:

    Did it work? It had only given me a blank 200 OK response. I tried re-sending the HTTP request, but the request timed out. My network was offline. The update request must’ve reset my device.

    About 5 minutes later, my network rebooted. The SSID name had been updated to “Curry”. I could write and read from anyone’s device using this exploit.

    This demonstrated that the API calls to update the device configuration worked. This meant that an attacker could’ve accessed this API to overwrite configuration settings, access the router, and execute commands on the device. At this point, we had a similar set of permissions as the ISP tech support and could’ve used this access to exploit any of the millions of Cox devices that were accessible through these APIs.

    Blows me a away that an unauthenticated API with sensitive controls and data was publicly facing. Corporations these days want all your data but wonder why some customers are worry about how it is protected, it let alone if it’s being sold. Why should I allow you to control my hardware when you can’t protect yourself.