Site Flaws – HCG Injections Webs http://hcginjectionswebs.com/ Just another WordPress site Tue, 14 Sep 2021 18:19:15 +0000 en-US hourly 1 https://wordpress.org/?v=5.8 http://hcginjectionswebs.com/wp-content/uploads/2021/07/icon-2-150x150.png Site Flaws – HCG Injections Webs http://hcginjectionswebs.com/ 32 32 Security breach forces Apple to release emergency update for iPhones http://hcginjectionswebs.com/security-breach-forces-apple-to-release-emergency-update-for-iphones/ http://hcginjectionswebs.com/security-breach-forces-apple-to-release-emergency-update-for-iphones/#respond Tue, 14 Sep 2021 17:49:36 +0000 http://hcginjectionswebs.com/security-breach-forces-apple-to-release-emergency-update-for-iphones/ If you have an iPhone of any sort (you might be reading this article on an iPhone right now), stop what you’re doing and install the latest OS update. It could save you a big headache in the future. According to United States today, the Citizen’s Lab at the University of Toronto discovered what they […]]]>

If you have an iPhone of any sort (you might be reading this article on an iPhone right now), stop what you’re doing and install the latest OS update. It could save you a big headache in the future.

According to United States today, the Citizen’s Lab at the University of Toronto discovered what they call a “zero-click flaw” in Apple’s operating system that allowed hackers using Pegasus spyware to access your phone through iMessage without need to send a link that you need to click. Instead, they just need to send you a random picture to access your phone and all the personal information you have stored there.

After alerting Apple to the flaw, developers at the tech company quickly got to work on the fix and released it for download on Monday. To install iOS 14.8 on your phone, open the Settings app, tap General, tap Software Update and follow the steps. I updated mine on Monday night and it took about 10 minutes to download and install. Updates for Mac computers and Apple watches are also available, so if you own any of these devices, be sure to update them as well.

What is Pegasus spyware?

Created by NSO Group, an Israeli company that USA Today calls a “hacking company,” Pegasus is considered by some to be the most powerful spyware. never created by a private company. Why? Because it essentially turns your phone into a 24 hour surveillance device that can “copy the messages you send or receive, harvest your photos, and record your calls.” It may also be able to “secretly film you through your phone’s camera or activate the microphone to record your conversations,” according to an article written by David Pegg and Sam Cutler and posted on The Guardian back in July of this year. Did you panic again? If so, it won’t help; the authors say it can also “potentially locate where you are, where you’ve been and who you’ve met.” Yes, the technology!

How it works

Unlike other hackers or malware that try to unknowingly get you installed on your phone through a link sent to your email or text message, Pegasus can be installed on your device and you would never know it. The latest version checks for vulnerabilities in your phone’s operating system (OS) that the people who designed the system didn’t even realize existed. Think of it as water and your phone as the roof of your house. No matter how hard you think you sealed it, if there’s a little pinhole that you missed somewhere, water is going to get in. The makers of Pegasus find these pinholes and use them to access your phone, computer, tablet, or watch.

In the case of Apple’s operating system, Citizen Lab discovered that the “pinhole” was a flaw in iMessage’s “image rendering library”. Basically, Pegasus disguises itself as a picture code making your phone believe it is a normal, everyday picture such as a photo and lets it pass. What’s even scarier, or more awesome depending on how you want to look at it, you’ll never know. You will not receive any notification that you have received a message and Pegasus automatically erases any evidence once it is entered.

How much should you be worried?

NSO Group Says It Has Authorized Its Pegasus Spyware “For Government Agencies And Police Forces To Investigate Major Crimes,” Says in the United States today. While this may be true, Pegasus was also allegedly used to hack the devices of “human rights activists, journalists and political dissidents.” Unless you fall into one of these camps, the chances of someone targeting you or me with spyware are slim. If anyone really wants to know that my wife was running to Walmart after work and asked me if I needed anything, they can just ask, I’ll gladly tell them (the answer was “I didn’t. not needed ”by the way).

Having said that, why take a chance? Better safe than sorry if you ask me.

[Sources: USA Today / The Guardian]

KEEP READING: Here’s How to Blur Your Home on Google Street View

25 real crime scenes: what do they look like today?

Below, find out where 25 of the most infamous crimes in history took place – and what these places are for today. (If they remained standing.)

LOOK: What important laws were passed in the year you were born?

The data in this list was acquired from reliable online sources and media. Read on to find out which major law was passed in the year you were born, and learn its name, vote count (if any), impact, and meaning.


Source link

]]>
http://hcginjectionswebs.com/security-breach-forces-apple-to-release-emergency-update-for-iphones/feed/ 0
Hey, how did you get in here? The main weakness in application security in 2021 has been failed access control, according to OWASP • The Register http://hcginjectionswebs.com/hey-how-did-you-get-in-here-the-main-weakness-in-application-security-in-2021-has-been-failed-access-control-according-to-owasp-the-register/ http://hcginjectionswebs.com/hey-how-did-you-get-in-here-the-main-weakness-in-application-security-in-2021-has-been-failed-access-control-according-to-owasp-the-register/#respond Fri, 10 Sep 2021 18:35:00 +0000 http://hcginjectionswebs.com/hey-how-did-you-get-in-here-the-main-weakness-in-application-security-in-2021-has-been-failed-access-control-according-to-owasp-the-register/ The Open Web App Security Project has released its list of the top ten vulnerabilities in web software, as part of the general movement to make software less dangerous at the design stage. New entries in the top 10 flaws highlighted by the project include “insecure design”, linked to specific design flaws, and “software and […]]]>

The Open Web App Security Project has released its list of the top ten vulnerabilities in web software, as part of the general movement to make software less dangerous at the design stage.

New entries in the top 10 flaws highlighted by the project include “insecure design”, linked to specific design flaws, and “software and data integrity failures”. The latter refers to “making assumptions about software updates, critical data, and CI / CD pipelines without checking integrity.”

The release is a draft for public comment and peer review, with a final version to be released later this year.

The number one web application security vulnerability this year is Broken Access Control, with OWASP sullenly noting: “The 34 CWE * mapped to Broken Access Control had more occurrences in applications than any other category. “

Non-specific examples The cited OWASP includes failure to validate user credentials for browser access to administration pages.

Crypto failures have also been Underline by OWASP, arriving at number two on this year’s list. Previously, this category was known as “sensitive data exposure”, with the organization noting that the old description was “a general symptom rather than a root cause.”

While the new name of this category conjures up images of kiddie script breaking RSA-4096 encryption with a single click, the mundane truth is that it covers everything from hard-coded passwords to insufficient entropy of words. password, as well as “broken or risky crypto algorithms.” Specific examples of bad practice under “cryptographic failure” include storing passwords without hashing or salting them or not enforcing TLS on login-protected web pages.

Code injection and cross-site scripting come third, with other common weaknesses including security configuration errors, outdated libraries, and server monitoring and logging failures.

The OWASP annually ranks the top ten by reviewing industry data on vulnerabilities discovered in web software, combining this with an industry survey asking frontline people what flaws they’ve seen in the world. over the past year and which deserve wider dissemination.

The organization explained:

In 2018, Martin Knobloch, then president of OWASP, said El Reg that the top ten list had been both a blessing and a curse, saying, “A guide on how to validate is not a guide on how to build security.” ®

Starting note

* CWE: enumeration of common weaknesses. See also CVE, Common Vulnerability Enumeration. A vendor independent means of tracking faults using a unique reference number.


Source link

]]>
http://hcginjectionswebs.com/hey-how-did-you-get-in-here-the-main-weakness-in-application-security-in-2021-has-been-failed-access-control-according-to-owasp-the-register/feed/ 0
Content curated with a human touch: Bookshlf http://hcginjectionswebs.com/content-curated-with-a-human-touch-bookshlf/ http://hcginjectionswebs.com/content-curated-with-a-human-touch-bookshlf/#respond Tue, 07 Sep 2021 12:15:00 +0000 http://hcginjectionswebs.com/content-curated-with-a-human-touch-bookshlf/ If you are an avid reader, you have probably run into the problem of having too much to read and not enough time to read, especially if you are carrying out your work and family responsibilities. So it makes sense that in the age of conservation something will come about selecting the best items for […]]]>

If you are an avid reader, you have probably run into the problem of having too much to read and not enough time to read, especially if you are carrying out your work and family responsibilities. So it makes sense that in the age of conservation something will come about selecting the best items for your interest.

Mike Abend, CEO of Library. His company approaches curation differently than you would see with technology platforms, choosing instead to use humans to make choices rather than algorithms. It’s an interesting approach if you’re skeptical of the quality of the content you’re seeing, and Mike and his co-founders seem to have found an okay audience.

Marie Juetten: When did you start?

Mike Abend: My co-founders and I first logged in at an SXSW happy hour – Andrew and Justin had previously worked together at an arts agency, and Justin and I were in the process of creating the influencer marketing division for the multi-channel network where we worked. We were all optimistic about the digital creator space, but also frustrated with the types of content that are most “successful” on digital platforms. After the conference, we agreed to use the nights / weekends to further explore the concept, and for over a year we exchanged emails and phone calls, and thought about how to create a better content platform, eventually unanimously agreeing that curation was the answer to the problem. In early 2019, we had an MVP and started lifting a pre-boot round, leading up to our public beta launch (web and iOS) in March 2020.

Juetten: What problem are you solving?

A bend: Our media ecosystem is flawed. We have access to more information, content and creativity than at any point in history, but the most popular platforms only focus on a tiny fraction of that content depending on what fits. to their algorithms: titles, discord, negativity and personal promotion. We founded Bookshlf on the fundamental belief that when it comes to sharing content with knowledge, tastes and expertise, human curation is better than algorithms. Bookshlf users organize their favorite content (articles, videos, podcasts, books, music, tweets, and more) in separate shelves, and your Bookshlf is made up of all the shelves you organize and all the shelves you follow.

Bookshlf curators can generally be classified into one of three categories: Experts (NASA engineers, academics, scientists); Digital creators (podcasters, journalists, Medium editors, Substack editors); or Enthusiasts (amateurs, fans, passionate content consumers).

Curators have a simple, beautiful, and easy-to-use platform to share all the amazing content they are already consuming, and as Bookshlf begins to grow its user base, Curators have been able to create an audience that appreciates. their unique curation. Most recently, we introduced curator monetization to allow Bookshlf users to tip their favorite curators and show support with their wallet. Tipping seems like a popular option right now for the creator economy, but we see it as the first business model we are integrating for our curators as part of the passion economy.

Juetten: Who are your customers and how do you find them?

A bend: Our clients can be divided into two overlapping categories: Preservatives and Consumers.

Either the Conservatives find us or we do direct outreach to keep adding new members to the community. We’re usually looking for people who are already active on a digital platform but aren’t a good match for the type of content that works best on that platform. For example, we were able to build an amazing community of STEM curators because it’s actually really hard to create science / tech / engineering / math content on Instagram and Twitter. There was a whole community of #STEMINISTS and science communicators who were eager to work with Bookshlf as it provided a better tool to express their unique value proposition.

Consumers would likely be part of the audience that 20 years ago subscribed to magazines or trade publications. One word tends to appear often in their biography: “constant learners”. I think the main users of Bookshlf are people who want to see quality content on a variety of topics, from multiple perspectives and from verified sources. They seem to understand that you probably won’t see the content curated on Bookshlf anywhere else. To reach new customers, our audience acquisition strategy is focused on organic growth via integrated acquisition loops, supplemented by SEO and partnerships.

Juetten: How have past projects and / or experience helped this new project?

A bend: We all have significant experience in the digital creator space – we’ve worked with the biggest influencers in the industry, made deals with each of the major social media platforms, and assisted / led the growth of an entire industry that didn’t exist. not 10 years ago. But instead of being frustrated with the limitations of the status quo, we saw an opportunity to use our background and expertise to create a better content experience.

We knew what was important to digital creators and what motivated them because we had worked with them for years. We understood the existing loopholes in social media platforms because we had already been forced to build business models around them. And we knew there was a huge community of creators that weren’t served by traditional content platforms and were looking for a different way to express themselves.

Juetten: Who is in your team?

A bend: There are three co-founders, and while we each have some direct responsibilities, I want to stress that we are very collaborative and operate by consensus. I have legal training and am CEO and responsible for technical / product management. Co-Founder Justin Cadelago leads Audience and Growth and is also the Community Manager for our Curators, and Co-Founder Andrew Boggs is Editor-in-Chief and Community Manager for Consumers.

Juetten: Did you raise any money?

A bend: We raised $ 500,000 in pre-seed funding from friends / family / angels / micro VCs. Some of our investors also act as advisors to the company, such as David A. Steinberg, Founder and CEO of Zeta Global (a leading data / marketing company).

Now that we have validated our basic hypothesis, we are starting to consider a Seed increase to scale the platform and incorporate additional monetization strategies.

Juetten: How do you measure success and what is your favorite success story?

A bend: We see success as a real added value for our users and an experience that leaves them better than when they started using our product. The emphasis is on “time spent on the platform” or “engagement” as measures of success, but these are often trough or lead to negative results. My favorite success story is probably Wikipedia – built on the belief that the best source of knowledge comes from the crowd, verified by our peers, coordinated via a “wiki”. The amount of information and knowledge I gained from their library is unquantifiable, I can’t even imagine what it would cost if it were offered in an academic setting. Anyone in the world now has access to great information and context on almost anything, as long as you’re curious and willing to seek it out. Free.

Juetten: Any tips for startup founders or CEOs in growth mode?

A bend: Don’t get addicted to paid acquisition. It’s easy to feel good about the top user growth you pay for, but that’s not how you scale a platform and, in the end, it’s not sustainable. You need to make sure your users are excited about your product, activated and retained, and attract additional users to start the elusive ‘growth flywheel’. This doesn’t happen by simply paying for new users. People have to love what you are building.

Juetten: And of course, IP challenges or horror stories to share? They can be anonymous.

A bend: We featured a well-known VC on our pre-screening round, which included a partner as well as a summer intern. The pitch went well and they liked our product, but in the end they let the opportunity pass because we were too early for them. A few weeks later, I got a Twitter message that alerted me to a beta website named something like “Shlf.com,” which allowed users to keep their favorite content on separate “shelves”. It wasn’t the first time someone pulled out our idea, but when I delved into the project I realized that the person behind was the summer intern we proposed! I called the partner and let him know what was going on, and he was very helpful and apologized for the situation. The site was closed shortly after and we never heard from them again.

Juetten: What is the long term vision for your business?

A bend: Just like when you used to walk into someone’s house and see what was in their actual library – the books, records, movies, and things that were important to them – we want to create the same experience for the digital world.

Ultimately, we are the platform for curating and sharing important, relevant, and quality content based on unique perspectives – where digital creators build audiences and monetize their unique curation around topics they are passionate about. In the process, we are building the best technology for curators and consumers, and building the Internet’s largest library of organized and contextualized content.


As an avid reader and constant consumer of knowledge, I love it! And for those of us who look askance at what’s being promoted at the top of our feeds, it’s the hope for a better and hopefully smarter experience. #From.


Source link

]]>
http://hcginjectionswebs.com/content-curated-with-a-human-touch-bookshlf/feed/ 0
What is malware as a service? http://hcginjectionswebs.com/what-is-malware-as-a-service/ http://hcginjectionswebs.com/what-is-malware-as-a-service/#respond Fri, 03 Sep 2021 19:31:00 +0000 http://hcginjectionswebs.com/what-is-malware-as-a-service/ Every year, computers and gadgets around the world are compromised with the help of automated hacking tools. Most attacks are carried out by hacker groups who rely heavily on Malware as a Service (MaaS) networks. So what is MaaS? How do hackers distribute malware? And how do you protect yourself from malware? Malware as a […]]]>

Every year, computers and gadgets around the world are compromised with the help of automated hacking tools. Most attacks are carried out by hacker groups who rely heavily on Malware as a Service (MaaS) networks.

So what is MaaS? How do hackers distribute malware? And how do you protect yourself from malware?

Malware as a service explained

Just as big tech organizations like Microsoft, Google, and Oracle have evolved over the years to provide cloud-based subscription-based services, the hacker underworld now offers similar subscription models.

Malware-as-a-Service platforms, in particular, offer malware rental services that allow anyone with an Internet connection to access custom malware solutions. Most of the apps are cloud-based and don’t require installation.

Some of the MaaS services even offer money back guarantees while others operate using commission-based models where a portion of the funds obtained through hacking campaigns are kept by the administrators of the platform.

Breaking down MaaS networks

Image illustrating a communication network.

MaaS networks typically operate on a model made up of three key groups.

The first and most important are the programmers who are responsible for developing the malware kits.

The second group is made up of distributors. They specialize in identifying common vulnerabilities in computer systems that allow the injection of malware during virus distribution campaigns.

The third group is that of administrators. They oversee the day-to-day operation of the network to make sure everything is running smoothly. They also receive ransom commissions during campaigns and make sure all participants follow house rules and regulations.

That said, a large portion of MaaS networks are subscriber-based. Payments are typically made in privacy-focused cryptocurrencies such as Monero. These advances in money transfer have emboldened cybercriminals as payments are harder to trace.

The scalability of MaaS operations also makes them formidable.

Among the most notable cybersecurity attacks launched by MaaS syndicates is the infamous cryptoworm ransomware WannaCry. It infected over 200,000 computers in 2017. Originally developed by the US National Security Agency (NSA), it was personalized and leased to hackers by a group known as Shadow Brokers.

The malware was used to cripple the systems of Deutsche Bahn AG, England’s National Health Service, and FedEx, the international courier company.

Common ways of distributing malware as a service

Here are some of the most common malware distribution methods used by MaaS platforms.

1. Messaging systems

Image illustrating the distribution of e-mails.

A significant number of these services rely on email systems to undermine vulnerable systems. They send emails to unsuspecting targets who have embedded links leading to malicious websites.

In the event that a victim clicks on the link, the chain of infection starts. Typically, malware begins by writing firewall exceptions and setting up obfuscation processes before scanning the computer for vulnerabilities. The main objective is usually to corrupt the primary sectors of the processor.

After the initial infection is successful, additional malware may be downloaded to the system. The infected device may also be connected to a botnet controlled by MaaS.

2. Malicious advertising

Malicious advertising relies on ad networks to spread worms and involves embedding malicious code in advertisements. The malware infection sequence is triggered each time the ad is viewed using a vulnerable device.

The malware is typically hosted on a remote server and configured to exploit key browser elements such as Adobe Flash Player and JavaScript.

Malicious ad campaigns are generally difficult to curb, as ad networks rely heavily on automation to serve thousands of ads at once.

In addition, the advertisements displayed are exchanged every few minutes. This makes it difficult to discern the exact ad that is causing the problems. This weakness is one of the main reasons why malicious ad campaigns are favored by MaaS networks.

3. Torrent files

Torrent sites are increasingly used by hackers to distribute malware. Hackers usually download corrupted versions of popular movies and games from torrent sites for the purpose of campaigning against malware.

Related: What Is A Torrent And How Do You Use It?

The trend increased at the start of the coronavirus pandemic, resulting in increased downloads. A significant number of files hosted on the sites were found to be bundled with cryptocurrency miners, ransomware and other types of malicious applications designed to compromise system security.

How to avoid falling victim to MaaS attacks

MaaS networks use common methods of malware infection to implant malicious code. Here are the standard precautionary measures used to thwart their attacks.

1. Install reputable antivirus

Antivirus software is a formidable first line of defense in Internet security because it detects worms before they cause major damage.

Top rated antivirus suites include Avast, ESET, Kaspersky, Malwarebytes, and Sophos.

2. Avoid using torrent sites

Virus detected on laptop.

The other precautionary measure to take in order to avoid MaaS attacks is to avoid downloading files from torrent sites. Indeed, a large number of files hosted on the sites contain malware. The lack of file integrity checks makes torrent sites prime distribution centers for viruses.

Additionally, some torrent sites openly mine cryptocurrency using visitors’ machines by taking advantage of browser loopholes.

3. Do not open emails from unknown senders

It is always important to avoid opening emails from unknown sources. This is because MaaS organizations regularly send emails to targets that include links to malware-laden sites. Websites are typically designed to probe visitors’ browsers for vulnerabilities and trigger intrusion attacks.

If you are unsure of the integrity of a linked site, disabling certain browser elements such as JavaScript and Adobe Flash Player will help thwart associated attacks, but the best advice is to just don’t click on it. .

4. Use a secure operating system

Man pointing at a locked matrix.

Using a secure operating system in a conventional manner helps mitigate malware attacks. Many of them are simply more secure than Windows because they are less popular and therefore hackers spend less resources finding their vulnerabilities.

The most secure operating systems by design include Qubes, TAILS, OpenBSD, and Whonix. Many of them include enhanced data privacy and virtualization features.

All is not lost

As malware as a service networks grow, law enforcement agencies have gone to great lengths to eliminate them. These counter-strategies consist in particular in subscribing to them in order to disentangle the operation of their hacking tools in order to disrupt them.

Antivirus companies and cybersecurity researchers sometimes also use MaaS to provide prevention solutions.


malware
10 steps to follow when you discover malware on your computer

Getting malware on your computer is a huge security risk. Here’s what you can do to limit the damage if this happens.

Read more


About the Author


Source link

]]>
http://hcginjectionswebs.com/what-is-malware-as-a-service/feed/ 0
What is stored XSS? – Boulevard de la Sécurité http://hcginjectionswebs.com/what-is-stored-xss-boulevard-de-la-securite/ http://hcginjectionswebs.com/what-is-stored-xss-boulevard-de-la-securite/#respond Tue, 31 Aug 2021 20:01:02 +0000 http://hcginjectionswebs.com/what-is-stored-xss-boulevard-de-la-securite/ An introduction to the vulnerabilities of Stored Cross-Site Scripting (XSS) photo by RoonZ to Unsplash Cross-Site Scripting, or XSS, is one of the most common vulnerabilities threatening web applications today. It is so prevalent in modern applications that it has been consistently named as one of the top ten vulnerabilities in OWASP. Today we’re going […]]]>

An introduction to the vulnerabilities of Stored Cross-Site Scripting (XSS)

photo by RoonZ to Unsplash

Cross-Site Scripting, or XSS, is one of the most common vulnerabilities threatening web applications today. It is so prevalent in modern applications that it has been consistently named as one of the top ten vulnerabilities in OWASP. Today we’re going to find out what XSS vulnerabilities are, what stored XSSs – the most dangerous type of XSS – are and how to avoid them.

What is XSS?

XSS is when an attacker can execute malicious scripts on a victim’s browser.

Most of the time, applications use user input to create web pages. And if that application cannot differentiate between user input and the legitimate code that makes up a web page, attackers can submit an entry in executable scripts format and have it executed by the victim’s browser.

The victim’s browser will then execute the malicious script, believing it to be the legitimate code of the web page. These scripts (Javascript, VBScript, etc.) can be used to steal cookies, disclose personal information, modify site content, or redirect the user to a malicious site.

There are three main types of XSS: Stored XSS, Reflected XSS, and XSS DOM. The difference between these cross-site scripting flaws is in the way the malicious code is delivered to the victim. Today we’re going to focus on the most dangerous type of cross-site scripting: Stored XSS.

What is a stored XSS?

Stored XSS occurs when the XSS payload, or malicious script, is stored on a server before being picked up by the victim’s browser.

When an application accepts user input, stores it on its servers, and uses it to create web pages without proper precautions, malicious JavaScript code can find its way into the database and then into browsers. the victims.

For example, let’s say that an Internet forum allows users to post comments. When a user submits a comment to a post, that user input is rendered on the web page that is served to anyone who views that blog post. Normally, users would submit text comments like these:

Vickie: Thanks for this great post!
Ben: I think this topic is more...
Jo: Appreciate the discussion, in this case...

But now what if an attacker submits a comment like this?

<script>alert("XSS by Vickie");</script>

This comment contains the syntax of the JavaScript code. indicates to the browser that the content contained in the tags should be interpreted as JavaScript code and not as plain text. Thus, if an attacker submits a comment with JavaScript code, he can have this code executed by the browser of any user who views this blog post! The JavaScript code alert (“XSS by Vickie”) will generate a pop-up window on the victim’s browser stating “XSS by Vickie”. Each time a user posts the comment on the forum, their browser executes the built-in JavaScript. This is called a Stored Cross-Site Scripting, or Stored XSS, because the payload is first stored on the server before being retrieved by the victim’s browser.

During a stored XSS attack, attackers save their malicious scripts on the target application’s server and wait for victims to access them. Every time the users access the page, the malicious script is executed in their browser. Stored XSS tends to be the most dangerous type of XSS, as attackers can attack many victims with a single payload. And during a stored XSS attack, all the user has to do to become a victim is view a page with the payload built in, while thoughtful and DOM XSS usually require the victim to click on a malicious link. .

How can I prevent XSS?

So how could you prevent XSS?

First of all, remember that you should never trust user-submitted entries! To prevent XSS, you need to make sure that user-submitted entries do not contain dangerous characters that could influence the way browsers interpret information on your web page. You can do this by implementing robust input validation and output escaping.

You can to validate user input and reject the input that might contain malicious payloads. For example, a user entry containing the string ”

Source link

]]> http://hcginjectionswebs.com/what-is-stored-xss-boulevard-de-la-securite/feed/ 0 Reviews | The performative anti-racism of black students at the University of Wisconsin http://hcginjectionswebs.com/reviews-the-performative-anti-racism-of-black-students-at-the-university-of-wisconsin/ http://hcginjectionswebs.com/reviews-the-performative-anti-racism-of-black-students-at-the-university-of-wisconsin/#respond Tue, 24 Aug 2021 19:00:06 +0000 http://hcginjectionswebs.com/reviews-the-performative-anti-racism-of-black-students-at-the-university-of-wisconsin/
The real fault here lies in the administration of the school, whose deer tails popped up as they scurried through the forest, out of fear of going against the commandments of what we now call anti-racism, which apparently involves treating black people as boobies and think of them as accounts. The real awakening would have […]]]>

The real fault here lies in the administration of the school, whose deer tails popped up as they scurried through the forest, out of fear of going against the commandments of what we now call anti-racism, which apparently involves treating black people as boobies and think of them as accounts.

The real awakening would have been to realize the delicate but urgent civic responsibility to call, if necessary, blacks on nonsense. Yes, even black people can be wrong. As black professor Randall Kennedy of Harvard Law puts it in his upcoming “Say It Loud!” “:” Blacks also have flaws, sometimes blatantly. These weaknesses can be the consequence of racist ill-treatment. But they are still weaknesses. To claim that this is never the case when it comes to racism is not to count but to dehumanize.

I know – you were thinking, based on what people of a certain charisma tell you, that the idea is that when it comes to race or racism black people are always right. What matters is not what someone meant, but what the (black) person says they think. Nothing less blames the victim.

The problem is, subscribing to that label requires thinking beyond what logic dictates. For example, according to the tenets of Critical Race Theory which has such an influence on so many people today, each black person represents a narrative of race-wide oppression that we must think about regardless of the details. pesky such as empiricism or even consistency. Or maybe black infallibility is just complicated?

Law. We all know, on some level, that this is nonsense, and readers who think I am making this point only to whites are completely wrong. I mean all of us. Neither slavery, Jim Crow, nor redlining make a people’s judgment infallible about where racism has come to head.

Treating a people with dignity requires not only listening attentively and sympathetically to their grievances, but also being able to take a deep breath and call on them aspects of those grievances that are meaningless. And there will be, unless those voicing the grievance are fictitious creations instead of human beings.

When it comes to race, we should assess, look forward rather than back, channel our thoughts and feelings with the cortex rather than the brainstem, think slowly rather than fast – and the idea that this advice is “white” is relevant. science fiction. This applies to the demonstrators as well as to those against whom they are protesting. Instead, too much of what passes for elucidation of race these days is simply pretending that something makes sense out of fear.


Source link

]]>
http://hcginjectionswebs.com/reviews-the-performative-anti-racism-of-black-students-at-the-university-of-wisconsin/feed/ 0
Jonathon Kuminga has seen a lot, he’s a very mature 18-year-old rookie http://hcginjectionswebs.com/jonathon-kuminga-has-seen-a-lot-hes-a-very-mature-18-year-old-rookie/ http://hcginjectionswebs.com/jonathon-kuminga-has-seen-a-lot-hes-a-very-mature-18-year-old-rookie/#respond Sun, 22 Aug 2021 16:37:00 +0000 http://hcginjectionswebs.com/jonathon-kuminga-has-seen-a-lot-hes-a-very-mature-18-year-old-rookie/ Jonathan kuminga turns heads in the Summer League with his athleticism and potential. The flaws on the pitch that made teams hesitate and Kuminga fell to the Warriors at No.7 – the lack of a consistent 3-point shot, disinterested expanses of defense – were obvious but also felt like only things he would grow and […]]]>

Jonathan kuminga turns heads in the Summer League with his athleticism and potential. The flaws on the pitch that made teams hesitate and Kuminga fell to the Warriors at No.7 – the lack of a consistent 3-point shot, disinterested expanses of defense – were obvious but also felt like only things he would grow and evolve beyond.

Some teams also had concerns off the pitch about how Kuminga might be a little lonely and how he might fit into an NBA locker room. It’s something Conner Letourneau mentions in a must-see profile of Kuminga in the San Francisco Chronicle, but those worries seem short-sighted as you learn about Kuminga and his background.

He was born and raised until the age of 13 in Goma, Congo, a country of political instability – Kuminga spoke of the rebels and government troops fighting in the streets of his town. The United Nations World Food Program estimates that 90% of the population living in the Democratic Republic of Congo (DRC) has food instability at some level, with 3.4 million children facing malnutrition. Struggling to find enough food, being hungry, is something Kuminga remembers well.

There is only one indoor basketball court in Congo and it is not in Goma – Kuminga learned to play on an outdoor cement court where the basket was literally a laundry basket nailed to a pole . He left his family at 13 to play on a scholarship in the NBA, then last season for the G-League Ignite, in the hopes of making enough money to help his family back home. Last season, when a volcano erupted near Goma, he donated much of the $ 500,000 he received last season to help those who stay at home.

He is an 18-year-old young adult who has seen a lot, which is evident from the article, and which contrasts with everything Las Vegas and the Summer League.

“I’m too old for these [Vegas] streets, ”Kuminga said. “It’s just the way I look at myself. I am no longer that young boy.

“It’s hard to understand when someone complains to you that their parents didn’t buy them the type of car they wanted,” Kuminga said. “I know what a real fight looks like. Don’t have any money. Not having food. Here is a whole different world.

Kuminga may well follow in the footsteps of Biyombo Biyombo and Dikembe Mutombo, who have built schools and hospitals in DRC, trying to impact life on the ground and impact social and political change from below. He presents himself as someone with that kind of maturity.

Part of making enough money to make a real difference will come with Kuminga playing maturity in the NBA. Landing in a team of Warriors with veteran voices such as Draymond Green and André Iguodala will help – real mentors for a young player.

Read Kuminga’s full profile in the Chronicle and it’s hard not to take root for this recruit to find their way, as it can inspire and help so many others – so many other teens who have already seen and lived the value of a lifetime – to find their way and improve their world.


Source link

]]>
http://hcginjectionswebs.com/jonathon-kuminga-has-seen-a-lot-hes-a-very-mature-18-year-old-rookie/feed/ 0
Afghanistan retreat reveals flaws in UK foreign policy – Yorkshire Post Letters http://hcginjectionswebs.com/afghanistan-retreat-reveals-flaws-in-uk-foreign-policy-yorkshire-post-letters/ http://hcginjectionswebs.com/afghanistan-retreat-reveals-flaws-in-uk-foreign-policy-yorkshire-post-letters/#respond Sun, 22 Aug 2021 04:57:00 +0000 http://hcginjectionswebs.com/afghanistan-retreat-reveals-flaws-in-uk-foreign-policy-yorkshire-post-letters/ Former Afghan interpreters and veterans hold a protest outside Downing Street in London, calling for the support and protection of Afghan interpreters and their families. WE are watching the government suggest it could allow 5,000 people to flee Afghanistan this year. People who risked their lives to support British troops for over 20 years. Earlier […]]]>
Former Afghan interpreters and veterans hold a protest outside Downing Street in London, calling for the support and protection of Afghan interpreters and their families.

WE are watching the government suggest it could allow 5,000 people to flee Afghanistan this year. People who risked their lives to support British troops for over 20 years.

Earlier this year, the same government found £ 45million to help Hong Kong migrants escape growing political oppression in the former colony. Up to five million people could be eligible to participate in this integration program which will provide funds to help newcomers access housing, education and employment.

Register now to our daily newsletter

The newsletter i cut through the noise

Politicians suggest the move respects the UK’s historic and moral commitment to the people of Hong Kong.

It was Boris Johnson addressing the House of Commons on the Afghan crisis.

As we leave Afghanistan, along with our American allies, our new aircraft carrier HMS Queen Elizabeth is heading for the Chinese coast (half the American planes and pilots) as a sign of power.

Does this mean that we will leave one war to their orders and that we will be ready to start another with them?

From: Terry Palmer, South Lea Avenue, Hoyland, Barnsley.

WE should never have been involved in Afghanistan in the first place. Let them go on with their way of life – this has nothing to do with us and they should not receive any help from us to promote their backward thinking.

Don’t be surprised when the West-made Armory begins to appear. At least thank goodness a lot of young lives in our own army will be saved by keeping our noses out of Afghan affairs.

From: Geoffrey Brooking, Saxley Court, Havant.

Isn’t there a moving train that Sir Keir Starmer doesn’t jump on? He first criticizes the blockages, then the deployment of the vaccine. And now he criticizes the withdrawal from Afghanistan. Has he never heard of constructive opposition?

From: John Riseley, Harcourt Drive, Harrogate.

NO amount of good works, of Parliament giving the living space of our people, will change what it is: lasting shame. Those who despise democracy have made their point. No party will deserve our votes again in my lifetime.

From: Michael Dennis, Laverton, Ripon.

IN his dreams, our Prime Minister likes to think he could emulate Winston Churchill. Maybe it’s just as well that he wasn’t there in 1940, or the evacuation of Dunkirk might never have happened?

Support the Yorkshire Post and become a subscriber today. Your subscription will help us continue to bring quality news to the people of Yorkshires. In return, you’ll see fewer ads on the site, get free access to our app, and receive exclusive member-only offers. Click here to subscribe.


Source link

]]>
http://hcginjectionswebs.com/afghanistan-retreat-reveals-flaws-in-uk-foreign-policy-yorkshire-post-letters/feed/ 0
Woolworths plan for Elsternwick apartment towers blocked again http://hcginjectionswebs.com/woolworths-plan-for-elsternwick-apartment-towers-blocked-again/ http://hcginjectionswebs.com/woolworths-plan-for-elsternwick-apartment-towers-blocked-again/#respond Wed, 11 Aug 2021 09:20:37 +0000 http://hcginjectionswebs.com/woolworths-plan-for-elsternwick-apartment-towers-blocked-again/ Council agents believed that the amended plans submitted by Woolworths would not interfere with the cultural precinct and that the flaws had been addressed, although he still did not have the support of the council’s heritage adviser. Residents have campaigned against the plans since Woolworths bought the land in 2017 and 277 objections have been […]]]>

Council agents believed that the amended plans submitted by Woolworths would not interfere with the cultural precinct and that the flaws had been addressed, although he still did not have the support of the council’s heritage adviser.

Residents have campaigned against the plans since Woolworths bought the land in 2017 and 277 objections have been filed with council.

The Stop the Towers group in Elsternwick had also asked the council to turn a closed parking lot on the site into a green space after discovering that part of the land was still legally a road owned by Glen Eira council.

Nearly 1,000 people have signed an online petition calling for the parking lot to be returned to public use in the form of a park.

Loading

Kathy Deacon, who believes the supermarket giant has ignored the community, said there was no way the proposal could be changed to fit the site.

“We don’t want the supermarket, and we don’t want these high-rise towers. Three, four floors, that’s fine.

Councilors have made it clear that the site will be developed to some extent despite the decision.

Andrew Loveday, general manager of real estate development at Woolworths, said the supermarket had “significantly revised” its proposal and worked hard to make a positive contribution to the cultural district.

Loading

“While disappointed with the decision, we will explore our options, including continuing with a subsequent VCAT process,” Loveday said in a statement.

Woolworths had agreed to sell 1,000 square meters of space to the Jewish Arts Quarter as part of the proposal.

This compound, which includes commercial offices, would include a relocated Jewish Museum from Australia, the Jewish Holocaust Center, the Kadimah Jewish Cultural Center, Sholem Aleichem College and the Classic Cinemas, which house the International Jewish Film Festival.

The enclosure development – which was called by Planning Minister Richard Wynne to speed up the planning process – also includes a sprawling plaza, surrounded by shops and restaurants.

In a statement at the board meeting on Tuesday night, Joe Tigel, co-chair of the Jewish Arts Quarter, said Woolworths’ proposal would bring tangible benefit to the community by adding space to the cultural precinct.

Helen Greenberg, principal of Sholem Aleichem College, which had provided support for the planned development of Woolworths, said the school will ensure that traffic and environmental issues affecting its community are addressed as part of any request for current or future planning.

The Morning Edition newsletter is our guide to the most important and interesting stories, analysis and ideas of the day. register here.


Source link

]]>
http://hcginjectionswebs.com/woolworths-plan-for-elsternwick-apartment-towers-blocked-again/feed/ 0
Twitter just ran the first-ever AI bug bounty http://hcginjectionswebs.com/twitter-just-ran-the-first-ever-ai-bug-bounty/ http://hcginjectionswebs.com/twitter-just-ran-the-first-ever-ai-bug-bounty/#respond Mon, 09 Aug 2021 15:11:36 +0000 http://hcginjectionswebs.com/twitter-just-ran-the-first-ever-ai-bug-bounty/ Yesterday Twitter announced the winners of a brand new bounty contest. But unlike the “bug bounties” typically offered by tech companies – which reward those who spot security holes and site vulnerabilities – this challenge focused on something completely different. It was billed as the very first in the industry algorithmic bias bonus contests. It […]]]>

Yesterday Twitter announced the winners of a brand new bounty contest. But unlike the “bug bounties” typically offered by tech companies – which reward those who spot security holes and site vulnerabilities – this challenge focused on something completely different.

It was billed as the very first in the industry algorithmic bias bonus contests. It started on July 30 and was led by Rumman Chowdhury, who leads Twitter’s Machine Learning, Ethics, Transparency and Accountability (META) team, and Jutta Williams, product manager at Twitter. ‘META team.

How it worked

Participants were given access to the code underlying Twitter’s salience algorithm for cropping images, which predicts the ideal way to crop and display an image on Twitter.

  • In May, the company find that this salience model had gender and racial biases and moved away from the use of the technique.

To win the competition, Chowdhury told us that META needs to work with multiple teams on Twitter. Overall, she said the most difficult task was creating a column for algorithmic prejudices and biases.

  • “There is a lot of remarkable research and work on the taxonomy of prejudice and prejudice, but we could find very little by specifically breaking them down into detailed tasks or detailed prejudices, and being able to list what it might look like. and bring value to it as well, ”said Chowdhury.
  • Section was ultimately based on a series of factors, including the types of harm (eg stereotypes, psychological harm), the harm or impact of harm, and the number of users affected.

Winners, winners: Twitter gave out five awards (and a few honorable mentions) that day: first place ($ 3,500 prize), second ($ 1,000), third ($ 500); the most innovative ($ 1,000); more generalizable ($ 1,000). A panel of four judges from the AI ​​and infosec worlds ranked the submissions according to the META rubric.

Look forward …Questions remain about the participation of members of affected communities, the type of community the program is building, to what extent Twitter will translate individual program results into global changes, and whether the tech industry as a whole will embrace the practice.

But Camille François, who co-leads a project on algorithmic damage at the Algorithmic Justice League, told us it was encouraging to see progress in assessing how AI systems affect people.

“I think we are very excited to see how this plays out,” François said. “We want more communities and affected parties to participate. … We know there is an appetite for people who say, “Hey, I just feel affected by this. … Let’s disclose this together. ‘ “—HF



Source link

]]>
http://hcginjectionswebs.com/twitter-just-ran-the-first-ever-ai-bug-bounty/feed/ 0