20 Persons are tagged with #technology

Shaun Griffith
Shaun Griffith
shaungriffith1964@pluspora.com
#scifi #humor #language #math #technology

#technology

danie10@squeet.me
Danie

Oasis Security Research Team Discovers Microsoft Azure MFA Bypass: We Expect More From An Enterprise Provider Though

The image shows a dark, cracked earth in the foreground, suggesting a sense of vulnerability or fragility. In the background, there's a dark blue gradient that fills the space, punctuated by a grid of small plus symbols at the top and bottom, adding a technological or digital feel. A central element is a rectangular box with the word "AuthQuake" in a salmon-pink color, indicating a possible security breach. The box is connected by a dotted line to an arrow, implying movement or an ongoing process. The gradient background subtly transitions from dark to slightly lighter, creating depth.
Oasis Security’s research team uncovered a critical vulnerability in Microsoft’s Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching.

The bypass was simple: it took around an hour to execute, required no user interaction, and did not generate any notification or provide the account holder with any indication of trouble.

The news surfaced now in the last week, so Microsoft has addressed the issue already. For me, though, the real news is that a global enterprise level IT company should not have had such basic guardrails missing. It appears really that Microsoft had knowingly relaxed some measures around its 2FA to allow for convenience. But surely a lack of attack rate limiting is just unforgivable. One of the basics I always employ on my servers and blog, is attack rate limiting with lengthy blocks in place. If anyone has to guess a password or 2FA more than 3 times, there is something wrong.

Microsoft has had so many security fumbles over time that it is quite amazing that their monopoly in the workplace goes unchallenged. It seems Microsoft has very little care about their customers, as long as the money is rolling in, and if that eases, they just change the licensing parameters a bit. The recent Microsoft Recall feature was just another example of completely not appreciating their customers’ privacy, and that was also only addressed after a major outcry.

Microsoft probably has too much inertia, but actually there are some pretty good alternatives around if one takes a little trouble to rise out of the deep rut. The combination of pretty admin tools, AI, and cloud services has unfortunately made many admins way too lazy today. I think the quality of our admins on the edge, is a lot weaker than it used to be two decades back. All this usually means an even greater reliance on Microsoft where it is used in a corporate environment.

Security is about keeping it simple, and having a reasonable depth of knowledge about what is being managed.

See oasis.security/resources/blog/…
#Blog, #2fa, #security, #technology

One person like that
danie10@squeet.me
Danie

Thanks to Whiskey, You Will Be Gaming on Your Mac More Than Ever

The image shows a dimly lit bar scene, with shelves of liquor bottles blurred in the background. In the foreground, a bottle of whisky, a glass of amber liquid, and a laptop displaying a pixelated video game are arranged on a wooden surface. The laptop's screen showcases a scene seemingly from a retro-style role-playing game, vibrant colours adding a touch of fantasy to the otherwise mature environment. The bar's soft lighting creates a warm, inviting ambiance, contrasting with the focus on the digital world displayed on the screen.
Whiskey is a free app that you can download right now, and use to play Windows games on your Mac. It brings together the WINE compatibility layer as well as Apple’s own Game Porting Kit, while removing all the nerdy setup and hassle involved with both.

So it seems that Whiskey is stronger than WINE!

It seems to be a bit like the Bottles app on Linux. In my own case, Steam on Linux is playing most games that I want to play, but if you want to play games that are not on Steam, then I suppose Whiskey and similar apps would be the way to go.

See howtogeek.com/thanks-to-whiske…
#Blog, #gaming, #macos, #technology

One person like that
esa@social.gibberfish.org
European Space (unofficial)

Philippines team add hypergravity for stronger bone cells

image

Philippines’ research team with Large Diameter Centrifuge

A team of researchers from two universities in the Philippines made use of ESA’s Large Diameter Centrifuge to test the growth of bone cells in hypergravity. The results of their experiment could improve bone implant technology, as well as help support seaweed farming communities across the country.

#engineering #technology #space #science #esa #europeanspaceagency
posted by pod_feeder_v2

Philippines team add hypergravity for stronger bone cells

A team of researchers from two universities in the Philippines made use of ESA’s Large Diameter Centrifuge to test the growth of bone cells in hypergravity. The results of their experiment could improve bone implant technology, as well as help...

danie10@squeet.me
Danie

GRC’s DNS Benchmark software is getting a new version after 15 years

The image shows a computer screen displaying the DNS Benchmark software. The foreground is dominated by a detailed graphical representation of DNS server response times, with various IP addresses and their corresponding performance metrics clearly visible. In the background, the software's interface is evident, with tabs for 'Introduction', 'Nameservers', 'Tabular Data', and 'Conclusions' clearly displayed. The software's version number (1.3.6668.0) and copyright date (2010) suggest it may be an older version of the software. The specific selection of DNS servers being tested is indicative of a purposeful activity rather than random testing.
Seems that v1, which is now 15 years old and nearly 10 million downloads, still gets downloaded over 1,000 times daily. But it has needed a fresh for a while now. IPv6 is here as well as encrypted DoH, DoT, DoQ, etc.

There is a roadmap published at the link below outlining what the planned new features look like. There will still be a free version with some new features, but there are also Plus and Pro versions that have a once-off fee, but do include all future updates.

Although it was (and still will e) written to work on Windows OS, it will be fully compatible to run under WINE on Linux.

So hopefully this will be available sometime later in 2025.

See grc.com/dns/benchmark.htm
#Blog, #DNS, #technology

One person like that