Meatbags gonna meatbag.
0xD
joined 1 year ago
That's not an unpopular opinion, it's an outrageously stupid and uninformed one and you should keep it to yourself.
With Gemini you can let it show you search results for (some) of its statements. It's useful for cross-checking: I was, for example, researching plastics recycling and there was a claim that seemed untrue and corporate. The automagic search/source function for that statement led me to a blog post of some consortium/lobbying group of manufacturers. After telling that to Gemini it apologized and compiled a list of different view points for that specific statement.
I was pretty impressed with that, and I find it very useful for researching topics I know basically nothing about. Of course it's not the sole source of truth.
That's not how this works. Maybe if you get some business consultants, but this ain't it. Just because you hire them yourself, doesn't mean that they'll fall in line with your wishes.
It's not as vulnerable but it still is.
Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there’s a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks.
You need to check out public key cryptography and digital signatures. Those are the basics of Fido.
When the private key is bound to a device it is not possible to fake or steal it through conventional methods. Passwords are the weakest link and an easy target for attackers - passkeys basically solve that.
User adoption depends on implementation, but everything is easier than remembering a secure password or using a password manager for most people. There needs to be an easy and secure way to distribute passkeys across devices, and any backup mechanisms may be a weak point. In any case: still better than passwords.
I had a colleague at work years ago who did his Master's thesis on network scanning. He ran a PoC in the company's network and had all the printers print hundreds of pages.
We learned that printers suck and that we should always know our payloads and targets 😁
A missing rate limit is a vulnerability, or a weakness, depending on the definition. You're playing smart without having an idea of what you're talking about. Here you go:
https://cwe.mitre.org/data/definitions/799.html
YouTube videos are public, and as such it's not really hacking. If you were able to download private videos, for example, it would be a vulnerability like "Improper Access Control". It does not matter in the least whether you use an "exploit" in your definition (which is wrong) or "just increment the video ID".
The result is a breach of confidentiality, and as such this is to be classified as a "hack".