Each change is less costly to store than each comment, and the system processes millions of comments per day.
Each change is less costly to store than each comment, and the system processes millions of comments per day.
And that introduces a specific type of supply chain threat: someone who possesses a computer can infect their own computer, sell it or transfer it to the target, and then use the embedded microcode against the target, even if the target completely reformats and reinstalls a new OS from scratch.
That’s not going to affect most people, but for certain types of high value targets they now need to make sure that the hardware they buy hasn’t already been infected in the supply chain.
Shouldn’t the DE/Window Manager be handling that? Seems like doing it on a window by window basis would be inefficient (and look inconsistent).
Rick Astley has been doing this for years!
The typical default configuration has the ISP providing DNS services (and even if you use an external DNS provider, the default configuration there is that the DNS traffic itself isn’t encrypted from the ISP’s ability to analyze).
So even if you visit a site that is hosted on some big service, where the IP address might not reveal what you’re looking at (like visiting a site hosted or cached by Cloudflare or AWS), the DNS lookup might at least reveal the domain you’re visiting.
Still, the domain itself doesn’t reveal the URL that follows the domain.
So if you do a Google search for “weird sexual fetishes,” that might cause you to visit the URL:
https://www.google.com/search?q=weird+sexual+fetishes
Your ISP can see that you visited the www.google.com
domain, but can’t see what search you actually performed.
There are different tricks and tips for keeping certain things private from certain observers, so splitting up the actual ISP from the DNS resolver from the website itself might be helpful and scattering pieces of information, but some of those pieces of information will inevitably have to be shared with someone.
A zero day is an exploit that has been identified by someone but not yet used.
I’ve always understood that the counting of days comes from the vendor’s knowledge. So any exploit from before Google was aware of the vulnerability would be a zero day.
It wouldn’t make any sense to refer to the days counted from when an attacker first discovers the vulnerability, because by definition any vulnerability in active exploitation wouldn’t be a zero day.
disclosed active exploitation
So, not a fucking zero day.
I’m confused. Isn’t an active exploit that hasn’t been patched yet, by definition, a zero day? So the release of a new patch that closes an actively exploited vulnerability patches a zero-day?
There was. If you map that onto the growth in population you’ll see that tickets per person has been dropping since about 2000.