In my day-to-day work, we analyze millions of files every day, and it's well-known and well-utilized detection evasion techniques to host and serve malware from "trusted" websites. It's so widespread that I did extensive research on that issue. There are well-known apps with $Ms in funding and revenue with a plethora of malware hosted on their servers. Some are even used as C2 servers for data exfiltration. I see an increasing number of companies proactively blocking all traffic to those notorious sites to increase overall network security.
The outcome of my research was the following:
- Disjointed content moderation and cybersecurity departments: Not many companies have content moderation teams equipped to perform malware analysis or make cybersecurity-related decisions (the only company that does an exceptional job in this regard is Meta).
- If hosting malware doesn't impact the company's revenue and reputation, the content moderation team has other priorities.
- Section 230: Companies will refer to Section 230 when asked about hosting malicious content or scanning the content for potential malware.
I see a few false positives. It appears that unsigned software is being labeled as malware, and as grayware on some pages.
Unsigned software is not malware or 'grayware'. It's not inherently malicious.
I'm also seeing coin miners being labeled as malware. They often are, but I'm sure there are misclassificatons along those lines as well in this dataset.
Yes, I've experienced a few poeple drilling the additional drainage holes on the bottom of the outdoor unit, when they experienced similar problems not having a "nordic" unit. With the nordic unit I mean the features mentioned above - heated compressor and the heating condenser vane.
Though, if it's snow blowing directly inside then I think creating some barrier or add additional shielding of the outdoor unit is required,so that you minimize the chance of the snow DDoS-ing the unit (note: check your unit's service manual for the minimum free distances from all sides of the unit, especially the front one that is the most important to be kept enough free space).
My preference is to not need to care about what I'm pasting into my notes app. As I use the app on mobile, desktop OS and store not only organized content there, but also random thoughts, incl. sensitive content. That's I prefer to have it E2EE and use standardnotes.com (no affiliation, I'm just a happy customer)
Last I knew standard notes hid 2FA behind the paywall. Basic security should not be a pay feature. If they're willing to hang non-paying potential customers out to dry what other questionable security choices are they making?
I tried to reason this out with them back when they had a discourse site or forum, I don't recall which it was, and was told, I'm paraphrasing, we're not going to do that and don't ever ask again with no good reasoning given.
Not only a bad look from a security standpoint but also a bad look from a community engagement standpoint. IMO standard Notes is to be avoided.
OT: Spotify is apparently experiencing an outage in Europe [1] so I went to HN to check if it's not being discussed here. Found this thread but it seems it's not related, as here users are being forcefully logged out and unable to login again (hopefully not a hack) even in the latest Android app and up-to-date browsers.
