I'm no fan of this administration, at all, but this seems like a big fat nothingburger. They hacked a personal gmail account, not a government account, not government infra. Why is this not a failing of Google instead of the government? And surely the hackers would have eagerly released anything damning, but nothing damning seems to exist. What am i missing here?
Remember when this admin used a Signal group chat to coordinate an operation against Houthi forces in Yemen and left in some journalists. Do you think he cares care whether he sent an email with his gov email on a gov device or if he sent it with his personal email?
you don't think that it's relevant and concerning that the director of the FBI didn't take operational security seriously enough that his account got compromised? even if they didn't get anything incriminating (which maybe they did and are going to blackmail him later) that show a shocking lack of competency for someone in that kind of position.
i think the facts of the matter are that a gmail vulnerability is on the very low likelihood kind of event. they wouldn't burn their insanely valuable vulnerability on showing how much of a fratboy kash is. the most likely possibility is that he either clicked on something dumb and gave access through phishing(really bad) or had a really weak password without 2fa(also really bad).
True, but don't you think the FBI director should be held to higher standards of security hygiene than average people? Because I'm interpreting your tone as "it could happen to anyone". At some point the doubt is gone and there's no more benefit to give...
it's definitely newsworthy, no doubt there. but i see so many people in this thread pointing to this as somehow a failing of the fbi, which it's not. i'm all for calling out this administration for its many many failings, but this is not one of them, and calling this a failure of the administration just hurts the credibility of everyone pointing out real issues with this administration.
True yeah. but uh anyway what about HILLARYS EMAILS we need to hear about those for the next 4 decades (no convictions despite "Lock Her Up" slogans for 5 years)
Major public figure who is currently in a position of power in the USA. That’s bad news because it reveals sensitive details which may lead to their further compromise. Imagine you’re compromised by a corrupt administration with pics of CSAM or something already, now imagine a foreign actor also having compromised you. It’s a sticky situation.
Yes, that's all true, all potential issues in theory. I'm still not seeing why this points to or supports the (valid) claim of incompetence in the FBI. That seems to be the angle most posters in this thread are taking, and it seems...misguided to me. Tilting at windmills. Let's call out the admin for their real failings, not nonsense like this. Getting your gmail account hacked does not reflect on you as a professional.
> "Getting your gmail account hacked does not reflect on you as a professional."
Doesn't it though? Especially when your profession involves the security of a nation and you can't even secure your own personal email account successfully?
> Getting your gmail account hacked does not reflect on you as a professional.
Why not? Most professionals at larger organizations have to do security training. These kinds of attacks are far less likely to succeed on anyone who follows the basic precautions taught in such training. E.g., if he had MFA enabled on his account - as he certainly should have had - they would not have been able to compromise it externally, i.e. it would have had to be much more than his email that was hacked.
I don’t get the propensity some people seem to have for defending this shameful collection of incompetent criminals, bullies, and clowns.
Leaking one’s credentials to sensitive personal repositories of information is a “real failing” lol, how could one think any differently? I would be mortified and immediately rectify the situation.
> Getting your gmail account hacked does not reflect on you as a professional
If you work in security: it *absolutely does*, because 99+% of the time you are the primary contributing factor, whether from password reuse or downloading malware or clicking bad links or opening random emails or being susceptible to social engineering, etc.
If you are the head of a security organization: obviously you should not expect to retain that job, as your poor reputation is now an albatross around the company's neck.
If you are the head of the FBI: lol. lmao. what the actual fuck. my money is on someone spearfished him with an email subject about a book deal and he'll just click fucking anything.
This doesn't seem to work at all, at least for me.
First, the test claimed that my connection suffers from isp header injection but didn't actually indicate which headers my isp might be injecting, or even what the consequence of thus is.
Second, it claimed I am using my isp DNS, which is not correct.
I agree with you, and especially identify with the last sentence. However, I’m fed up with Apple and Google, and any alternative that doesn’t tie me to Google and has all functioning hardware and usable 5G or at least LTE with reasonable specs is a major win in my book. I’ve preordered the FLX1s. The FLX1, which is no longer in production, had a replaceable battery, but lack of a replaceable battery or non-pure Linux in an alternative phone certainly isn’t going to keep me chained to Apple or Google.
CORS doesn’t protect you from anything. Quite the opposite: it _allows_ cross origin communication (provided you follow the spec). The same origin policy is what protects you.
Are you referring to the 30 second quip or the generic non-response?
> Asked whether Dell has any financial data that suggests working from the office leads to better productivity or results, a spokesperson said, "We continually evolve our business so we're set up to deliver the best innovation, value and service to our customers and partners. That includes more in-person connections to drive market leadership."
I honestly can't believe how unreliable Github is. Outages are commonplace. It boggles my mind how nothing has been done to address the reliability regressions that have been creeping in ever since MS took over.
Caution to anyone who clicks this link: mute your speakers first, or else you'll have to deal with blaring obnoxious music via an auto-play video that isn't visible without scrolling.
Not anything concrete, just memories of things not working, me looking at the JS console, seeing CORS errors, and seeing it work in Chrome, as I described. And the comment I replied to showed that it works differently between websites, namely:
if (host == "tripadvisor.com"_s || host.endsWith(".tripadvisor.com"_s))
m_needsRelaxedCorsMixedContentCheckQuirk = true;
That's a site-specific partial exemption from the same origin policy, as far as i can tell (without further context at the moment). Not a difference in how CORS works generally across Safari.
CORS is frustrating for a lot of developers as it can be tough to gain a complete understanding of the spec, and an understanding of the same origin policy is required. But implementation of the CORS spec(s) isn't notably different across modern browsers, now that IE is out of the picture. CORS was a real nightmare in IE. Microsoft even introduced an XHR cousin named XDR in IE10 to handle cross-origin requests, and it wasn't even a complete implementation of CORS.
I don't hate CORS from a developer perspective, I hate it from a user perspective, and from a broader "health of the web" perspective. Because, as I said, it works differently between browsers and it works differently between websites within the same browser. Mostly these differences just mean I have to use Chrome instead of my preferred browser.
