BC INTERNET

Saved by @Mollyycolllinss

$Markus Amalthea Magnuson \u2744\ufe0f$

Markus Amalthea Magnuson ❄️
@scifiagenda 4 years, 3 months ago 553 views

Save to PDF Share See On Twitter

I did more research into the Parler dump. What probably happened was not so much a "hack", but this: When Twilio/Okta shut them down, they just disabled email/phone verification to create an account. This means anyone could directly create huge amounts of accounts via their API.

Someone also found out that fetching Parler posts could be done by enumerating IDs (e.g 1, 2, 3) instead of random IDs that can't be guessed. Unclear if this was via the ordinary API endpoint, or that they found a separate one by monitoring app network traffic.

So you combine these two things and you can create a script to scrape all the posts on the entire platform, using a lot of different accounts to avoid suspicion. Anyone could download and run this script to spread it out over many IP addresses as well.

What I'm still not sure about is whether deleted (meaning flagged as deleted, it's common that services never actually delete data) posts could be fetched without any special handling.

The verdict: The people who wrote Parler are fucking amateurs.

This Reddit comment is a good, and from what it seems, correct, summary: https://t.co/SfJQFQQG2h

Using sequential IDs was supported because the Parler API had an endpoint to convert them to the UUIDs used to fetch posts. Easy to find endpoint via network monitoring, and didn't require any special authentication. 🤦

Here's that specific function in @donk_enby library parler-tricks: https://t.co/kKQT2KCac1

It also seems like they did not have any kind of rate-limiting. This just gets better and better.

More from Internet

Cory Doctorow #BLM
@doctorow

There are lots of problems with ad-tech:

* being spied on all the time means that the people of the 21st century are less able to be their authentic selves;

* any data that is collected and retained will eventually breach, creating untold harms;

1/

* data-collection enables for discriminatory business practices ("digital redlining");

* the huge, tangled hairball of adtech companies siphons lots (maybe even most) of the money that should go creators and media orgs; and

2/

* anti-adblock demands browsers and devices that thwart their owners' wishes, a capability that can be exploited for even more nefarious purposes;

That's all terrible, but it's also IRONIC, since it appears that, in addition to everything else, ad-tech is a fraud, a bezzle.

3/

Bezzle was John Kenneth Galbraith's term for "the magic interval when a confidence trickster knows he has the money he has appropriated but the victim does not yet understand that he has lost it." That is, a rotten log that has yet to be turned over.

4/

Bezzles unwind slowly, then all at once. We've had some important peeks under ad-tech's rotten log, and they're increasing in both intensity and velocity. If you follow @Chronotope, you've had a front-row seat to the

The numbers are all fking fake, the metrics are bullshit, the agencies responsible for enforcing good practices are knowing bullshiters enforcing and profiting off all the fake numbers and none of the models make sense at scale of actual human users. https://t.co/sfmdrxGBNJ pic.twitter.com/thvicDEL29
— Aram Zucker-Scharff (@Chronotope) December 26, 2018

Giovanni Pagano
@giovanni_pag

What are the implications of using hacked data for research?

A short thread inspired by the fact that, before AWs took it down, #Parler was extensively hacked and user data was leaked.

The #Parler dataset seems crazy interesting for doing research, and my first reaction after the breach was to shre it with other #CompSocSci ppl.

However, I started having second thoughts, so what follows is to organize ideas and have it somewhere I can look back to.

2/n

Generally speaking, as far as the ethics of research goes a good advice would be to handle hacked data with caution.

First of all, there's an issue of quality. Data might be altered or incomplete, and the source cannot be considered accountable (assuming src is anonymous).

3/n

Secondly and more importantly, a researcher using the data would probably be violating users’ consent and acting against the data collector's will.

Finally, users’ privacy is at stake, since researchers could see material that users didn’t agree for other people to see.

4/n

Sharing private information without consent might put people at risk of harm.

This is all the more true in cases such as the #ParlerHack, where the leaked information is of particularly sensitive nature, and there’s a high risk of unintended consequences.

5/n

Advertisement

$\u274cHarvey Staub \U0001f4aa\U0001f1fa\U0001f1f8\U0001f5a4\u2b50\ufe0f\u2b50\ufe0f\u2b50\ufe0f$

❌Harvey Staub 💪🇺🇸🖤⭐️⭐️...
@HarveyStaub1

1) Nashville bombing theory. So let’s go with this statement: “AT&T got the contract to do the forensic audit on the Dominion machines. Many are being transported to the Nashville location this week.” 👇

David Kaplan
@depletionmode

Linux code injection paint-by-numbers.

Can we launch a process that looks one way to (superficial) auditors but is, in fact, entirely different? (Think process hollowing and the like on Windows).

Firstly, how are processes created and what does related auditing look like?

The most common pattern is fork() → execve(). Where the fork() syscall create a duplicate of the running process context and execve() overlays a copy of the target program onto that context.

After calling fork(), we’ll have two processes, the original one and a new - duplicated - one (with a new pid).

Control will return from fork() to both process instances. In the child process, the return value will simply by 0, in the parent it will hold the pid of the child.

Thus we can determine whether we are running in the child context and call execv() accordingly, while allowing the parent to continue.

Now, let’s take a look at where the auditing hooks lie. From calling execve(), we’ll eventually land up in exec_binrpm().

Amarnath Amarasingam
@AmarAmarasingam

1. (THREAD) So, it seems like the deplatforming debate is once again kicking off, so I thought I would introduce some of the earlier work that was done in this area back when ISIS was buck wild on social media. What have we learned over the last six years might be useful today:

2. One of the earliest studies that discussed the impact of suspensions of ISIS accounts was @intelwire and Morgan's piece: The ISIS Twitter Consensus.

They found that suspensions did have an impact on replies and retweets and overall dissemination.

3. After suspensions, the die-hard supporters dedicated themselves to creating new accounts, but others whittled away: “it appears the pace of account creation has lagged behind the pace of suspensions”

4. On the specific question of how suspensions impact the Twitter network, see this piece by @intelwire and @IntelGirl111, which explores how suspensions impact these groups, including major disruptions to dissemination and decline in follower count:

5. Another study by @Aud_Alexander similarly found that ISIS supporters were finding it hard to “gain traction” after Twitter took a harder stance on the group.

You May Also Like

Patrick McKenzie
@patio11

It’s underremarked upon that stablecoins accomplish basically all of the original design goals for Bitcoin qua a transactional mechanism (instant free value transfer anywhere), but that nobody cares about this because nobody ever cared about that part of the pitch.

“Why do people care about stablecoins then?”

A mix of “they encourage dollar-denominated liquidity in the cryptocurrency ecosystem and discourage withdrawal of the same” and “they’re good for money laundering.”

“But they make value transfer between exchanges much faster!”

This was a solved problem in traditional finance, too, mostly through the extension of credit. (It doesn’t matter how long settlement takes if there is sufficient trust to enable credit.)

The Bitcoin ecosystem is *positively allergic* to credit, so you have to call it a coin for them to accept it. And after you call it a coin they ignore everything the world has learned about credit, like risk management.

“Stablecoins aren’t credit!”

They’re pretty much exactly credit? A tether is a zero-coupon Bitfinex bond with a non-functioning call option. I

Chris Herd
@chris_herd

I've spoken to 1,500+ people about remote work in the last 9 months

A few predictions of what is likely to emerge before 2030

[ a thread ] 💻🏠🌍

🚜 Rural Living: World-class people will move to smaller cities, have a lower cost of living & higher quality of life

These regions must innovate quickly to attract that wealth. Better schools, faster internet connections are a must

⏰Asynchronous Work: Offices are instantaneous gratification distraction factories where synchronous work makes it impossible to get stuff done

Tools that enable asynchronous work are the most important thing globally remote teams need. A lot of startups will try to tackle this

⚽️Hobbie Renaissance: Remote working will lead to a rise in people participating in hobbies and activities which link them to people in their local community

This will lead to deeper, more meaningful relationships which overcome societal issues of loneliness and issolation

🌍Diversity & Inclusion: The most diverse and inclusive teams in history will emerge rapidly

Companies who embrace it have a first-mover advantage to attract great talent globally. Companies who don't will lose their best people to their biggest competitors

Advertisement

Seth Abramson
@SethAbramson

(THREAD) The Whitaker scandal is deepening, as it becomes clear that Sessions' Russia recusal was a coordinated sham and his firing an act of obstruction—and that his replacement is a White House plant inside the Mueller probe. I hope you'll retweet and read on for more details.

1/ From 2014-17 Whitaker worked for World Patent Marketing—which during his tenure defrauded consumers out of $26 million and was successfully prosecuted by the feds. His involvement in the scam confirmed he had loose morals and that the feds would never want to employ him again.

2/ Despite the seeming impossibility of a man with Whitaker's background getting a job at Justice ever again—he'd been found to have used his former title as a US attorney to fraudulently threaten consumers with valid complaints with criminal penalties—Whitaker found an opening.

3/ Within 60 days of parachuting out of World Patent Marketing as it was being fined $26 million by the feds, Whitaker was working for CNN and telling a fellow attorney panelist that his purpose in working for CNN was to get noticed by one man—Donald Trump—and thereby get a job.

4/ Whitaker spent his time at CNN making ludicrous statements about the Mueller probe: there was no obstruction or collusion, he said; Mueller had no authority to look into any aspect of Trump's finances or to subpoena him, he said. All the while, he hoped Trump was watching him.

$Anu Satheesh \U0001f1ee\U0001f1f3$

Anu Satheesh 🇮🇳...
@AnuSatheesh5

Thiruvizha Mahadeva Kshetram
#Alappuzha
#Keralatemples 🚩

Thiruvizha Mahadeva Kshetram is located in Cherthala and it is believed that Prathishta of temple was done by Vilwamangalam Swamy. Paramashiva is Swayambhu here and is worshipped as Kalakandha which means who swallowed

Halahala visham to save the world during Samudra mathanam.

It is a famous temple where people seek the blessings, for curing the Kaivisham. The poison given by someone to destroy a person is made to vomit here. This is removed by making them vomit the poison by a special

medicine.
The medicine for vomiting is made from a plant near temple by Palodathu family. The milk offered to Bhagwan is mixed with the extracts of the plant.

Story says that once this place was a dense forest, and a woman was looking for the presence of a tortoise in the pond

and the tip of her stick hit the bottom and it started bleeding in the pond.
Frightened, the lady informed every one and after searching in pond people found Swayambhu Lingam inside the pond. Thus Prathishta was done here.

Om Namah Shivaye
Shambo Mahadeva
🙏🕉🙏

Anu Satheesh
@AnuSatheesh5

Guruvayur Sri Krishna & Coconut with Horns.
#Krishnaleela
#Bhakthi
🕉
We’ve all grown up listening to stories of Shri Krishna. This one is a famous story of Shri Krishna in Guruvayur Temple, also called Dakshina Dwaraka.

There lived a villager who planted coconut saplings and had promised that he would offer the 'first coconut' from each of his coconut trees to "Guruvayurappan". When the trees started to yield coconuts, he collected the first coconut from all the trees in a sack 👇

and set forth to Guruvayur.

On the way he was stopped by a robber who asked all the items in the sack. The villager told the robber that the coconuts in the sack belonged to Guruvayurappan and so he was unable to hand it over.
@SriramKannan77 @Jayalko1

The robber with anger asked the villager "Is Guruvaurappan's coconut any different? Does it have horns ?".
Saying so the robber pulled the sack forcefully out of the villager's hand, and coconuts came out..👇

To their astonishment each and every coconut in the sack had horns! Even today, the coconut with horns are displayed in the temple for devotees to see.

Below Picture is not original, as we cannot take photos inside temple.
Hare Krishna
Guruvayurappa
🕉🕉🕉🕉🕉
Shubham