I may be late to this, but here [1] is some commentary on why DoH (DNS over HTTPS) may not be as affective as it is perceived. The article also talks about DoT (DNS over TLS) mechanism which is apparently less disruptive for network monitoring tools compared to DoH.
Can some security minded folks from the community chime in about the claims made in the linked article?
The article has several good points but also some weak ones.
For example, it points out that DoH doesn't really protect privacy from ISPs because ISPs can still see what the users are doing because the ISPs route the traffic. Then, it claims that DoH weakens security because it would let users get around malware blacklists. However, this is mostly nonsense for the same reason. Malware (and other legitimate blacklisting) can and should be blocked even when hard-coded IP addresses are used.
The point about the logistics is very true, though. I won't use DoH at home because I operate my own DNS that contains intranet addresses not accessible from the outside Internet. DoH in Firefox would break those services.
This may be tangential and specific to United States, but is there a way to prevent someone from withdrawing money from your account if they know the account and routing number? Both of those numbers are on checks.
There isn't a good way to do that. Electronic funds transfers are generally reversible, though. After informing your bank of an unauthorized electronic funds transfer, they are required to investigate and provide you at least a provisional credit for the amount within ten business days.
Is it just me or others also feel that this is only exacerbated by having 'always in ear devices' like AirPods (or any other earbuds for that matter)? Why is it not considered rude to have them on while you're having a discussion with someone?
Don't worry, plenty of us would consider that rude :) It's really the same as checking your phone during a conversation. Is it useful for me to give you my full attention if yours is constantly changing channels?
YES it is 100% rude and weird imo. I was having a conversation with someone at an event, asked him a couple questions, and he only took his airpods out after a couple minutes. It felt weird and disrespectful. I told my colleagues about it and they agreed with me.
My favorite one lately, which is kind of the opposite, but at least as rude, is people having conversations on speaker phone as they're walking around in public. I don't really need to hear your conversation with Verizon customer service, bro.
Pollution is a commonly-used example of a negative externality [0], or a way to shift business costs onto a third party.
In the parent example, the implication is that rather than investing money in reducing pollution, that money can instead by returned to the investors as dividends, and the global public must bear the impact of the unmitigated soot emissions.
The "wealth transfer" in this case is represented by the costs absorbed by the public (in terms of increased healthcare costs, endangered coastal real estate, disaster relief costs, etc which may result from pollution and/or anthropogenic climate change) being transferred to the investors/owners/operators of the polluting companies in the form of reduced spending on mitigation technology.
That was my interpretation of the parent's meaning, at least. At the time I posted this comment, there were three different interpretations of the same comment, which is very interesting.
I took the parent comment to be making the assumption that politically attractive options for responding to emissions and climate change tend to be "market-based" solutions or activities that are picking winners between industries (say solar manufacturers and installers vs. coal plant workers). If there is a choice where there is a "winner" with money on the line there will also be lobbying money put toward that effort and so consensus building is easier.
There isn't necessarily anything nefarious about this, just that it may be incapable of dealing with the enormity of climate climate and also, as OP intimates, there may be a class of solutions that are better/cheaper/more efficient from a policy perspective, but that don't have anyone positioned to gain financially from them and so are harder to garner support for.
I have been exploring similar BLE "hacking" tools and hardware lately. While this is a pretty good description around how to preform basic recon and basic attacks against poorly protected BLE devices, I haven't been able to find a good tutorial around attacking BLE devices with Out-of-band pairing enabled.
To elaborate further, I have attempted using HackRF to sniff the OOB channels (e.g. NFC) with limited success. So, I'm wondering if anyone has had any experience with it.
I'm on a cap-exempt H1b visa working in cyber-security field. Within past year I had to let go of 3 job offers due to visa transfer not being possible to for-profit companies (and all offers were made after April, so lottery based H1b application wasn't a path I could take this year).
What would you recommend someone in my position should do if they want to switch job to a for-profit organization?
Note that you can work part-time in H-1B status for a for-profit company while on a cap-exempt H-1B. But beyond this, without knowing your qualifications, I would look at the O-1 .
To shed some more light on qualifications, I've BS+MS in ECE with ~3 years of experience in the security field. I'm a member of a well recognized standards committee defining security standards. I've given conference talks, and published articles in industry trade journals.
Does that make my odds of getting O1 visa (or EB1 green card) higher in any way?
Can some security minded folks from the community chime in about the claims made in the linked article?
(Disclaimer: English is my second language)
[1]: https://www.zdnet.com/article/dns-over-https-causes-more-pro...