So can his lawyer.. Claims his client was "brutally assaulted".. No photos, no police report. OK buddy. And Wtf kind of racist-adjacent statement is this:
The attorney also suggested his client is being unfairly targeted as a "white outsider," claiming, "The vast majority of attacks on monk seal and turtle are by locals."
Woah. I guess the people who overreacted and claimed this was a secret conspiracy to gain full personal ID of everyone on the internet in some grand globalist scheme must be feeling pretty silly right now.
Good. The tail has wagged the dog for decades. US backing reducing support for Israel may make them reconsider their extremely hostile approach to neighboring countries.
And if the Israeli public are unhappy about this, maybe they should have jailed their criminal prime minister years ago on the mountains of evidence they have, instead of making him the longest-serving PM ever, all while cheering on the war in Iran.
Worry about threats from Iran and its allies are probably behind polling that showed strong Israeli support for the decision to go to war with Iran, even after weeks of missile attacks.
Immediately after the ceasefire, more than a third of Jewish Israelis said they were very or somewhat unhappy about it, compared with just over a quarter who were very or somewhat happy the fighting stopped, according to the Israel Democracy Institute.
To those fretting: there is a wide margin between a legit VPN service and these guys. Interpol are not coming for your paid run-of-the-mill VPN provider.
I hadn't even heard of 1VPN prior to this story, and the reason is that they advertise almost exclusively on cybercrime forums - mentioned multiple times in the article.
The administration/owner of this VPN service explicitly tailored their business to enabling cybercrime. That's real stupid, because it means you become a legitimate law enforcement target as an accomplice with prior knowledge / facilitator to a crime, and generally explicitly waives your immunity rights as a service provider under legal frameworks like EU DSA.
Dutch police stressed that this particular VPN service “was considered criminal, because it specifically targeted cyber criminals.”
First VPN “mainly advertised on the cyber criminal forums known to the police and thus expressly approached cyber criminals as potential clients,” Dutch police said. “The website of the service also stated that any cooperation with the judiciary would be denied, that the service was not subject to any jurisdiction".
Lol. There is no country on earth that is not subject to any jurisdiction - as the VPN provider and users found out.
Any legit VPN has a thorough ToS/policy to explain acceptable and unacceptable use of their systems (including any illlegal use like crimes/DDOS/etc), and to cover the legal jurisdiction they fall under and what they do when recieving legal court orders.
If anything, be pissed that this intentional cybercrime service tarnished the concept of VPNs a little, not that they were pursued and busted. Your legit provider is safe.
Only a bit over a year into Trump presidency 2.0 and he's already fleeced over $1.2bil directly out of government coffers and into his own back pocket, and torn down sooo many important institutions.
I wonder what General Strike has to say about all this.
Imagining the progression of the US as a chart, the post-2015 era would not be so much a slope, rathee a cliff. It's absurd how rapid thing have declined.
On a positive note - good luck on your 60th, hope you have a grand one.
This is really damning evidence of AI's vaporware benefits tbh.
As LLMs key functionality is supposed to be their ability to take a body of work (training data) and then take natural language input to deliver valuable and accurate natural language outputs, automated helpdesk and call centers are supposedly their absolute bread-and-butter low challenge implementation cases.
And yet... Here we are. They still aren't anywhere near the quality or value of just hiring people.
I did read the text. I suggest you read the article. Microsoft lied and literally called it "expected behaviour", then silently patched it. Why would they patch expected behaviour?
The exploit discovered and lodged by O'Leary was confirmed independently to exist and function by CERT/CC and they gave it an interim CVE entry. The only reason it was not finalized and publicized is that Microsoft has the right to overrule CVEs as part of the CNA hierarchy rules.
As the researcher said, it's a privelige escalation bug. So yes, an attacker would need some privilege.. But this is still a major vulnerability.
The vulnerability allowed a user with only Backup Contributor (an Azure RBAC role with zero Kubernetes permissions) to trigger this access grant [for the entire Kubernetes cluster].
Azure's Backup Contributor is a role widely assigned in organizations to their mid and even low-level IT staff. At a Fortune 500 company there may be hundreds of people around the world with that permission to manage their own site's or office's backups.
Azure's Kubernetes Cluster Admin is a much more powerful role. It allows unrestricted access to the entire Kubernetes cluster - including retrieving admin credentials for the cluster via powershell, and accessing or modifying any data on the cluster. How much that could impact a particular environment depends on what services they have containerized into their Kubernetes cluster, but it could be almost anything.. web frontend for user logins, a payroll system interface also with logins, etc - attacker would be able to access all that information with some skill. They could also simply install a pod that acts as a backdoor into the whole environemnt and take their time looking through all data to extract what further access they need or want.
That's why this was assessed by CERT to a CVE rating of 9.9 - critical vulnerability that poses a severe risk.
The bigger issue as I said is not the bug, its Microsoft's response. Lie, use their power to quash the report, silently patch it, alert nobody. There may be impacted businesses/orgs out there that have been breeched through this vulnerability, and now they will not even know to check their logs, rotate Kubernetes cluster admin password or audit & validate their Kubernetes pods.
I still play Helldivers 2 on this long-toothed beast, but I do have to live with a fairly low framerate and make sure I don't leave too many processes open in the background (its a CPU intensive hodgepodge of a game engine). Most other newish games work fine in 1080p to be honest. I haven't been keeping up with the latest and greatest either.
Modest framerate don't bother me much because I'm from the era of 320x240 games.
Feels like a really, really dumb decision. Has Microsoft forgotten the reason CVEs and bug bounties exist is to bring them to the light of day and prevent them being packaged and sold on the darkweb for abuse?
Or maybe AI tools are just helping researchers identify such a wealth of MS bugs that Microsoft is overwhelmed with notifications and pushing back by aggressively closing them?
Either way - this is a bad choice and will come back to bite them.
At this point my main PC is a 'classic car' of gaming. EVGA GTX 1070, z170 mobo, 64GB DDR4 RAM, i7 6700k.
First bitcoin made graphics cards double in price just when I was looking to upgrade my gfx, then a wider crypto wave, tarrifs, then a pandemic, then more tariffs, and then AI made everything rapidly wildly expensive.
My usual upgrade process of "waiting for prices to become reasonable around the 5-6 year mark" has proven to be a bad plan for this period..
Igor Lytvynchuk can get fucked.
So can his lawyer.. Claims his client was "brutally assaulted".. No photos, no police report. OK buddy. And Wtf kind of racist-adjacent statement is this: