Arghblarg

Whoah, the collection wasn’t lost forever? According to the archive.org info, it was all lost in 2018 during a ‘botched server migration’. Would be amazing if most of it has survived due to this research project …

Yes, Eclipse. 20-year-ago me would have a stroke saying that (due to it being pretty ‘heavyweight’ for the PCs back then) but it’s got support for any language you can think of with plugins and an app store for everything. But, no AI crap unless you seek it out, I presume.

… and the press secretary just refused to rule out conscription (the draft) just a day or so ago. https://www.msn.com/en-us/news/other/trump-press-secretary-karoline-leavitt-refuses-to-rule-out-us-military-draft-for-iran-war/ar-AA1XMEbF

Nah, once I moved jobs and started holding nontrivial amounts of retirement and TFSA stocks I opened accounts with a new broker.

I had a similar experience many, many years ago – before the rules for vuln embargoes were formalized; and I wasn’t even a security researcher. I was just a techie who discovered that the broker’s staff were resetting anyone’s forgotten password to the same temporary word. And like in this article, they had no mechanism to force users to reset the temp password on next login to something unique. I’d asked to have my password reset at some point, having forgotten it, and upon logging in with my user ID accidentally swapping two digits, found myself in someone else’s brokerage account, with substantial funds staring me in the face! And, their email and personal details.

I disclosed the issue to the broker, but out of paranoia, did it through a throwaway email account, from home, not work (I should’ve used a VPN, but back then I wasn’t as aware of such things). From that throwaway email, I also notified the person whose account I’d accidentally logged into, urging them to check their account and contact the broker to ensure no one else might have gotten into their account.

A day or so later, I got a call at my work phone from someone at said broker, asking if I had seen any unusual activity on my account, and that they had seen some suspicious activity from our company’s network (remember, the accidental login to the other person’s brokerage account occurred at my work PC)… I suspect they were fishing for info pointing to my being the one who accidentally accessed someone else’s account. I played dumb, as the call did NOT have good vibes; I could sense they were looking for a ‘hacker’ to scapegoat, not calling just to inform people there was a problem.

Thank heavens I didn’t reveal that I knew anything about the vulnerability… I had just reset my password, nope nothing unusual here, nosirree… but within a day or two their password reset procedure had been changed for the better and emails were sent out stating that a ‘security incident’ had occurred.

Lesson: Do NOT trust that your security report will be taken as being helpful. Most companies will try to throw you under the bus if they can, to save face.

Yup. This is by no means the first allegation they get paid bounties. It was being said everywhere just prior to the shootings of Mrs. Good and Mr. Pretti last month.

Perverse incentives breed perverse behaviour.

Good thing I live outside of the US then ;)

This looks awesome…hope they make it, I’d buy one if it isn’t toooo expensive.