this isn't happiness.

ART, PHOTOGRAPHY, DESIGN & DISAPPOINTMENT INSTAGRAM ★ ELSEWHERES

Storm rising, Franz Sedlacek







Storm rising, Franz Sedlacek

June gloom, Ted Engelbart







June gloom, Ted Engelbart

The Register

Biting the hand that feeds IT — Enterprise Technology News and Analysis

Cloudflare teams up with big browsers to help websites tell welcome from unwelcome visitors

Cloudflare on Monday said that it has joined with the three leading commercial browser makers to create a privacy-preserving protocol that websites can use to separate desirable web traffic from undesirable network requests. Cloudflare, along with Google Chrome, Microsoft Edge, and Mozilla Firefox, have committed to develop Private Access Control Tokens (PACTs), a way for websites to generate a digital token that asserts a given browsing session is being run by a human or bot with legitimate intent, as opposed to network requests from people or software deemed abusive or improper. PACTs will let websites "with strong knowledge of 'personhood'" issue anonymous tokens that browser users and designated bots can present at other websites, so that fewer identity checks are necessary. Think of PACTs as a shareable, privacy-preserving CAPTCHA test result, where the desirability of the web traffic is being tested rather than whether the visitor is a human or bot – an increasingly difficult distinction. While the technical details are still being hammered out and harmonized between related proposals, it isn't immediately clear what constitutes "strong knowledge of 'personhood'" in this context, particularly since "personhood" appears to extend to software that has been authorized to act on behalf of a legitimate person for an authorized purpose. It may be that the test criteria puts certain browsers, behaviors, or network signals at greater risk of being denied the dispensation of a PACT, though past technical discussion by developers from Google and Mozilla suggests that excluding certain hardware, platforms, or user-agents is not a goal. Dane Knecht, CTO of Cloudflare, argues that the way people interact with the web is changing and increasingly may involve autonomous agents. "As AI-powered traffic becomes widespread, existing tools to support its use are too generic and coarse," said Knecht in a statement. "Now this collaboration lets us eliminate the friction caused by security protocols for every visitor – whether they are human or agent – without sacrificing privacy." The claim "without sacrificing privacy" is a bit of an overstatement. PACT tokens, it appears, will not contain personal details. But they won't do anything to repair all the other ways browsers can facilitate digital fingerprinting and tracking. And if implemented poorly, they may introduce novel risks. Fundamentally, they divide the internet traffic into welcome and unwelcome traffic – something already widely done through firewalls and other technical measures but not easily reconciled with the notionally open web. "Mozilla is committed to defending openness and user privacy on the web," said Bobby Holley, CTO for Firefox at Mozilla, in a statement. "An avalanche of automated traffic is pushing sites to adopt blunt defenses – paywalls, identity checks, CAPTCHAs, and invasive tracking – simply to tell whether a request comes from a human." While Cloudflare touts the privacy benefits of PACTs, it's clear from the company's announcement that the technology is designed to "empower businesses to identify genuine visitors, ensuring they can focus their resources on the traffic that matters to them." Essentially, this is an anti-fraud initiative. Many website operators have complained about the burden of handling unwanted network traffic from disrespectful crawlers. PACTs may be the answer to their prayers. At the same time, they may also become an access barrier that demands negotiation with site publishers to have one's site visits or software deemed worthy of "personhood." ®

Security shops among the 'hundreds' of Klue hack victims

The list of Klue customers whose Salesforce data was stolen in the latest supply-chain heist keeps growing, with an increasing number of cybersecurity companies disclosing that they are among the victims of a new data-theft and extortion crew called Icarus. Klue, which provides market intelligence to more than 250,000 companies worldwide, hasn’t said how many of its customers were caught up in the breach and didn’t immediately respond to The Register’s inquiries. Huntress was one of the first cybersecurity vendors to sound the alarm, and, in an email to The Register, said that it was among the “hundreds of Klue customers” affected. However, it said that the breach did not affect its tools or highly secure information such as passwords. “Huntress believes in radical transparency about security incidents, including when it affects our company,” the security shop wrote on Thursday. “The data that was copied from our Salesforce account includes business contacts, price quotes, and other sales-related data and messaging. No threat data, passwords, payment card information, or engineering data relating to the Huntress agent or telemetry we collect was affected.” Huntress, along with the other victim companies, said that there is no indication that any of its products or infrastructure were compromised, and that this security incident was specific to CRM data. Since then, several other security and software vendors including Recorded Future, Tanium, Jamf, Gong, HackerOne, Kudelski Security, Snyk, Insurity, and Sprout Social have revealed that the data thieves also accessed their CRM data via the Klue integration with Salesforce. Here’s what we do know about what happened and who is behind this latest extortion campaign. The breach occurred on June 11, and Klue spotted the intrusion a day later. This unauthorized activity affected “a portion” of its integration infrastructure, according to the software provider. Klue has since disconnected all of its integrations with Salesforce, Gong, HubSpot, SharePoint, and Google Drive. It also hired CrowdStrike to assist in the investigation and security response. “Our investigation determined that an attacker gained access through a compromised legacy credential associated with an integration service,” Klue CEO Jason Smith said in a Friday blog post. “The attacker used that access to obtain OAuth tokens used to connect Klue with certain third-party platforms, including Salesforce, and subsequently accessed data within a number of connected customer environments.” Mandiant CTO Charles Carmakal urged organizations using Klue integrations to “immediately audit their systems and monitor application logs for evidence of compromise over the past few weeks. Rotate credentials as appropriate based on the scope of compromise.” While the attack “resembles the 2025 and 2026 third-party OAuth abuse campaigns against Salesforce,” as ReliaQuest noted, a group called Icarus began posting victims on its data-leak site. It soon became apparent that this new extortion crew - not ShinyHunters, which has frequently targeted Salesforce and stolen data from hundreds of the CRM giant's customers in attacks over the past few years - was behind this latest supply-chain incident. Icarus, according to the group’s leak site, has been active since April 28. After compromising Klue, the criminals began emailing affected customers. Huntress shared its extortion message, with the subject line “top secret email” purportedly sent from “mr bean,” with The Reg, and we are leaving the misspellings, and poor grammar, as is. “This email is being written to you because your data as exfiltrated due to a breach happening to your partner, Klue.com (as them),” it reads. “Your Salesforce data has been downloaded. We advice you to write us on Session @” with a Session address, the email continues, and threatens to make the data public within 48 hours unless Huntress initiates communication with the criminals. “Do the right decision,” it says, “xoxo.” There’s a subsequent email that simply says “wrong session lol” and then lists the correct Session ID. Researchers don’t know too much about Icarus - yet - but this type of large-scale supply-chain attack typically paints an equally large target on the intruders’ collective backs. So we expect to hear more from law enforcement and third-party security sleuths in the upcoming days. “There is very little publicly known about [Icarus],” Huntress' Lindsey O'Donnell-Welch told us. “IP addresses from which they are known to have accessed sensitive information include the Netherlands, France, and Ukraine. But we cannot draw any conclusions based on that information alone as these may have been VPN concentrators or Tor exit nodes.” And while this intrusion “bears some surface-level similarities with prior Salesforce-focused extortion activity, we have not seen any evidence at this point linking Icarus to ShinyHunters,” O'Donnell-Welch added. ® Correction: An earlier version of this story stated ReliaQuest was a victim. That company has since clarified it was not.

thexiffy

Last.fm last recent tracks from thexiffy.

The Cardigans - Hanging Around (Live Roskilde '03)

The Cardigans

Hoe de Brexit drie levens tekende: ‘De uittreding was een aanval op mijn identiteit’

Drie Nederlanders moesten tijdens de Brexit-jaren hun weg zien te vinden in het Verenigd Koninkrijk. „Keep calm and carry on. Dat is een beetje uitgekauwd, maar wel waar”, zegt één van hen.

Humanity isn’t ready for the coming intelligence explosion

We must find a way to steward AI, then to live side by side with it, writes Will Marshall.


THIALF 2030 in het StamCafé

We onderbreken heel eventjes de Oranjekoorts voor andersoortige sportpret, dit wegens het besluit van het IOC om de OLUMPISCHE WINTERSPELEN van 2030 naar FRIESLAND te halen. Officieel is Frankrijk aangewezen als gastland en gebeurt het langlaufen, rodelen, freestyle-snowboarden en alle andere dingen waar Nederland slecht in is in de Alpen. Een probleem echter: die rare Fransen hebben helemaal geen schaatshal. Dus wat doe je dan als organisator? Schaatsen schrappen van het programma want ja het zijn toch alleen de Nederlanders die het serieus nemen Op zoek naar alternatieve locaties, waarna je uiteraard al snel uitkomt bij onze THIALF. Hartstikke leuk, maar we willen nu natuurlijk wel een Nederlandse vinger in de pap als het om de aankleding gaat. In het officiële logo van Alpes & Fryslân 2030 moet het achterwerk van Jutta Leerdam verwerkt worden. Vinden we leuk, zie maar hoe je het regelt. Bij de openingsceremonie geen gedoe met fetisj-smurfen en laatste avondmalen dit keer. Wij eisen een hoofdrol voor de koningin van Fryslân, Lutz Jacobi Doutzen Kroes. De muziek wordt verzorgd door Dries Roelvink en Orgel Joke. Als grote finale wordt het Olympische vuur aangestoken door een brandende pijl van Raymond van Barneveld. Nu al zin in.

The Guardian

Latest news, sport, business, comment, analysis and reviews from the Guardian, the world's leading liberal voice

Clive Davis predicted music’s biggest stars like no one else | Alexis Petridis

The legendary music executive signed everyone from Patti Smith to Barry Manilow and changed the industry forever

Clive Davis always claimed that his life in the music business was really kickstarted when he chose to attend the 1967 Monterey Pop Festival: it was there he saw Janis Joplin and her band Big Brother and the Holding Company, and immediately bought their contract for $200,000, the first really high-profile signing of his career. But Davis was an unlikely fit at the most high-profile event of the Summer of Love: he was a Harvard-educated lawyer who had been “shocked” when a restructuring of Columbia Records saw him promoted from general counsel to the company’s president. He was sharp enough to spot which way the pop cultural wind was blowing – “a revolution in culture and philosophy”, he later recalled, “the Haight-Ashbury scene, with love peace and flowers” – but he was no one’s idea of a hippie. Amid a sea of paisley, batik, love beads and bells David turned up to the festival clad in “khaki pants and a tennis sweater”.

It was an image he would often recall for comic effect – “I was the costumed freak surrounded by everyone with flowers in their hair” – but there was something rather telling about it too: Davis’s skill as what used to be called a record man lay in his ability to balance the progressive with the traditional. He turned one wing of Columbia into something of a home for artists associated with the burgeoning counterculture, swiftly signing Santana, Blood Sweat and Tears, the Electric Flag and the wonderful psychedelic soul band the Chambers Brothers. But he never lost sight of the other side of the company, which dealt lucratively in soundtracks and easy listening and was home to Barbra Streisand and Tony Bennett: at one juncture, he found himself simultaneously attempting to renegotiate the contracts of Bob Dylan and Andy Williams. When he founded Arista Records in 1974, he did exactly the same thing: it was a label that provided a home for both Patti Smith and Barry Manilow.

Continue reading...

Rijnmond - Nieuws

Het laatste nieuws van vandaag over Rotterdam, Feyenoord, het verkeer en het weer in de regio Rijnmond

Automobilist rijdt door na aanrijding met voetganger op Blaak

Bij een zebrapad op de Blaak in Rotterdam-Centrum is maandagavond een auto in botsing gekomen met een voetganger. De voetganger raakte hierbij gewond en moest naar het ziekenhuis. De automobilist reed na het ongeluk door. De politie is op zoek naar de auto, een zwarte Volkswagen Polo.