Is this really true? Looking at the Yubikey Shop I see that the purchase page explicitly states that the key is shipped with Firmware 5.7 (the fixed version). If a device is received with the old firmware, I would believe that this not intentional and support would resolve the problem.
Readit Newsbigjay517 commented on YubiKey still selling old stock with vulnerable firmware · Posted by u/MaKey
bigjay517 commented on Show HN: Ruroco – like port knocking, but better github.com/beac0n/ruroco... · Posted by u/mschempp
The security section fails to explain how the service prevents an attacker from intercepting a packet, then sending it again himself with a new sender IP address to whitelist SSH access his IP address.
The original (authorized) sender would then think something went wrong (packet loss), send a new packet and be none the wiser.
This is a good point. I think a simple remedy would be to include the IP the server should allow connections from as part of the authenticated payload from the client in the request.
bigjay517 commented on Localsend: Open-Source Airdrop Alternative github.com/localsend/loca... · Posted by u/meatjuice
I've been using localsend, mostly without issues. This thread has made me discover pairdrop.net and I have to say it's miles better. I've switched all my devices over now. The iOS integration with the provided shortcut + permanent pairing, in particular, is really good.
I actually have switched to Localsend from Pairdrop. My experience is that is Pairdrop is slow especially compared to Localsend. This is while hosting the application on my local network.
I do prefer the WebApp approach so I don't have to install something on each machine before sharing files, but the bug ticket in Pairdrop does not make me hopeful for a good solution (see: https://github.com/schlagmichdoch/PairDrop/issues/44)
Are you able to achieve similar performance in Pairdrop that you did with Localsend?
bigjay517 commented on Google Chrome pushes browser history-based ad targeting theregister.com/2023/09/0... · Posted by u/laktak
The comments I am reading here seem to imply that this is more privacy invasive than tracking cookies. Steve Gibson did an analysis on Topics and his conclusion was that this is an approach to provide targeted ads (which websites need to make money) without being invasive.
Here is a link to his podcast where he explains the specification: https://twit.tv/shows/security-now/episodes/935?autostart=fa...
Although if you believe that being online you should be 100% anonymous and share 0% of personal data then of course Topics is not good (but then no other ad targeting solution will be either).