What’s mandos? I don’t find anything useful when searching for it.

Computer upvote this post. I mean comment. No, I meant the comment. Computer remove the upvote from the post. Computer upvote the comment.

Computer compose reply.

Dear Aunt, let’s set so double the killer delete select all

I don’t know if it’s still relevant, but I used to use Synergy to do this.

This is a horrible decision.

ATT … penalised smaller publishers in particular since, unlike the main vertically integrated platforms, they depend to a large extent on third-party data collection to finance their business

Cry me a fucking river.

Here is my actual autocomplete (first suggestion for each word):

The diagnosis is that the patient is a member of the family and has been in the hospital for a long time and has been treated for a long period of time and has had a very bad reaction to the medication and has been given a good doctor to treat the patient for a long term condition that is not a good idea to be honest with you.

JK Rowling is a transphobe, a bigot, and a fascist.

SMS messages are not encrypted. Theoretically, this allows telecommunications providers to scan for and blacklist spam campaigns at the network level, if they make enough noise. On the other hand, messages sent via RCS or iMessage are encrypted end-to-end. Although an iMessage will route directly through an Apple server, Apple itself cannot read the content in transit. Lucid takes advantage of this by sending phishing texts via iMessage and RCS, turning this otherwise positive security feature on its head.

That’s it. That’s the “fault” that is being “exploited” that they mention multiple times in the lead-in to the article.

I personally know of two different banks who send a notification to your phone app to verify that it’s you they are speaking with on the phone, and they will do this even when it’s them that called you and not the other way around.

It’s security theater as it doesn’t prove anything to either party (as it’s trivial for scammers to have a man-in-the-middle) but they still do it.

I had no idea there are people who pronounce Godot as “go-dot.” I will never be able to unhear this.

I’ve always said “god-oh” with a silent ‘t’ like in “Brigitte Bardot”.

They’ve pissed so many billions of dollars into quantum computing, at least they’re using it for something.

Did anyone tell them that you can use the noise in a semiconductor junction to produce truly random numbers too? You can buy one for a few pennies.

Never click links in emails or messages. Open a new tab and type the website address manually to log in.

Silk Nukem SongNever

🤡

Most recent episode is 17th Jan. Did they stop?

Why are you posting this low effort slop?

I want my altavista back

Substack is Geocities for the Tumblr generation.

An SEO ghoul’s wet dream.

The original report: https://www.zimperium.com/blog/catch-me-if-you-can-rooting-tools-vs-the-mobile-security-industry/

This isn’t so much security research as it is marketing for the company’s mobile endpoint security tool.

Their stats on the surface are interesting. According to the data collected by Zimperium:

According to our data, the exposure factor of rooted devices versus stock devices varies from 3x to ~3000x, which suggests that rooted devices are potentially much more vulnerable to threats than stock devices.

But then the paper doesn’t even speculate as to why that might be. The rest of the report is basically a sales pitch for their security software. Rooting is bad and you need to keep these devices off your corporate networks (by buying our software) is the only message they’re sending.

Off the top of my head, here are some hypotheses for the correlation, each of which has different implications for how to best mitigate the risks:

1. rooted devices are more likely to produce false-positive security alerts in the endpoint detection software
2. rooting tools themselves are used as an initial loader in infection chains
3. users of rooted devices are more technical and therefore more likely to install more apps overall, increasing attack surface area
4. users of rooted devices are more technical and therefore more likely to engage in risky software installation (sideloading untrusted software)
5. rooted devices contain more vulnerabilities
6. stock OS security is good at stopping malware from misbehaving, rooting removes those mitigations

The implication of the paper seems to be that (5) or (6) is the case: “rooted devices are potentially much more vulnerable to threats than stock devices.” If the cause is (3) or (4) on the other hand, then there’s not much that can be done outside of user education, since these users are inherently more likely to increase the attack surface of their devices whether the device is rooted or not.

(1) or (2) however would imply that the whole research is bogus, as in the case of (1) the data would be completely unreliable and in the case of (2) the causation is actually the reverse of what the paper implies, which is to say that malware causes rooting of the device, not the other way around.

Interestingly then, the paper includes this illustration:

Figure 4 illustrates this idea, showing a case of a rooted device that ended with a full compromise after sideloading malicious applications.

The infection with malware occurs 10 seconds after the installation of Magisk, the tool used to get root access to the device. It should be obvious to anyone that this was not a coincidental infection caused by the user rooting their device, but actually the malware was using the rooting tool as the first step in compromising the device. So in this case, malware caused rooting of the device, not the reverse.

The linked Hackread article essentially just regurgitates the points from the Zimperium report without any critical analysis of why or how rooted devices pose a threat. For users of rooted devices it would be helpful to know whether they are actually at more risk, and why, so that they can mitigate the risks. But this article is not about security research, it’s just a sales pitch.

Don’t ask to ask, just ask.