Look At This Wonderful Gif Of Scallops Getting Scared And Scattering Like A Flock Pigeons

10 and 17 for the writer ask game

Thanks for the ask!

10. Is there a character or ship you'd love to write for, but haven't yet? I am exercising so much restraint to not cheat and answer K4yfour, I'll be real with ya. I'll say Feinberg. He's got a very interesting role in the PJO au that lets me show off a lot of the worldbuilding I've done, so that's exciting. I actually have tried writing for him before, but I haven't fully realized his backstory or character arc, so for now he is contained to the wips. I think he'll be really fun once I get him sorted out though. inspiration you want me so bad

17. What is something you recently felt proud of in your writing? Oooh, tough question. I like how I paced things out in Grave Digging. I really tried to tighten the story, give every word and action a meaning, but leave enough breathing room for the events to reflect on themselves and not rush through the emotional beats. It's also my first multichapter (that might get off the ground - sorry ISAT au, you weren't meant to be), which is awesome!

Ask game

Source

thinkin

it’s kind of crazy how here on the so-called feminism website you literally can’t say something as simple as “dude is an inherently gendered term” without literally dozens upon dozens of people who consider themselves feminists showing up to say “idk i use it in a gender neutral way”. like idk how to tell you this but the fact that masculine words are considered default/neutral and feminine words are not is, in fact a reflection, of a patriarchal society.

turning seasons 🌸🌻🍁❄️

. .

start of new cycle of spring, time to finally posting the full sets!

y'all know that whole left-brained/right-brained thing is fake right? and the "brain fully develops at age 25" thing? and the "we only use 10% of our brains" thing? yeah they're all complete horseshit please yell at anyone who says them

Something to watch for, which I learned from stage magic but which is extremely relevant to detecting scams as well:

The magician or scammer will *tell you* how he is going to prove his honesty.

The magician rifles through the deck until you say "stop", then he says, "Are you sure? I'll keep going if you want." and asks "Now, you agree that you could have stopped anywhere you wanted, so there's absolutely no way I could know which card you got" and because it's a magic show and you aren't paying close attention you didn't notice he didn't deal a card from where you stopped, he dealt the bottom card of the deck.

The magician doesn't ask you, "What would it take for you to believe this" because you might say, "I'd need you to use a sealed deck" or "I'd have to personally shuffle the deck" or some other proof that would make the trick impossible.

Magicians say "You agree that if I did *this*, it would mean *that*, right?" and you say yes, and it feels like you are the one who got to verify things, but of course the magician is lying and the proof is nothing of the kind.

Scammers do the same thing. A really concrete example is phone scammers pretending to be working for the government will say, "Look, I see you're skeptical if I'm who I say I am, I'm going to hang up and call back, and you'll see on the caller ID it says, 'FBI' and that tells you that I'm really working for the government."

Now, caller ID can be spoofed pretty easily, so it doesn't prove anything at all.

But it *feels* to you like you demanded proof and the scammer was willing to give you the proof.

But you didn't tell the scammer what out would take to prove it to you, the scammer told you what the proof would be.

This is actually like a really basic thing to look for if you want to start decoding magic tricks and scams.

Yup returning to necromancy, I’m so back. And you’re so back, and you’re so back, and you’re so back, and you’re

MCSR MAKEUP!!!

day 1: feinberg :3

Malwarebytes

All Gmail users at risk from clever replay attack

All Google accounts could end up compromised by a clever replay attack on Gmail users abusing Google infrastructure.

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service (ENS), a blockchain equivalent of the popular internet naming convention known as the Domain Name System (DNS). Nick received a very official looking security alert about a subpoena allegedly issued to Google by law enforcement to information contained in Nick’s Google account. A URL in the email pointed Nick to a sites.google.com page that looked like an exact copy of the official Google support portal.

As a computer savvy person, Nick spotted that the official site should have been hosted on accounts.google.com and not sites.google.com. The difference is that anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did. Attackers increasingly use Google Sites to host phishing pages because the domain appears trustworthy to most users and can bypass many security filters. One of those filters is DKIM (DomainKeys Identified Mail), an email authentication protocol that allows the sending server to attach a digital signature to an email. If the target clicked either “Upload additional documents” or “View case”, they were redirected to an exact copy of the Google sign-in page designed to steal their login credentials. Your Google credentials are coveted prey, because they give access to core Google services like Gmail, Google Drive, Google Photos, Google Calendar, Google Contacts, Google Maps, Google Play, and YouTube, but also any third-party apps and services you have chosen to log in with your Google account. The signs to recognize this scam are the pages hosted at sites.google.com which should have been support.google.com and accounts.google.com and the sender address in the email header. Although it was signed by accounts.google.com, it was emailed by another address. If a person had all these accounts compromised in one go, this could easily lead to identity theft.

How to avoid scams like this

Don’t follow links in unsolicited emails or on unexpected websites.

Carefully look at the email headers when you receive an unexpected mail.

Verify the legitimacy of such emails through another, independent method.

Don’t use your Google account (or Facebook for that matter) to log in at other sites and services. Instead create an account on the service itself.

Technical details Analyzing the URL used in the attack on Nick, (https://sites.google.com[/]u/17918456/d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/edit) where /u/17918456/ is a user or account identifier and /d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/ identifies the exact page, the /edit part stands out like a sore thumb. DKIM-signed messages keep the signature during replays as long as the body remains unchanged. So if a malicious actor gets access to a previously legitimate DKIM-signed email, they can resend that exact message at any time, and it will still pass authentication. So, what the cybercriminals did was: Set up a Gmail account starting with me@ so the visible email would look as if it was addressed to “me.” Register an OAuth app and set the app name to match the phishing link Grant the OAuth app access to their Google account which triggers a legitimate security warning from no-reply@accounts.google.com This alert has a valid DKIM signature, with the content of the phishing email embedded in the body as the app name. Forward the message untouched which keeps the DKIM signature valid. Creating the application containing the entire text of the phishing message for its name, and preparing the landing page and fake login site may seem a lot of work. But once the criminals have completed the initial work, the procedure is easy enough to repeat once a page gets reported, which is not easy on sites.google.com. Nick submitted a bug report to Google about this. Google originally closed the report as ‘Working as Intended,’ but later Google got back to him and said it had reconsidered the matter and it will fix the OAuth bug.