The masses don't need those features. 😂

Yeah, I'm pretty sure that Adobe Reader only exists for when somebody has a PDF that they need to sign. 😂

"Adobe Reader is still a thing" is what surprises me more. 😂

I suspect that the function has been removed. 🤷‍♂️

Yes, that's the vulnerability at play here.
The JavaScript is able to self-bless itself as privileged.

I have wonders about official documentation for Adobe Reader JavaScript.

For example, Collab.collectEmailInfo() is definitely a function, as it was part of CVE-2007-5659.

However, if you look for documentation about this: Nada.
www.google.com/search?q=Col...

It is much more difficult to stock it when it's locked, yes.

Social media user swipes left on a picture in a post with multiple pictures in their web browser...
Twitter, Mastodon: Swipes to next picture.
BlueSky: Do nothing.

I get that when Twitter doused itself in gasoline and lit a match, BlueSky had potential.

But seriously. How is the web app SO BAD? 🤦‍♂️

Social media user double taps image in their web browser...
Twitter, Mastodon: Zoom in.
BlueSky: Close image, re-open it.
🤦‍♂️

There is nothing that distinguishes a CVE that is disputed because it's fake and one that is disputed because the vendor didn't want to acknowledge it.
This is a problem.

Did one really need to look any further than hearing that it used "bitcoin style encryption"?

Eh, I just enabled passwordless for my 20-year-old hotmail account.
And RDP still accepted my old password. (No Microsoft Authenticator required)
🤷‍♂️

When you log in to windows using a Microsoft account (eg hotmail), you can use that account's credentials to RDP in.
No RDS AAD or web view here.

I don't know what RDS AAD is.
Simple repro:
1) Log in to Windows 11 with a Microsoft account (eg hotmail)
2) Enable RDP
3) Connect to Windows via RDP using hotmail account
4) Change hotmail password
5) Connect to Windows via RDP using old hotmail password

I'm using a web browser for this website.

Testing GIF upload from an iPhone...

With BlueSky, animated GIFs are uploaded with the video icon.
Because GIF89a files are clearly videos and not images.
Cross-posting apps don't recognize this silly behavior. (Yet??)

If the desire is to implement your own homemade WDAC block policies, tread lightly. If you simply apply a "block this thing" policy, you might very well end up preventing Windows from booting, as a "block this thing" without a corresponding "allow this", well...
WDAC will only block and not allow.😬

GitHub - mattifestation/WDACTools: A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies - mattifestation/WDACTools

If you wish to inspect an on-device (binary) policy file, you'll need WDACTools: github.com/mattifestati...

With this, you can run ConvertTo-WDACCodeIntegrityPolicy to get a stripped-down human-readable XML policy.

If you enable HVCI and then run:
ApplyWDAC -auto -enforce
you'll be good to go, as it will pull the more-complete online list. github.com/vu-ls/applyw...

If you can't enable HVCI, you'd need to wait for MS to fix WDAC to get complete coverage. But that's not going to happen if I am to believe MSRC.

You've made both of these statements:

- Threat actors are manipulating the ICT to bypass detection
- Run the ICT checker

Doesn't the former sort of invalidate the latter? 🤔
Or is hope that you've got one of the not-so-good attackers that result in an ICT flagging something?

I suppose my gripe about the wording is that electricity itself has no sound.
*Physical objects* energized by electricity can emanate sound by vibration. 😀

Electric vehicles run on DC. Not AC.

"they can hear electricity circulating but not enough to power anything else"

I'm curious what electricity sounds like?

Sounds about right for the person who left the Superbowl early because Biden's Tweet got more attention than his. 😂

But heck, drawing attention to your and @kateconger.com 's book is surely a good idea. Everybody should read it!

No, I don't have a Facebook or Reddit account.
I suppose I was referring to Twitter and Mastodon.

With either of those you can upload a media thing (image, animated, GIF, MP4, etc.), and the trigger to do that is you click a single "media" button.

Separate buttons is completely unnecessary.

BlueSky is the first social media app I've ever used that has a different icon to pick depending on what file type the media is.

This seems unnecessarily complicated.

The fact that BlueSky decides to take the GIF I uploaded and convert it to MP4 does not change the fact that what I'm loading is a GIF file and not a movie file. 🤷‍♂️

Wait...
Animated GIF images maybe need to be uploaded using the "Movie" icon, because GIF89a's are clearly not images? 🤔

There goes my hopes for a viable post-Twitter platform where we all hang out.
😡