(no subject)

Sep. 18th, 2025 02:09 pm
brumka: (Default)
[personal profile] brumka
Тут у avva пролетала цитата какого-то подкастера про 10% текста, которые читают и 90% воды.  Я попробую развить эту тему, но применив её к опыту общения с сотнями IT компаний - мне приходится часто участвовать в процессе продаж (как техническому специалисту) и так-же общаться со стартапами, которые пытаются продать себя нашей конторе.

Подавляющее большинство прекрасных инженеров не умеют объяснять в чём суть их продукта и, главное, почему он мне нужен.  Идут рассказы о том какая офигенная это система, или о том как элегантно они решили проблему, или о том какие у них крутые клиенты, и тому подобная фигня, aka "the product pitch" как они себе его представляют.  К сожалению, они не понимают главного: это всё сработает только если они решают мою проблему.  С разговора об этом и нужно начинать общение.  Обсуждение продажи или сотрудничества это не о том насколько крут их продукт, а насколько это необходимо и/или выгодно мне

Конечно, есть очень важная категория добровольцев, которые тратят кучу свободного времени на поддержание, например, какого-то open source проекта.  Это замечательно, очень важно и похвально.  Я полагаю, что подавляющее большинство их них занимается этим после того, как проводит кучу времени на основной работе, ведь должен же кто-то кормить семью, платить ипотеку, откладывать на отпуск/пенсию и т.п.  А там, на основной работе, кому-то приходится продавать результаты их труда. 

Инженеры, которые умеют просто объяснять зачем их работа нужна другим преуспевают финансово, продавая свои идеи.  Очевидно, это немного кому дано - тут, главное, засунуть эго куда поглубже и найти опытного переговорщика и/или продавца.  Ведь очень жаль если хорошая идея и куча вложенного в неё труда и таланта так и останутся никем не замеченным усилием.
[personal profile] mikerrr
В Японии 15-летний школьник Акира Танака разработал приложение "Step for Good", которое превращает шаги пользователя в виртуальные "монетки", идущие на благотворительность. Пройденные километры конвертируются в баллы, которые спонсоры (местные магазины) переводят в реальные деньги для нуждающихся. Акира придумал это, чтобы мотивировать людей больше двигаться, не требуя от них финансовых вложений.

Web Analytics
[syndicated profile] malwarebyets_feed

Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation, known as RaccoonO365.

The primary goal of RaccoonO365 (or Storm-2246 as Microsoft calls it) was to rent out a phishing toolkit that specialized in stealing Microsoft 365 credentials. They were successful in at least 5,000 cases, spanning 94 countries since July 2024.

The operation provided the cybercriminals’ customers with stolen credentials, cookies, and data which they in turn could use to plunder OneDrive, SharePoint, and Outlook accounts for information to use in financial fraud, extortion, or to serve as initial access for larger attacks.

Roughly an attack would look like this:

  • Emails were sent to victims with an attachment containing a link or QR code.
  • The malicious link led to a page with a simple CAPTCHA. This and other anti-bot techniques were implemented to evade analysis without raising suspicion from the victim.
  • After solving the CAPTCHA, the victim was redirected to a fake Microsoft O365 login page designed to harvest the entered credentials.

RaccoonO365 built its operation on top of legitimate infrastructure in an attempt to avoid detection. Leveraging free accounts, they strategically deployed Cloudflare workers to act as an intermediary layer, shielding their backend phishing servers from direct public exposure.

Reacting to this abuse of its services, Cloudflare teamed up with Microsoft’s Digital Crimes Unit (DCU). Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with RaccoonO365.

The danger of phishing kits like these is clear. Even non-technical criminals can lease a 30-day plan for $355 (to be paid in cryptocurrency) and get their hands on valid Microsoft O365 credentials. With the latest new feature of the phishing kit, users of the kit can even receive codes for certain multi-factor authentication (MFA) methods.

From there they can move forward to data theft, financial fraud, or even use the credentials to infiltrate an organization to deploy ransomware. And to give you an idea, RaccoonO365 customers were able to send emails to 9,000 targets per day. The suspected leaders of the operation had over 850 members on Telegram and have received at least US$100,000 in cryptocurrency payments.

The takedown of the websites and the attribution to a Nigerian suspect cut off the cybercriminals’ revenue streams, and significantly increased RaccoonO365’s operational costs. Besides that, the main suspect is believed to be the main coder behind the project and his apprehension by international law enforcement is likely to be a major blow to the operation.

Now, RaccoonO365 phishing kit customers can start worrying about how much of their information could be revealed in the aftermath of this disruption.

We’ll keep you posted.

Don’t fall for phishing attempts

In the operations run by RaccoonO365 two simple rules could have saved you from lots of trouble.

  • Don’t click on links in unsolicited attachments
  • Check if the website address in the browser matches the domain you expect to be on (eg. Microsoft.com).

Other important tips to stay safe from phishing in general:

  • Verify the sender: Always check if the sender’s email address matches what you would expect it to be. It’s not always conclusive but it can help you spot some attempts.
  • Check through an independent channel if the sender actually sent you an attachment or a link.
  • Use up-to-date security software, preferably with a web protection component.
  • Keep your device and all its software updated.
  • Use multi-factor authentication for every account you can.
  • Use a password manager. Password managers will not auto-fill a password to a fake site, even if it looks like the real deal to you.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

[syndicated profile] bruce_schneier_feed

Posted by Bruce Schneier

This is a nice piece of research: “Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents“.:

Abstract: Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection) and data-oriented threats (e.g., data exfiltration), time-of-check to time-of-use (TOCTOU) remain largely unexplored in this context. TOCTOU arises when an agent validates external state (e.g., a file or API response) that is later modified before use, enabling practical attacks such as malicious configuration swaps or payload injection. In this work, we present the first study of TOCTOU vulnerabilities in LLM-enabled agents. We introduce TOCTOU-Bench, a benchmark with 66 realistic user tasks designed to evaluate this class of vulnerabilities. As countermeasures, we adapt detection and mitigation techniques from systems security to this setting and propose prompt rewriting, state integrity monitoring, and tool-fusing. Our study highlights challenges unique to agentic workflows, where we achieve up to 25% detection accuracy using automated detection methods, a 3% decrease in vulnerable plan generation, and a 95% reduction in the attack window. When combining all three approaches, we reduce the TOCTOU vulnerabilities from an executed trajectory from 12% to 8%. Our findings open a new research direction at the intersection of AI safety and systems security.

[syndicated profile] malwarebyets_feed

Google has released an update for its Chrome browser to patch four security vulnerabilities, including one zero-day. A zero-day vulnerability refers to a bug that has been found and exploited by cybercriminals before the vendor even knew about it (they have “zero days” to fix it).

This update is crucial since it addresses one vulnerability which is already being actively exploited and, reportedly, can be abused when the user visits a malicious website. It probably doesn’t require any further user interaction, which means the user doesn’t need to click on anything in order for their system to be compromised.

The Chrome update brings the version number to 140.0.7339.185/.186 for Windows, Mac and 140.0.7339.185 for Linux.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click the more menu (three stacked dots), then choose Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is reload Chrome in order for the update to complete, and for you to be safe from the vulnerabilities.

Chrome is up to date

You can find more elaborate update instructions and how to read the version number in our article on how to update Chrome on every operating system.

Technical details on the zero-day vulnerability

Google describes the zero-day vulnerability tracked as CVE-2025-10585 as a type confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16.

Despite the short statement—Google never reveals a lot of details until everyone has had a chance to update—there are a few conclusions we can draw.

It helps to know that V8 is Google’s open-source Javascript engine.

A “type confusion” vulnerability happens when code doesn’t verify the object type passed to it and then uses the object without type-checking. So, a program mistakenly treats one type of data as if it were another, like confusing a list for a single value or interpreting a number as text. This mix-up can cause the software to behave unpredictably, creating opportunities for attackers to break in, steal data, crash programs, or even run malicious code.

Google’s Threat Analysis Group (TAG) focuses on spyware and nation-state attackers who abuse zero days for espionage purposes.

So, it stands to reason that an attacker used Javascript to create a malicious site that exploited this vulnerability and lured targeted victims to that website.

TAG reported the bug on September 16, and Google issued the patch one day later. That implies that the bug was urgent, or very easy to fix, and probably that both of those statements are true to some extent.

Usually, as more details become known or a patch gets reverse engineered, cybercriminals will start using the vulnerability in less targeted attacks.

Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to keep an eye out for updates and install them when they become available.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

[syndicated profile] malwarebyets_feed

OpenAI is going to try and predict the ages of its users to protect them better, as stories of AI-induced harms in children mount.

The company, which runs the popular ChatGPT AI, is working on what it calls a long-term system to determine whether users are over 18. If it can’t verify that a user is an adult, they will eventually get a different chat experience, CEO Sam Altman warned.

“The way ChatGPT responds to a 15-year-old should look different than the way it responds to an adult,” Altman said in a blog post on the issue.

Citing “principles in conflict,” Altman talked in a supporting blog post about how the company is struggling with competing values: allowing people the freedom to use the product as they wish, while also protecting teens (the system isn’t supposed to be used by those under 13). Privacy is another concept it holds dear, Altman said.

OpenAI is prioritizing teen safety over its other values. Two things that it shouldn’t do with teens, but can do with adults, are flirting and discussing suicide, even as a theoretical creative writing endeavor.

Altman commented:

“The model by default should not provide instructions about how to commit suicide, but if an adult user is asking for help writing a fictional story that depicts a suicide, the model should help with that request.”

It will also try to contact a teen user’s parents if it looks like the child is considering taking their own life, and possibly even the authorities if the child seems likely to harm themselves imminently.

The move comes as lawsuits mount against the company from parents of teens who took their own lives after using the system. Late last month, the parents of 16-year-old Adam Raine sued the company after ChatGPT allegedly advised him on suicide techniques and offered to write the first draft of his suicide note.

The company hasn’t gone into detail about how it will try and predict user age, other than looking at “how people use ChatGPT.” You can be sure some wily teens will do their best to game the system. Altman says that if the system can’t predict with confidence that a user is an adult, it will drop them into teen-oriented chat sessions.

Altman also signaled that ID authentication might be coming to some ChatGPT users. “In some cases or countries we may also ask for an ID; we know this is a privacy compromise for adults but believe it is a worthy tradeoff,” he said.

While OpenAI works on the age prediction system, Altman recommends parental controls for families with teen users. Available by the month’s end, it will allow parents to link their teens’ accounts with their own, guide how ChatGPT responds to them, and disable certain features including memory and chat history. It will also allow blackout hours, and will alert parents if their teen seems in distress.

This is a laudable step, but the problems are bigger than the effects on teens alone. As Altman says, this is a “new and powerful technology”, and it’s affecting adults in unexpected ways too. This summer, the New York Times reported that a Toronto man, Allen Brooks, fell into a delusional spiral after beginning a simple conversation with ChatGPT.

There are plenty more such stories. How, exactly, does the company plan to protect those people?


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

(no subject)

Sep. 18th, 2025 11:58 am
mikerrr: (Default)

Три румба на йух

Sep. 18th, 2025 04:52 am
[syndicated profile] xaxam_lj_feed

Недоил меняет галс?

Что-то в последнее время недоил daniel_grishin выдаёт рулады в непривычной тональности. Меньше про пендосов, больше про тупых гейропцев и бессмысленных ООНанистов, и уж совсем неожиданные нотки похвалы в адрес сионистов.

Предположу невозможное: недоил сматывает удочки из негостеприимной Гермашки, но лыжи мылит не столько к родным питерским берёзкам болотам, сколько к исторически родным средиземноморским пальмам.

Но ядерную аудиторию недоила от такого крутого разворота почему-то тошнит. Когнитивный диссонанс, наверное: говноед-недоил их приручил к определённой диете, а теперь вдруг сменавех...

fuck Jimmy Kimmel

Sep. 17th, 2025 08:35 pm
stas: (Default)
[personal profile] stas
Весь вечер на арене: люди, которые только что обьясняли нам, почему убивать за слова - это нормально и даже ожидаемо, теперь возмущаются наступлением фашизма, когда одного из них уволили за наглое враньё в эфире.

Тут, конечно, есть один момент - я согласен с Таибби, что FCC тут лучше было посидеть в сторонке. Но учитывая, что левая пресса уже полностью достигла состояния тысячи холмов, и политическое насилие становится просто рядовым делом, и останавливаться они, как мы видим, совершенно не собираются, нетрудно понять, почему они сидеть в сторонке не хотят. Это не хорошо и не правильно, хотя в создавшейся обстановке обьяснимо - трудно сдерживаться, когда в тебя стреляют. 
[personal profile] chasovschik
NYT:
 
ABC Pulls Jimmy Kimmel Off Air for Charlie Kirk Comments

Mr. Kimmel faced some criticism for comments he made on Monday about the motives of the man who is accused of killing Mr. Kirk, the conservative activist.


Киммел, конечно, выступил довольно ярко, но масштабами реакции я, честно говоря, весьма впечатлен. Не ожидал я такой реакции. И все эти ребята, похоже, тоже такого себе представить не могли, потому что привыкли совсем к другому. Очень уж быстро ветер поменялся. Зато теперь все левые опять за свободу слова, как в шестидесятых, и сурово осуждают всех, кто рассказывает - как они рассказывали десять минут назад - что на hate speech свобода слова не распространяется. Наступил, короче, наконец в Америке давно обещанный фашизм - правые стали делать то же самое, что и левые. Не совсем, конечно, то же самое, но левым от неожиданности и этого хватило.
Tags:

Юмор

Sep. 17th, 2025 09:39 pm
mikerrr: (Default)
[personal profile] mikerrr
Пиво - это пенный огнетушитель трудового энтузиазма.


- Всем моим подругам постоянно часто эротические сны снятся, а мне никогда...
- А что тебе снится?
- Чушь всякая - бананы, огурцы, колонны...


Совесть - это разновидность сексуального отклонения, заключающаяся в привычке трахать самому себе мозг.


Прочитал в одном паблике про психологию о синдроме отложенной жизни и решил в рамках борьбы с синдромом налупиться на ночь бутербродов, а не откладывать на потом. Может быть психология это не так уж и плохо
© g_o_n_z_o


— Ну, показывайте
— У нас всё по науке. Сотня сотрудников с фамилией Ньютон. Каждую минуту им на головы падает по яблоку...
— И много открытий уже сделали?
— Да ни одного пока.
— А почему?
— Предполагаем, что яблоки не того сорта. Будем экспериментировать...
— Хорошо, мы продолжим ваше бюджетное финансирование.


люди, конечно, не летают как птицы, но всё же у авиакомпаний есть чему поучиться.
например: при общении с людьми стоит соизмерять габариты их эмоционального багажа со вместимостью своего эмоционального багажника.
и требовать доплаты при перевесе
© alphyna


ты вся сердитая такая
упала видимо с метлы

Web Analytics
Tags:
[syndicated profile] malwarebyets_feed

Researchers have discovered a large ad fraud campaign on Google Play Store.

The Satori Threat Intelligence and Research team found 224 malicious apps which were downloaded over 38 million times and generated up to 2.3 billion ad requests per day. They named the campaign “SlopAds.”

Ad fraud is a type of fraud that lets advertisers pay for ads even though the number of impressions (the times that the ad has been seen) is enormously exaggerated.

While the main victims of ad fraud are the advertisers, there are consequences for the users that had these apps installed as well, such as slowed-down devices and connections due to the apps executing their malicious activity in the background without the user even being aware.

At first, to stay under the radar of Google’s app review process and security software, the downloaded app will behave as advertised, if a user has installed it directly from the Play Store.

collection of services hosted by the SlopAds threat actor
Image courtesy of HUMAN Satori

But if the installation has been initiated by one of the campaign’s ads, the user will receive some extra files in the form of a steganographically encrypted payload.

If the app passes the first check it will receive four .png images that, when decrypted and reassembled, are actually an .apk file. The malicious file uses WebView (essentially a very basic browser) to send collected device and browser information to a Control & Command (C2) server which determines, based on that information, what domains to visit in further hidden WebViews.

The researchers found evidence of an AI (Artificial Intelligence) tool training on the same domain as the C2 server (ad2[.]cc). It is unclear whether this tool actively managed the ad fraud campaign.

Based on similarities in the C2 domain, the researchers found over 300 related domains promoting SlopAds-associated apps, suggesting that the collection of 224 SlopAds-associated apps was only the beginning.

Google removed all of the identified apps listed in this report from Google Play. Users are automatically protected by Google Play Protect, which warns users and blocks apps known to exhibit SlopAds associated behavior at install time on certified Android devices, even when apps come from sources outside of the Play Store.

You can find a complete list of the removed apps here: SlopAds app list

How to avoid installing malicious apps

While the official Google Play Store is the safest place to get your apps from, there is no guarantee that it will remain a non-malicious app just because it is in the Google Play Store. So here are a few extra measures you can take:

  • Always check what permissions an app is requesting, and don’t just trust an app because it’s in the official Play Store. Ask questions such as: Do the permissions make sense for what the app is supposed to do? Why did necessary permissions change after an update? Do these changes make sense?
  • Occasionally go over your installed apps and remove any you no longer need.
  • Make sure you have the latest available updates for your device, and all your important apps (banking, security, etc.)
  • Protect your Android with security software. Your phone needs it just as much as your computer.

Another precaution you can take if you’re looking for an app, do your research about the app before you go to the app store. As you can see from the screenshot above, many of the apps are made to look exactly the same as very popular legitimate ones (e.g. ChatGPT).

So, it’s important to know in advance who the official developer is of the app you want and if it’s even available from the app store.

As researcher Jim Nielsen demonstrated for the Mac App Store, there are a lot of apps trying to look like ChatGPT, but they are not the real thing. ChatGPT is not even in the Mac App Store, it is available in the Google Play Store for Android, but make sure to check that OpenAI is listed as the developer.


We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

[syndicated profile] malwarebyets_feed

Researchers have discovered a large ad fraud campaign on Google Play Store.

The Satori Threat Intelligence and Research team found 224 malicious apps which were downloaded over 38 million times and generated up to 2.3 billion ad requests per day. They named the campaign “SlopAds.”

Ad fraud is a type of fraud that lets advertisers pay for ads even though the number of impressions (the times that the ad has been seen) is enormously exaggerated.

While the main victims of ad fraud are the advertisers, there are consequences for the users that had these apps installed as well, such as slowed-down devices and connections due to the apps executing their malicious activity in the background without the user even being aware.

At first, to stay under the radar of Google’s app review process and security software, the downloaded app will behave as advertised, if a user has installed it directly from the Play Store.

collection of services hosted by the SlopAds threat actor
Image courtesy of HUMAN Satori

But if the installation has been initiated by one of the campaign’s ads, the user will receive some extra files in the form of a steganographically encrypted payload.

If the app passes the first check it will receive four .png images that, when decrypted and reassembled, are actually an .apk file. The malicious file uses WebView (essentially a very basic browser) to send collected device and browser information to a Control & Command (C2) server which determines, based on that information, what domains to visit in further hidden WebViews.

The researchers found evidence of an AI (Artificial Intelligence) tool training on the same domain as the C2 server (ad2[.]cc). It is unclear whether this tool actively managed the ad fraud campaign.

Based on similarities in the C2 domain, the researchers found over 300 related domains promoting SlopAds-associated apps, suggesting that the collection of 224 SlopAds-associated apps was only the beginning.

Google removed all of the identified apps listed in this report from Google Play. Users are automatically protected by Google Play Protect, which warns users and blocks apps known to exhibit SlopAds associated behavior at install time on certified Android devices, even when apps come from sources outside of the Play Store.

You can find a complete list of the removed apps here: SlopAds app list

How to avoid installing malicious apps

While the official Google Play Store is the safest place to get your apps from, there is no guarantee that it will remain a non-malicious app just because it is in the Google Play Store. So here are a few extra measures you can take:

  • Always check what permissions an app is requesting, and don’t just trust an app because it’s in the official Play Store. Ask questions such as: Do the permissions make sense for what the app is supposed to do? Why did necessary permissions change after an update? Do these changes make sense?
  • Occasionally go over your installed apps and remove any you no longer need.
  • Make sure you have the latest available updates for your device, and all your important apps (banking, security, etc.)
  • Protect your Android with security software. Your phone needs it just as much as your computer.

Another precaution you can take if you’re looking for an app, do your research about the app before you go to the app store. As you can see from the screenshot above, many of the apps are made to look exactly the same as very popular legitimate ones (e.g. ChatGPT).

So, it’s important to know in advance who the official developer is of the app you want and if it’s even available from the app store.

As researcher Jim Nielsen demonstrated for the Mac App Store, there are a lot of apps trying to look like ChatGPT, but they are not the real thing. ChatGPT is not even in the Mac App Store, it is available in the Google Play Store for Android, but make sure to check that OpenAI is listed as the developer.


We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Hacking Electronic Safes

Sep. 17th, 2025 11:05 am
[syndicated profile] bruce_schneier_feed

Posted by Bruce Schneier

Vulnerabilities in electronic safes that use Securam Prologic locks:

While both their techniques represent glaring security vulnerabilities, Omo says it’s the one that exploits a feature intended as a legitimate unlock method for locksmiths that’s the more widespread and dangerous. “This attack is something where, if you had a safe with this kind of lock, I could literally pull up the code right now with no specialized hardware, nothing,” Omo says. “All of a sudden, based on our testing, it seems like people can get into almost any Securam Prologic lock in the world.”

[…]

Omo and Rowley say they informed Securam about both their safe-opening techniques in spring of last year, but have until now kept their existence secret because of legal threats from the company. “We will refer this matter to our counsel for trade libel if you choose the route of public announcement or disclosure,” a Securam representative wrote to the two researchers ahead of last year’s Defcon, where they first planned to present their research.

Only after obtaining pro bono legal representation from the Electronic Frontier Foundation’s Coders’ Rights Project did the pair decide to follow through with their plan to speak about Securam’s vulnerabilities at Defcon. Omo and Rowley say they’re even now being careful not to disclose enough technical detail to help others replicate their techniques, while still trying to offer a warning to safe owners about two different vulnerabilities that exist in many of their devices.

The company says that it plans on updating its locks by the end of the year, but have no plans to patch any locks already sold.

[syndicated profile] malwarebyets_feed

We already knew that the US airline industry gave the government access to passenger records. However, this week it emerged that at least five billion passenger records are being sold to government agencies via a searchable database—far more than was initially believed.

A few weeks ago, investigative research team 404 Media reported on a secretive relationship between many US airlines and the US government. That story showed that the airlines had sold US agencies access to around a billion records.

Now, researchers have found the data broker that collects flight data from the airline industry has made at least five billion records available to federal agencies.

The organization selling the data is the Airlines Reporting Corporation (ARC), which is owned and operated by at least eight US airlines. It sells the government this data under the Travel Intelligence Program (TIP), which was started after the 2001 attack on the World Trade Center.

ARC provides access to a searchable database of at least five billion records, updated daily with new ticketing information. At least one agency, the US Secret Service, has a contract to access this data, paying $885,000 for data through 2028, according to documents obtained by 404 Media.

Known clients

In June, 404 Media found that ARC had been making names, flight itineraries, and financial details available to US agencies, which were forbidden from revealing it as the source, under contract. The data included flights booked via 12,800 travel agencies, which submit ticket sales from over 270 carriers globally to ARC.

Originally developed as a financial clearing house, ARC provides payment settlement services for federal agencies and airlines. Known clients include Customs and Border Protection, and Immigration and Customs Enforcement. Travel dates and credit card numbers are available to federal customers, which also include the Securities and Exchange Commission, the Drug Enforcement Administration, and the US Marshals Service.

A long history of sharing data

The US airline industry has a long history of interacting with the US government. In 1996, Al Gore’s White House Commission on Aviation Safety and Security recommended automated screening for better flight security. A year later, most North American airlines voluntarily implemented what became known as the Computer Assisted Passenger Prescreening System (CAPPS). After the Transportation Security Administration (TSA) took over CAPPS, it built a system called CAPPS II, which used security color-coding for flight passengers. That system ran into trouble after several airlines admitted to giving the US government access to passenger data.

American Airlines reportedly confessed to making passengers’ records available in the early 2000s, as did United, while Northwest also gave NASA access to millions of passenger records. These relationships enabled data mining work at government agencies involving passenger records. A US General Accounting Office (GAO) report in 2004 found that CAPPS II was behind schedule, in part because it had failed to address privacy concerns.

“One air carrier initially agreed to provide passenger data for testing purposes, but adverse publicity resulted in its withdrawal from participation. Similar situations occurred for the other two potential data providers,” the report said. “TSA’s attempts to obtain test data are still ongoing, and privacy issues remain a stumbling block.”

The TSA canned CAPPS II that year, switching instead to a system called Secure Flight. This also implemented a color-coded security system for passengers and uses the US government’s No-Fly list.

The information that ARC funnels to the US government reportedly comes only from travel agencies, meaning that direct bookings with airlines hopefully won’t be logged in this way. Passengers might want to consider that when making travel plans.


We don’t just report on data privacy—we help you remove your personal information

Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.

[personal profile] mikerrr
В небольшом городке Новой Зеландии 73-летний фермер Джон Харрис, ухаживая за своим огородом, заметил, что грибы, растущие на компостной куче, выделяют слабый электрический заряд при разложении. Заинтригованный, он начал экспериментировать и создал прототип биобатареи, используя грибные отходы и простые проводники. Устройство оказалось способно заряжать небольшой фонарик или датчик температуры, что поразило местных жителей. Идея кажется абсурдной — грибы как источник энергии? Но Джон утверждает, что это экологичное решение для мелких устройств.


Web Analytics

Предзнаменование

Sep. 17th, 2025 05:38 am
[syndicated profile] xaxam_lj_feed

Гладкий, толстый и жирный кролик

Ёшкин кот Габи Айзенкотт решился бросить шляпу на ринг, опубликовав список своей партии под названием "Айзенкот без извилин". 120 имён, как положено: плох тот енерал, штаб которого не разработал планы полного разгрома всех противников. Не он первый, не он последний из генералов, обсиравшихся на политическом поле.

Но в данном случае я случайно видел вблизи одного из его ближайших соратников. Маноло (Мануэля) Трахтенберга, считающийся израильским экономическим гением. Он как-то забрёл в наше профессорское кубло с лекцией "взгляд и нечто". Экономический гений при ближайшем рассмотрении оказался феерическим болваном и пустобрёхом, и после часа абсолютно пустопорожних словоизлияний (вопросов он попросил не задавать, чтобы не прерывать плавный поток его речи) я встал и демонстративно вышел, хлопнув дверью. Со мной вышли ещё несколько профессорьёв, торопившихся к своим делам.

Сейчас я решил проверить свою память и посмотреть, чем отметился пустобрёх на разных высоких постах (он начал как назначенец Ольмерта, Биби сменил его как только выиграл выборы).
❝Был председателем национального совета по экономике при премьер-министре Израиля (2006–2009), где сыграл заметную роль в экономическом планировании страны.

Возглавил правительственную социально-экономическую комиссию в 2011 году, чьи рекомендации легли в основу ключевых реформ после массовых социальных протестов против дороговизны жизни.❞
Комиссия Трахтенберга, созданная в результате "коттеджного протеста", родила мышь. Кажется, единственное, что частично удалось выполнить из его рекомендаций, — бесплатные детские сады для детишек моложе 3 лет. (В основном) на это ушло за три года около 60 ярдов шекелей (часть ушла на повышение пособий на аренду жилья для малоимущих).

Всё так и оказалось. Долдон, пустое место, говорилла с докторской степенью.

Зато Моня-Маноло точно знает, кто виноват. Такое знание дорого стоит.
[personal profile] stas
А вот в Тель-Авиве требуют от синагог предоставлять религиозные сервисы представителям всех религий. А не хотите - синагогу закрывают. Эти ребята перещеголяли даже штат Колорадо, где всё-таки доёбываются только до пекарей, и не требуют от католиков совершать намаз, а от мусульман - трубить в шофар. В Тель-Авиве, понятно, нравы суровее. 

Понятно, конечно, что эта забота мэрии о "равенстве" - продолжение всё той же кампании по всяческому усложнению и ухудшению жизни религиозных евреев, о которой я уже неоднократно упоминал. Тамошние ебанько, как и всех левые ебанько, испытывают дикую попоболь, когда кто-то с ними не согласен, и стремятся уничтожить любые очаги враждебных им мыслей. В данном случае - синагоги. Прямо в Тель-Авиве.
В последний раз мне тут рассказывали, что это всё сами досы виноваты - зачем раздражают тель-авивских леваков своим существованием?! Видимо, опять начали сильно раздражать. 

Glimpse of a Motive

Sep. 16th, 2025 06:55 pm
chasovschik: (Default)
[personal profile] chasovschik
NYT начала нехотя догадываться о мотиве убийцы Кирка. "Text Messages From Suspect in the Kirk Shooting Provide a Glimpse of a Motive".

Тексты, если кто не видел, описывают этот мотив исчерпывающе. Все как и предполагалось: "I had enough of his hatred. Some hate can’t be negotiated out". Никакого сумасшествия, никаких голосов в голове, чистая левая идеология.
Tags:

линки недели - 552

Sep. 16th, 2025 04:06 pm
stas: (Default)
[personal profile] stas

Для нашего же блага

1. Unearthed emails show left-wing group quietly writing policies for progressive DAs: ‘No billing, no publicity’

2. Senator Tom Cotton demands an investigation into why CAIR received millions in taxpayer funds and influence over school curriculums.

3. I didn't notice until now that the man accused of stabbing and killing the Ukrainian young woman in Charlotte, N.C. said on camera, "I got that white girl, got that white girl" while walking around with her blood dripping from his knife. Nobody reacts on the train, reflecting how Americans are used to urban ultraviolence
Is this a way to live your life?

4. Seattle Public Schools face massive budget shortfall amid enrollment collapse, woke gender lessons

5. A particularly damning February 2024 memo from Biden’s White House Counsel’s office noted that while Biden had previously asked to discuss pardon candidates personally, the process had shifted to the point where “the Vice President’s approval was sufficient to obtain his approval.”
Бидон был полным овощем и просто подписывал всё, что Камала ему подсовывала. Как минимум весь 2024, возможно и раньше.

6. Georgia: The 2020 Election was over four and a half years ago and these 140K+ paper election ballots are apparently so radioactively counterfeit that the state judiciary would rather be seen as completely corrupt than to order them finally brought out of that warehouse.

7. Woman in California registered her dog to vote then illegally voted with the dog using mail-in voting.
Voter fraud never happens.

8. It has been revealed that the Charlotte, North Carolina, city manager is the highest-paid city manager in the United States, earning roughly $500,000 a year, more than the salary of the President of the United States.

9. Conservative election integrity advocates praised the Trump administration for rescinding a Biden-era guidance that allowed Federal Work-Study funds to be used to employ students to perform election jobs.
Taxpayers were paying for interns that worked for Democrat causes. As usual, the Dems are treating taxpayers' pockets as their own.

10. -911,000 fewer jobs were created between April ’24 and March ’25, the BLS says.
They fucking missed an error by million jobs. These numbers are worse than useless.

11. DEI: To make it easier to recruit black judges multiple states don't require magistrate to have college degrees much less law degrees. Those same states require barbers to have thousands of hours of training and licensing - regardless of skin color.
Yes, it's easier to become a judge than a barber.

12. $3.3 MILLION from left-wing NGO The MacArthur Foundation went to Mecklenburg County to “reduce the jail population”, the very county that released career criminal DeCarlos Brown 14 times.
Nothing of it is random. All of it is very well paid.

13. Sen. Markey says we should jail political opponents just like Brazil does.
That's what would have happened if Dems won, have no doubt.

Dozens of swastikas

14. Notorious antisemitic Jew hater and terrorist supporter Linda Sarsour is funding and promoting the mayoral campaign of antisemtiic Jew hater Communist Zohran Mamdani.
Birds of feather

15. 'Allah will burn them': What pro-Palestinian students and allies say when they think no one is watching
Exactly what you expect them too.

Нас бережёт

16. Zohran Mamdani complains about Eric Adams' tough-on-crime policies, vows to reduce jail population
Совершит ли Нью-Йорк самоубийство? В любом случае, один человек не может остановить безумие, но вполне может оказаться где-нибудь от него подальше. Чем это заканчивается, мы все отлично знаем.

17. Magistrate Judge Teresa Stokes, who RELEASED 14-time criminal DeCarlos Brown Jr., is also the "Director of Operations" at Second Chance Services, a mental health and addiction clinic in Charlotte, NC.
No conflict of interest here...

18. The court that freed Iryna Zarutska’s killer is COMPLETELY run by DEI. A Harris-donor magistrate with no law degree, a clerk who calls herself a “DEI consultant,” and “racial equity organizer” and a judge named “DEI Champion of the Year.”
DIE kills people.

19. WI Woman Who Hurt ELEVEN Crashing Into Bus Was Out on SIGNATURE BOND After Fatally Hitting Pedestrian
If you let the criminals go instead of prosecuting them, you get more crime. Surprise!

20. The average homicide suspect has been arrested ELEVEN times prior to them committing a homicide -- Former DC Police Chief Robert Contee, in 2023
There's not a lot of criminals, they just commit a lot of crime. Because they are not in jail.

21. A ten strike law preventing people from leaving prison after that many violent crime convictions would reduce period violent crime by 20%. Five strikes would cut violent crime by 40%.
We know what needs to be done, we are just refusing to do it.

22. We need more police, more prisons, and more asylums. And yes, we can arrest our way out of the psychotic-criminals-murdering-people-in-the-streets problem.
Yes we can.

23. FBI agents delayed showing a photo of the Charlie Kirk assassination suspect to their boss, Director Kashyap Patel, for 12 hours, according to the NYT.
Firings should happen.

24. Two Men Arrested for Attempted Firebombing of News Van in Utah
You didn't think the leftist terrorists would stop, did you?

Trans-Qaeda

25. Texas A&M removes dean & department head after a professor was caught kicking a student out of class for objecting to transgender lessons. The video went viral and the university was forced to act.
This is the way.

26. ‘No One Will Know’: Ohio Educators Caught Helping Dodge Trans Athlete Law

COVID-1984

27. Newly released emails show Fauci directed colleagues to “delete this after you read it”—dating back to Feb. 2020.

Culture war

28. Words are not violence
A lot of open source leaders and members gone off the deep end. DHH didn't.

29. These two images are perfect brackets for the crypto-Marxist attack on civilization.

30. Democrat-appointed Michigan judge drops all charges against 15 alternate electors in 2020 election
Дело было настолько вонючее, что даже судья-Демократ не решился.

Civility and decency

31. College Students on Both the Left and Right Agree: It's Okay to Shout Down an Opponent
Some are ok with shooting, not just shouting.

32. Notice how conservatives are very angry about Iryna’s killing and yet there are no shop owners boarding up their windows in preparation for mass rioting and looting.
Imagine if it were Jack Smith and DeShawna...

33. Redditors have turned r/music into a subreddit dedicated to gloating the death of Charlie Kirk.

34. Harvard Law professor spreads debunked rumor about Charlie Kirk assassination suspect
They don't even care if it's obviously false and easily debunked. They just spread the message - the point is to lie in unison. They are not interested in the truth, they are interested in supporting the party line. Even if they know for a fact it's a lie, it does not matter.

35. They kicked Parler off the Apple store for about 0.1% of the extremist vitriol which now pervades BlueSky and Reddit.
That was never about extremism and always about monopolizing the information flow.

36. Dem propagandist: "If you wanted Charlie Kirk to be alive, Donald Trump shouldn't have been President for the second term."
How more clear can it be? "If you try to remove us from power, we will murder you".

Лучшие люди города

37. When Joe Biden's pardon of his son Hunter prompted political backlash, the White House "began pushing to find more people to grant clemency to" in an attempt to flood the zone, Alex Thompson of Axios scooped.
Где прячут лист? В лесу.

38. Footage has emerged of Democrat Charlotte NC Councilwoman, Tiawana Brown's 50th birthday party, which she and her daughter's allegedly used $124,000 of COVID-19 relief funds to pay for.
And I am sure she'd be re-elected, because why not?

39. “Climate activists” have TAKEN OVER the lobby of CBS’ NYC office, blocking access to escalators and elevators. They’re claiming CBS is siding with Trump. Yes, I’m serious.
Please, police, don't lay a finger on them. Deliver pizzas to them. Let them stay as long as they want to.

40. Qatar is paying $80,000 a month to former congressmen Jim Moran, Tom McMillen, Tom Davis, and Tom Reynolds to lobby Congress and polish its image.
And likely many, many more people.

41. REPORT: BLM Activist Monica Cannon-Grant has pleaded guilty to 27 counts of fraud.

Беспристрастная пресса

42. PBS Slashes 15% of Staff After $500 Million Federal Funding Cuts
Good. But it should be 100%. There's no need for governmental media.

43. Ghoulish: Media Turn Charlotte Stabbing into Another ‘Republicans Pounce’ Story
They can't say anything on substance, so they use the same old trick - if you care about something being bad, it's because you are a Nazi.

44. NYT: “A Gruesome Murder in North Carolina Ignites a Firestorm on the Right.”
Это всё, что НЙТ считает достойным обсуждения по этому поводу - реакция правых. Само убийство - пустяки, дело житейское, но как правые смеют по этому поводу возбухать?!

45. Brian Stelter says response to Iryna Zarutska's murder is 'racist,' MAGA using stabbing as a 'political symbol'

46. WSJ finally covers Iryna Zartuska (page 5) to call her a "MAGA talking point"
Evil fuckers.

47. Reuters pulls Xi, Putin longevity video after China state TV demanded its removal
Наши бесстрашные репортеры тут же становятся по стойке смирно, как только какой-то диктатор на них цыкнет.

48. WaPo Editor: I Got Fired Over Charlie Kirk
I don't care how it happens, or why it happens, as long as it happens. Every single one of them needs to be fired. And the ground salted.
And, of course, she was fired, in part, for publishing a fake quote, that she falsely described as "on record". I.e. fraud.

Международная панорама

49. Chinese factories tied to Xinjiang forced labour feed supply chains for practically every major carmaker – and tariffs won’t stop that
Mercedes, BMW, Volvo, Citroen and others use slave-made parts from China.

50. Ireland’s Deputy Prime Minister, Simon Harris, has ordered his Party to BLOCK independent candidates, including frontrunner Conor McGregor, from running for President of Ireland.
That's a "democracy" for you.

51. 20 years ago, Islamic terrorists blew up this bus in London and murdered 56 people. The man behind the attacks, Haroon Rashid Aswat, is now being released.

52. Иран и МАГАТЭ договорились о возобновлении инспекций: что известно о новом соглашении
Ну вот, никаких санкций не будет, Иран займётся тем же, чем и раньше занимался.

53. Заява МЗС України щодо ізраїльського удару по Державі Катар
Яка мерзота!
И главное, никто же их за язык не тянет. Но нет, вот нет у них больших проблем, чем насрать на голову Израилю ещё разок.

54. The EU Parliament denies a minute's silence to remember Charlie Kirk, and Conservatives still stand to honor him. EU politicians are our real enemies.
Of course they don't want to honor him. They'd put him in jail if he lived in EU.

55. Eurovision organizers are reportedly offering Israel two options to end the participation crisis: 1. Temporary withdrawal from the contest for one year “to avoid humiliating removal by European countries” 2. Participation under a neutral flag
How about "fuck you antisemitic cowards?"

Технология

56. OpenAI Says It's Scanning Users' ChatGPT Conversations and Reporting Content to the Police
Well, bye-bye.

57. Red Hat Employee Says Free Software is "IT Version of White Supremacy"
Seriously, all these companies turned into utter shit. And, just like Hollywood or academia or the legacy press, the people they hate the most are those who they depend on for making their living.

58. The Apache Software Foundation has changed their name and logo. “As a non-Indigenous entity, we acknowledge that it is inappropriate for the Foundation to use Indigenous themes or language.”
Охуеть. И чем теперь пользоваться вместо этого?

59. The CTO of Microsoft Azure is not a fan of Trump, Republicans, or the USA. “The US government is a fascist regime,” he repeatedly says on his Bluesky account.

Наука

60. Global sea levels have not continued to rise at the rates predicted by many scientists — and there is no evidence that climate change has contributed to any such acceleration, a new first-of-its-kind study has claimed.
Hmm...

Старомыслы не нутрят ангсоц

61. The New School offers $10,000 course on 'How to Steal'
Don't let anybody ever tell you colleges do not give practical, useful knowledge.

62. College English majors can't read.
I'm sure they know the pronouns for all 945 genders though?

63. Cornell excluded white evolutionary biologist in ‘diversity hire’ search, complaint alleges
Racists and criminals.

История

64. A brief lesson on left-wing political terrorism, 1970-76
The terror beings every time the left loses power and only stops (temporarily) when they regain the power.

September 2025

S M T W T F S
 12 345 6
7 8 9 10 11 1213
14151617181920
21222324252627
282930    

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 18th, 2025 09:42 pm
Powered by Dreamwidth Studios