What was Ahmaud Arbery doing inside a house that was under construction was he planning to steal something he obviously tresspassed?

The home owner said he might have been looking for a drink of water, which is reasonable if he was out on a jog. 

Wouldn’t you go to an empty site if you were looking for water. If you go to someone’s house, you can be shot or arrested for trespassing. 

malware – How can your BIOS be infected or hacked and Can a BIOS virus be used to “steal data”?

I know that BIOS can get virus but it’s very rare, but it seems to me it’s pretty impossible or improbable for a virus to creep into your BIOS via normal computer use.
Let’s say I’m using windows 10, even if I go as far as downloading a malware on my windows 10, it would seem that the worst damage it can do it to my windows 10 itself, not the BIOS, is that accurate? (Or at least, it’s incredibly difficult).
If I don’t deliberately take a usb drive, and go into BIOS to m-flash it, how can I possibly infect a BIOS? So similarly, since your network would only work in the OS level, how can anyone possibly modify your BIOS by hacking your operating system?

And in the other direction, Supposed by some means my BIOS was infected with some virus, how can anyone possibly steal information on an operating system using the BIOS when the BIOS itself cannot be connected to the internet?

It seems to me the damage a BIOS can do is very local.

New evidence makes it look like Arbery went on the site to get a drink of water from a faucet. What did cons think he was going to steal…?

You don’t walk onto a construction site unless you belong there. Theft of materials and tools is huge, happens all the time on sites, it sucks, mostly for the ones that don’t secure their crap. A drink of water is a nice excuse to be scoping out what to come back for later.

Oh look at you joke when in the middle of the night people steal entire palates of material. They of course have to know what is where before, minimize lights and time on site.

Why do Republicans steal Andrew Yang's idea and suggest sending $ 1,000 to every adult American to boost the economy?

Didn't Obama give everyone $ 400 in his tax return when there was a recession? This is nothing new. Whenever there is a recession, the government gives people money to boost the economy. The hope is that people will buy things instead of saving them.

I have several katana swords in view.

Can anyone steal my IP address and use it as their own?

Network engineer with BGP experience here.

Yes. But usually the attack would have been for a larger address block.

Let's say the "good ISP" is assigned to company You are a customer of "good ISP" and your home router is a public IP address

"EvilCo" wants you to look bad by downloading … inappropriate … content from You have an unfiltered BGP routing protocol connection to the Internet and advertise

This attack fails. While their BGP connection is not filtered (and we are talking about route advertisement filters, not packet filters), Internet ISPs generally do not accept IPv4 routes that are more specific than a / 24.

EvilCo advertises in BGP. It works. Both and exist in the core internet routing table and the more special route wins!

Some mitigations:

  1. ISPs generally filter BGP connections to their customers and only accept certain routes, but there are many unfiltered BGP connections out there (I personally had access to one in a previous job … it was so old it was created before ISP tightened their standard configurations).
  2. Good BGP operators use a "BGP monitoring service" that sends them an email when someone else advertises one of the blocks assigned to them. (BGPmon)
  3. There is "route registration database" (RADB for example) and some ISPs try to route their routes using police databases, but these databases are generally incomplete.
  4. Requiring a larger block (/ 24) to attack makes the attack even clearer as it affects multiple people and all BGP updates are reported by multiple organizations.

It is also possible for a rogue operator within "Good ISP" to take special care of your / 32.

It is always possible to send traffic with a source IP of without redirecting the block. However, this does not lead to a complete TCP handshake, so that no downloads take place.

Authentication – Can Chrome Extensions Steal Redirect-Uri's OAuth Token?

This is a duplicate of a batch overflow question because it may be more of a security and authentication best practice.

I'm working on authentication between a Chrome extension and Google Cloud Platform and trying to send it id_token JWT to an AWS server to get user data (and / or set up a session?).

My question is: How can I prevent Chrome extensions? tabs Permissions to read the GET request or the redirected URI that the fully validated user JWT has?

The JWT confirms that a user is who they are. How do I know that my Chrome extension is sending the request to my backend?

I have a few ideas:

  1. Maybe I can create a private window that can only control my extension

  2. Maybe I can use the nonce somehow or get the nonce from my server first

  3. Maybe my Chrome extension has a private key or a way to verify with my backend that has the public key

Any help would be appreciated, it is difficult to research this particular scenario.

var url = 'https://accounts.google.com/o/oauth2/v2/auth' +
          '?client_id=' + encodeURIComponent(chrome.runtime.getManifest().oauth2.client_id) +
          '&response_type=id_token' +
          '&redirect_uri=' + encodeURIComponent(chrome.identity.getRedirectURL()) +
          '&scope=' + encodeURIComponent(chrome.runtime.getManifest().oauth2.scopes.join(' ')) +
          '&nonce=' + Math.floor(Math.random() * 10000000);

chrome.windows.create({ url: 'about:blank' }, function ({ tabs }) {
        function googleAuthorizationHook(tabId, changeInfo, tab) {
            if (tab.id === tabs(0).id) {
                if (tab.title !== 'about:blank') {
                    if (tab.title.startsWith(chrome.identity.getRedirectURL())) {
                        const id_token = tab.title.split('#')(1);
                    } else {


    chrome.tabs.update(tabs(0).id, { 'url': url });

How much data can an app steal from my MacBook if I allow system-wide execution?

I am interested in knowing how to do it Monitor and possibly sandpit an app and its relative background processes in MacOS. Is there an internal utility hidden somewhere in the system tools (even the CLI), or maybe a tool from the Internet? I can't find anything about it. It also looks like everyone still thinks Mac OS can't get malware and it doesn't help.

Suppose I want to install an Android emulator to play Android games on my MacBook. I know that the majority of emulators are Chinese, so I expect a significant level of telemetry.
I choose the Mumu app. During the installation, the app asks me to enter my password so that a new helper can be created (what is it and what does it mean?). In order to do this and continue with the installation, I have to allow the (initially blocked) execution of "system software" under Security & data protection >> General (image).

If I ever played, how could I monitor the impact of this choice? Can an app with these permissions access other app data? I am particularly interested in keeping them safe:

  • Browsing history (e.g. Chrome, Firefox …)
  • key ring
  • Files around my hard drive (duhh …)

What is safe and what is not?
How do I know (possibly in real time) what a particular service / process / application with permissions is doing to my computer?

thank you in advance

Is someone trying to steal my password?

I have to make 2 entries to register with my bank. I don't save my password. I recently noticed that when I enter my password, a box appears at the bottom of the screen with the title "Password for this website ZV7Y …..".
I have not clicked the link because I know that this is not correct! Help!

How can someone not steal my Bitcoin with the Dumpprivkey command?

In an online course, the instructor told us that anyone can find a wallet's private key using dumpprivkey (address), where address is the address that is created from the key (which is public in a transaction in the Bitcoin chain is) that this command returns a WIF object. I guess that's not true because then everyone would steal everyone's Bitcoin by looking up the addresses in tx on the Cahin and executing the command. Can someone enlighten me? Dumpprivkey please command