@gabrielesvelto Yeah, information for that vulnerability is non-existent as well. In all the vulnerability management doesn't seem to be going great here.
Update: The "PeCoffLoader memory overflow issue for security" likely is CVE-2024-38796: https://nvd.nist.gov/vuln/detail/cve-2024-38796
Apparently there's a major #vulnerability in #AMD CPUs: "AMD Microcode Signature Verification Vulnerability."
The vulnerability was leaked by #ASUS in their beta BIOS changelog:
ASUS has since removed this entry from the changelog since it likely broke the embargo. Either way, this is not great as the new firmware is largely not yet available and likely won't be for a long while.
#infosec #cybersecurity
If you're using #Adobe #Acrobat you might want to check if your organization allows use of the by default enabled generative AI features: Acrobat sends the documents to cloud for processing, which likely goes against the data #privacypolicy of many orgs.
If unsure, go to Preferences > Generative AI and deselect "Enable generative AI features in Acrobat".
https://helpx.adobe.com/acrobat/using/disable-generative-ai.html
#privacy #defaults #enshittification
I had actually forgotten I still had Docker installed on this system. I've now fixed this issue by uninstalling the malicious app. I'm using #podman elsewhere already, just had this install lingering still. Apple: Thanks for the warning!
Apparently #macOS now considers #Docker malware.
#infosec #cybersecurity
@[email protected] it's restricted for other than macOS, it seems. In macOS it worked fine with location in Finland.
So far all my Apple Intelligence tests have been using a local model. The privacy report from Setting > Privacy & Security > Apple Intelligence Report > Export Activity generates JSON with:
{
"modelRequests": [],
"privateCloudComputeRequests": []
}
#appleintelligence #privacy
@[email protected] Really? It works for me and I'm in Finland, part of European Union. My account is indicates this as well.
#Apple Intelligence is now available in the European Union. While some features may not be fully functional yet, basic functionalities such as rewriting selected text seem to be working correctly. If you’re considering enabling this feature, please review the privacy policy at https://www.apple.com/legal/privacy/data/en/intelligence-engine/ Additionally, if you’re using a work device, it’s recommended to consult your organization’s IT department for further guidance.
#appleintelligence #europeanunion #eu #privacy
So I wanted to give #msfs2024 another try. I successfully created xbox live account beforehand and I made sure it works.
Couple of minutes ago I bought the game, installed it, and went to log in:
Boom #1: Your account is locked.
Ok this isn't that bad, I can use SMS verification to unlock it...
Boom #2: Try another verification method. This verification method isn't working right now.
Fine, lets see what the another method mind me.
Boom #3: It involves drumroll LOGGING IN TO YOUR ACCOUNT!
This is insane. Please Microsoft, I just want to play your game.. I've now bought twice, and will have to refund again...
#enshittification #microsoft #xboxlive #pcgaming #gaming
#PCGaming
@[email protected] Nah, but there's another booze bottle in the game that is exact same alcvol as Koskenkorva. They are of course actively avoiding trademark issues by creating their own labels and trademarks for items.
Finnish Cottage Simulator got update on Finland's independence day, adding:
#FinnishCottageSimulator #IndependenceDay #pcgaming #gaming #PCGaming
Here's a way to check if the #Spotlight searches are being shared with #Apple from the command line:
defaults read com.apple.assistant.support "Search Queries Data Sharing Status"
The values are:
1 - Enabled (data is being shared)
2 - Disabled (data is not shared)
NOTE: I do not know if there are other possible values, or what happens if the key is missing.
From "About Search & Privacy...":
"Search and Privacy
Search is designed to protect your information and enable you to choose what you share.
To Make Search Results More Relevant, Some Information Is Sent to Apple and Not Associated with You
When you use Look Up or Visual Look Up, when you type in Search, Safari search, #images search in Messages, or when you invoke Spotlight, limited information will be sent to Apple to provide up-to-date suggestions. Any information sent to Apple does not identify you, and is associated with a 15-minute random, rotating device-generated identifier. This information may include location, topics of interest (for example, cooking or basketball), your search queries, including visual search queries, contextual information related to your search queries, suggestions you have selected, apps you use, and related device usage data. This information does not include search results that show files or content on your device. If you subscribe to music or video subscription services, the names of these services and the type of subscription may be sent to Apple. Your account name, number, and password will not be sent to Apple.
You can also search using Siri, such as by asking Siri to look up general knowledge or do things like get directions. When you use Siri, the transcript of your request and other data may be sent to Apple to process your request and may be stored. You can learn more about how Siri handles your data by going to Settings > Apple Intelligence & Siri.
Information sent to Apple related to your searches is used to process your request and to develop and improve search results, such as by using your search queries to fine-tune Search models. It is not linked to your Apple Account or email address.
Aggregated information may be used to improve other Apple products and services. Apple may also send a limited, randomly sampled set of search queries to search tools for the purpose of evaluating and improving the performance and quality of Search.
Search Engine Suggestions in Safari
Safari has a single field for searches and web addresses so you can browse the web from one convenient place. When Search Engine Suggestions are enabled, Safari will ask your selected search engine for suggestions based on what you’ve typed.
Preload Top Hit in Safari
With Preload Top Hit enabled, as soon as Safari determines a Top Hit based on your bookmarks and browsing history, Safari will begin loading the webpage in the background. If you disable this option, the page will load normally.
You Have Choice and Control
If you do not want your search queries to be stored by Apple and used to improve Search, you can disable Improve Search by going to Settings > Search and tapping to turn off Improve Search. Searches you make through Siri will still be stored and used to improve Siri if you have enabled Improve Siri & Dictation. You can disable Improve Siri & Dictation by going to Settings > Privacy & Security > Analytics & Improvements and tapping to turn off Improve Siri & Dictation.
If you do not want web-based content and search results, you can disable “Show in Look Up” and “Show in Spotlight” by going to System Settings > Search and tapping to turn off those features.
You can disable Safari Suggestions in Safari by going to Safari > Settings > Search and deselecting Include Safari Suggestions.
You can disable Location Services for Search by going to System Settings > Privacy & Security > Privacy > Location Services, then clicking Details next to System Services and turning off Suggestions & Search. If you turn off Location Services on your device, your location will not be sent to Apple.
Apple may process and store the information that is sent to Apple with trusted third-party service providers.
By using Siri Suggestions in Search, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information. At all times, information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy."
#apple #privacy
Did you know that #Apple #macOS by default stores your local Spotlight searches and uses them to improve their service?
This option is NOT accessible from the obvious location of "Privacy and Security" but instead from "Spotlight". #privacy #telemetry #datacollection
I just noticed that the game location (Mankila) is actually a real place in Finland: https://maps.app.goo.gl/D3dFdmt7ACokCf7d8
The shape of the lake, the buildings around it are different and there are extra islands etc, but it is clearly modelled after the real deal. That's quite cool, heh.
#FinnishCottageSimulator
@[email protected] Currently there is no driving with or working on cars, but I've managed to hitch a ride from one of the NPCs. Driving the moped is quite fun until you drive into a ditch. Pulling the moped out of there is as painful as in real life... 😆
Other difference to my summer car: Currently there is no hunger, thirst, stress or similar "pressure". As it is early access I don't know if any if this will change later.
The multiplayer is ton of fun with bunch of friends.
So what could you do if the microcode signature verification can be bypassed? While not directly applicable, this #defcon presentation "DEF CON 31 - Backdoor in the Core - Altering Intel x86 Instruction Set at Runtime - Krog, Skovsende" gives some ideas: https://www.youtube.com/watch?v=Zda7yMbbW7s