Update 4/6: OverDrive (makers of Libby) is supporting and profiting from Israel's genocide in Palestine. More info: https://merida.hair/notes/9rryqx1x2fek02to

UPDATE 1/30: Two updates!

- I've been in touch with the person I mentioned in this post. If you would like to help my friend Elliot and his family get out of Ohio you can contribute here: https://ko-fi.com/fleeingwhiletrans

- I've noticed what I believe to be a pattern at #OverDrive of trans people who come out while working there being forced out or fired. Of the three folks who have come out as trans at OverDrive since 2018 none of us remained employed there for longer than 2 years.

------

Remember how my previous employer denied my WFH request so that I could flee the state of Ohio to take care of my trans kid while still working for a company I loved?

I just heard they did it to someone else today.

When you insist people come in to an office a few days a week because you want a "hybrid culture" not a "remote culture" and then tell them to just fuck off when all they want to do is get their kid somewhere safe that makes you an absolutely shitty person.

I'm done hiding who it was.

The company is #OverDrive, based in Cleveland. They make ebook lending software for your local library called #Libby. They say they care about their LGBTQIA+ employees and families but that is clearly a lie.

Ohio lawmakers are turning my home state into absolute garbage and companies like this one are playing along.

Tell your local library to #DropLibby

[Edit, since this is doing numbers: The reason my request was denied a little over a year ago, despite me explaining in detail why, was because they "want a hybrid culture, not a remote culture." (a quote from a senior leader to my face)

In both 2020 and 2021 while the whole company was working remotely I won two annual employee excellence awards for my work on their Security team, while the company had record growth.

Meanwhile, one of my teammates moved out of state to be closer to family and continued to work remotely.]

[Edit 2:

I no longer work there, I know KKR has money in them because I worked there, no I don't think KKR has convinced OD to destroy libraries, we no longer live in Ohio, I have a new remote job at a company that's treating me just fine so far, and don't stop using Libby because your library depends on the circulation numbers for funding. Instead convince your library to switch to something else.]

#Trans #TransRights #Ebooks #Libraries #Bookstodon

My god, if you thought people checking creds into GitHub was a problem, wait until the world figures out that Postman's new cloud model is literally a concentrator for accidental token exposure.

Alleged Trello Data Breach Raises Concerns: 15M User Records on Sale
L: https://thecyberexpress.com/alleged-trello-data-breach-raises-concerns/
C: https://news.ycombinator.com/item?id=39096199
posted on 2024.01.22 at 17:09:08 (c=0, p=4)

Me, being brought into a multi-vendor multi-day P1 incident because I’m ~good at Windows~:

“Has anyone looked at the Windows logs?”

Narrator: They had not looked at the Windows logs.

Post-credits scene: The error was in the Windows logs.

German law is making security research a risky business.

Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a software that produced way too many log messages. And he discovered that this software was making a MySQL connection to the vendor’s database server.

When he checked that MySQL connection, he realized that the database contained data belonging to not merely his client but all of the vendor’s customers. So he immediately informed the vendor – and while they fixed this vulnerability they also pressed charges.

There was apparently considerable discussion as to whether hardcoding database credentials in the application (visible as plain text, not even decompiling required) is sufficient protection to justify hacking charges. But the court ruling says: yes, there was a password, so there is a protection mechanism which was circumvented, and that’s hacking.

I very much hope that there will be a next instance ruling overturning this decision again. But it’s exactly as people feared: no matter how flawed the supposed “protection,” its mere existence turns security research into criminal hacking under the German law. This has a chilling effect on legitimate research, allowing companies to get away with inadequate security and in the end endangering users.

Source: https://www.heise.de/news/Warum-ein-Sicherheitsforscher-im-Fall-Modern-Solution-verurteilt-wurde-9601392.html

🚨 Massive credential stuffing list exposed! #NAZ API reveals over 1.4 billion unique combos of emails and passwords. Time to update your passwords and enable #2FA! Stay vigilant in the digital world 🌐. Read more: https://www.troyhunt.com/inside-the-massive-naz-api-credential-stuffing-list/ #InfoSec #CyberSecurity #DataBreach #PasswordSafety 🛡️

On being listed in the court document of artists whose work was used to train Midjourney with 4,000 of my closest friends and Willem De Kooning (1/3)

Apple telling employees in San Diego that the only way they could keep their jobs was to move to Austin was tantamount to firing most of them, and disgusting beyond measure, especially for female employees for whom moving to Austin could potentially be a death sentence in a complicated pregnancy under horrific Texas laws.

And the fence of the year award goes to!

"Looks like you're using an ad-blocker"

Looks like you're trying to install 52 trackers on my computer.

I would object far less to the fact that I have to spend more time and many more dollars to reach “professional, media-ready femme-presenting human” if the poker bankroll of cash I spent today on makeup and hair products for an Upcoming Thing was tax-deductible.

I’m angry that the tax code is a double-sided Pink Tax. I mean, I’m not thrilled that I have to spend the money on things that cost more for me anyway but at least make it a write off if I have to do it for my job. But we are forced to pretend that we #WokeUpThisWay, and I’m mad as hell over it.

PS: I resent the fact that I just had to spend my precious brain juices learning about cream vs powder contouring today. It’s not that it’s not nifty knowledge. It’s that I didn’t have a choice if I want to compete…and I could have spent that money on Legos and good cheese and a new cartilage piercing.

Thank you for coming to my Dismantle The Bloody Patriarchy Talk.

Chinese authorities are clamping down on free speech by exploiting an AirDrop weakness Apple has known about for 5 years (at least).

https://arstechnica.com/security/2024/01/hackers-can-id-unique-apple-airdrop-users-chinese-authorities-claim-to-do-just-that/

Popular athleisure clothing brand Halara is investigating a #databreach after the alleged data of almost 950,000 customers was leaked on a hacking forum. @BleepingComputer

https://www.bleepingcomputer.com/news/security/halara-probes-breach-after-hacker-leaks-data-for-950-000-people/

Framework Computer disclosed a #databreach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. @serghei @BleepingComputer

https://www.bleepingcomputer.com/news/security/framework-discloses-data-breach-after-accountant-gets-phished/

I'm running out of time. If I don't have a job in 6 weeks, I am truly fucked. I'm applying to everything I can find that I'm remotely qualified for, and mostly hearing crickets or "fuck you, we aren't moving forward." I've had two entire interviews since September 8. If you're somewhere that needs a REMOTE (willing to travel to client sites) security analyst/pentester/threat researcher at a senior (or even mid) level and you haven't already posted the position on job sites, please let me know. I am very good at what I do, I just need someone to give me a chance to do it.

Edit to add: I have over 20 years of experience in security, both as an attacker and a defender. I've worked in warehouse startups with eight employees and I've worked in Fortune 50 companies with tens of thousands of employees worldwide. I have a background in webapp testing, hardware hacking, reverse engineering, risk analysis, enterprise threat intelligence, lockpicking, social engineering, phishing, MSS/SOC, and very light scripting/programming skills in order to automate tasks. My toolset includes Metasploit, nmap, Nessus, recon-ng, spiderfoot, and a ton of other open-source and custom tools, but the specific tools aren't as important as the ability to use them effectively.

I'm located in Denver, Colorado, USA. Thank you so much you everyone who's boosted this.

#GetFediHired

Framework has reportedly had a breach. Customer names, emails, and outstanding balances. https://community.frame.work/t/framework-data-breach/43408 #cybersecurity #laptops #hardware #breach #phishing

Florida is removing dictionaries from schools

https://www.washingtonpost.com/education/2024/01/11/escambia-dictionaries-removed/

Terrifying snow leopards :meowpumpkin:

15 GOP governors have rejected summer food money for children

Indiana GOP has filed a bill to allow 14-year-old kids to drop out of school & work on corporate farms

Missouri GOP is pushing 2 bills that charge women with murder for getting an abortion

The “Pro life” party is proudly starving, exploiting, & killing women & children😐