Professional hitmen don’t actually exist.

Sammy “The Bull” Gravano would probably disagree with you. He’d likely consider himself a professional since he admitted to involvement in 19 murders. Granted they were all mob related, and not “for hire” by anybody with a pile of cash and a grudge…

It’s not on Israel if a terrorist lets their kids play with their tools.

Man has pager in his pocket. Man is sitting down having a meal with his family. Pager blows up in his pocket, killing the child sitting next to him, and probably killing or injuring other family members.

Targeted or not, that child’s death is squarely on Israel. They decided that collateral damage was acceptable when they chose this method of mass assassination.

Back when cell phones were just starting to get “smart” I knew a few folks that carried both a pager & phone. They lived in rural areas where pager coverage was decent but phone coverage was spotty at best, and non-existent in places.

DigiCert recently was forced to invalidate something like 50,000 of their DNS-challenge based certs because of a bug in their system, and they gave companies like mine only 24 hours to renew them before invalidating the old ones…

My employer had an EV cert for years on our primary domain. The C-suites, etc. thought it was important. Then one of our engineers who focuses on SEO demonstrated how the EV cert slowed down page loads enough that search engines like Google might take notice. Apparently EV certs trigger an additional lookup by the browser to confirm the extended validity.

Once the powers-that-be understood that the EV cert wasn’t offering any additional usefulness, and might be impacting our SEO performance (however small) they had us get rid of it and use a good old OV cert instead.

Back in the 90’s before the days of Windows 3.0 I had to debug a memory manager written by a brilliant but somewhat odd guy. Among other thing I stumbled across:

• A temporary variable called “handy” because it was useful in a number of situations.
• Another one called son_of_handy, used in conjunction with handy.
• Blocks of memory were referred to as cookies.
• Cookies had a flag called shit_cookie_corrupt that would get set if the block of memory was suspected of being corrupt.
• Each time a cookie was found to be corrupt then the function OhShit() was called.
• If too many cookies were corrupt then the function OhShitOhShitOhShit() was called, which would terminate everything.

If you have ssh open to the world then it’s better to disable root logins entirely and also disable passwords, relying on ssh keys instead.

Port 22 is the default SSH port and it receives a TON of malicious traffic any time it’s open to the whole internet. 20 years ago I saw a newly installed server with a weak root password get infected by an IP address in China less than an hour after being connected to the open internet.

With all the bots out there these days it would probably take a lot less time if we ran the same experiment again.

Well OPSEC is the stated cause. Who knows how the person was initially identified and tracked. For all we know he was quickly identified through some sort of Tor backdoor that the feds have figured out, but they used that to watch for an unrelated OPSEC mistake they could take advantage of. That way the Tor backdoor remains protected.

Exactly. Tor was originally created so that people in repressive countries could access otherwise blocked content in a way it couldn’t be easily traced back to them.

It wasn’t designed to protect the illegal activities of people in first world countries that have teams of computer forensics experts at dozens of law enforcement agencies that have demonstrated experience in tracking down users of services like Tor, bitcoin, etc.

I wonder if Ukraine expects that, and feeds Trump misinformation to trick Putin?

Prior to the war Ukraine was the world’s 4th largest military arms exporter. They just stopped exporting and turned all their R&D on defending themselves instead.

https://en.wikipedia.org/wiki/Defense_industry_of_Ukraine

https://en.m.wikipedia.org/wiki/Defense_industry_of_Ukraine

In 2012, Ukraine’s export-oriented arms industry had reached the status of world’s 4th largest arms exporter.[1]Since the start of the war in Donbas, Ukraine’s military industry has focused more on its internal arms market and as a result slipped to the 9th spot among top global arms exporters by 2015,[2]11th spot by 2018,[3] and the 12th spot among global arms exporters by 2019.

Sooner or later Ukraine will start manufacturing their own such weapons. They have demonstrated time and again that they the ability to be creative and do what the world never expected of them.

Holding them back at this point is just prolonging the war.

Smarter bots know how to easily avoid being detected based on the speed of their requests by simply adding a random delay to them. A few years ago we discovered a very slow speed credential stuffing attack (testing usernames & passwords) against my employers site. It was only testing one set of credentials every couple of minutes.

Once we discovered it we didn’t block it though. We were able to spot the attack fairly easily once we knew what to look for, so we updated our system to always return a login failure no matter what credentials they sent.

deleted by creator

This was definitely a hit and not a water spout.

If that’s true then some evil supervillain or governmental three-letter-agency has a working severe weather machine. The yacht was visible on a nearby security camera, and it disappears as fierce rain & waves obscure it.

Well there’s extreme weather and there’s extreme weather. There have been reports that the yacht was struck by a waterspout, which is basically a tornado but over the water. I’m not sure if the strength of it has been reported or not, but given tornadoes have been known to throw trucks and train cars it doesn’t surprise me that it was likely powerful enough to capsize the yacht.

Unlike trucks & trains, a sailboat is designed to roll side-to-side. One current theory I’ve read is that the waterspout damaged the mast, causing it to unbalance the yacht (and possibly damaging the hull). The combination of being unbalanced and being slammed by the waterspout likely rolled the hull enough to flood it within seconds. Even if the mast wasn’t damaged, a tornado striking the yacht broadside would have likely been catastrophic depending on the strength of the storm. And waterspouts that powerful are still rather rare so I wouldn’t blame the captain for not anticipating it.

There are now some reports as well that the yacht sank in roughly one minute. If that’s the case then it means the yacht indeed rolled very quickly and took on a huge volume of water in very little time, so much that it was unable to right itself or that its bilge pumps could contend with it. Again, not something that could have really been anticipated.

A helpful note to consider: Some of the longer range drones Ukraine has deployed are in fact civilian aircraft that have been modified to fly remotely. These are fairly slow and not highly maneuverable. Certainly not enough to dodge bullets or missiles.

When any browser, app, etc. makes an HTTP request, the request consists of a series of lines (headers) that define the details of the request, and what is expected in the response. For example:

GET /home.html HTTP/1.1
Host: developer.mozilla.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://developer.mozilla.org/testpage.html
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0

The thing is, many of these headers are optional, and there’s no requirement regarding their order. As a result, virtually every web browser, every programming framework, etc. sends different headers and/or orders them differently. So by looking at what headers are included in a request, the order of the headers, and in some cases the values of some headers, it’s possible to tell if a person is using Firefox or Chrome, even if you use a plug-in to spoof your User-Agent to look like you’re using Safari.

Then there’s what is known as TLS fingerprinting, which can also be used to help identify a browser/app/programming language. Since so many sites use/require HTTPS these days it provides another way to collect details of an end user. Before the HTTP request is sent, the client & server have to negotiate the encryption to use. Similar to the HTTP headers, there are a number of optional encryption protocols & ciphers that can be used. Once again, different browsers, etc. will offer different ciphers & in different orders. The TLS fingerprint for Googlebot is likely very different than the one for Firefox, or for the Java HTTP library or the Python requests package, etc.

On top of all this Akamai uses other knowledge & tricks to determine bots vs. humans, not all of which is public knowledge. One thing they know, for example, is the set of IP addresses that Google’s bots operate out of. (Google likely publishes it somewhere) So if they see a User-Agent identifying itself as Googlebot they know it’s fake if it didn’t come from one of Google’s IP’s. Akamai also occasionally injects JavaScript, cookies, etc. into a request to see how the client responds. Lots of bots don’t process JavaScript, or only support a subset of it. Some bots also ignore cookies, and others even modify cookies to try to trick servers.

It’s through a combination of all the above plus other sorts of analysis that Akamai doesn’t publicize that they can identify bot vs human traffic pretty reliably.