We found a public AI repo on GitHub, exposing over 38TB of private files – including personal computer backups of @Microsoft employees 👨💻
How did it happen? 👀
A single misconfigured token in @Azure Storage is all it takes 🧵⬇️
For more details about this exposure, as well as a breakdown of potential risks and recommendations in using SAS, read the full blog post by @hillai 👇
https://t.co/oQ1zmtmTWd
On Sunday, July 9, 2023, early morning UTC time, we observed a high number of DNS resolution failures — up to 7% of all DNS queries across the Asia Pacific region. Here's what happened: https://t.co/bk02VpaxgZ
@Rolex_Jodieres@nycgov But even if they did and so did @NYC_GOVERNMENT pay the $8 how can you tell anyway which one is the real one if everyones subscribing for checkmarks.
@nycgov will have it. @nycmayorgov will one .. @nyc_gov_official will have one.. you can just keep making up new user names..
Curious how many people actually signed up for Twitter Blue yesterday and today? Well, I've got the numbers and I'll be telling them to @JoyAnnReid on MSNBC in ten minutes.
Here's a hint: They were net +28 between signups and cancellations. Not 2,800. Twenty-eight.
Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to @David3141593 for his help throughout!
@bettersafetynet@N3bberz within reason plausible they setup some auth and network connectivity between work <-> home-setup (whether or not they should have).
i'd like to think this explaination than a a very senior tenured eng installed plex and directly doing work on an insecure home server as a norm.
@bettersafetynet@N3bberz i was wondering this to but i know who people run thin clients as their computer but remote into a more beef home setup. (especially in the chaos of M1 macs and arm setups).
it could be a case then the network connectivity or sensitive workloads were being done on their homebox
New details on the 2nd LastPass incident are fun:
- got into Sr DevOp's home via vuln media software
- installed keylogger
- got master pass to corp vault (seemingly because it was being accessed from home computer)
Cool to see that LastPass is sharing this level of detail. Most companies are vulnerable to an attack like this.
Main post:
https://t.co/Qcyxpoh8xj
Incident 1 details:
https://t.co/LZYUJJ1Dhc
Incident 2 details:
https://t.co/GIuRP8RftR
@vedant_6 working for large municipal government (nyc) this is totally written into the policy. (otherwise its viewed as stealing from tax payers / wage theft 🤷♂️)
it is bureacratic but rarely enforced but there are policy endorsed permissions slips to verify tardiness by train delay.
@EricJorgenson doing the math.
quantified revenue/society impact
---- divided by ---
# of people x
The biggest number that is close to 1 for organizations of 2 or more.
goes against the definition of an "organization"to count a single person. If a person counts then biggest number >=1 ?
Your app is getting better. It has more features, more active users, and every day it collects more data. Your database is now causing the rest of your application to slow down.
so excited to share with you all: a new @GitHubNext addition to Copilot Labs...
✨ Code Brushes ✨
We wondered how we could make editing your code feel as tactile and easy as paint with a brush in Photoshop?
writeup: https://t.co/pbdcEj3vgm
and 🧵