'The Milky Way' (detail) by Frida Hansen, (1855 - 1931).

the first thing God does after we die is sit us down and cook us dinner

Everything in my life feels like an obligation not an option.

I dunno what to do about that...

Sitting here in tears listening to the last stanza of Under Pressure:

Cause love's such an old-fashioned word And love dares you to care for the people on the edge of the night And love dares you to change our way of caring about ourselves This is our last dance This is our last dance This is ourselves

Under pressure Under pressure Pressure

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service (ENS), a blockchain equivalent of the popular internet naming convention known as the Domain Name System (DNS). Nick received a very official looking security alert about a subpoena allegedly issued to Google by law enforcement to information contained in Nick’s Google account. A URL in the email pointed Nick to a sites.google.com page that looked like an exact copy of the official Google support portal.

As a computer savvy person, Nick spotted that the official site should have been hosted on accounts.google.com and not sites.google.com. The difference is that anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did. Attackers increasingly use Google Sites to host phishing pages because the domain appears trustworthy to most users and can bypass many security filters. One of those filters is DKIM (DomainKeys Identified Mail), an email authentication protocol that allows the sending server to attach a digital signature to an email. If the target clicked either “Upload additional documents” or “View case”, they were redirected to an exact copy of the Google sign-in page designed to steal their login credentials. Your Google credentials are coveted prey, because they give access to core Google services like Gmail, Google Drive, Google Photos, Google Calendar, Google Contacts, Google Maps, Google Play, and YouTube, but also any third-party apps and services you have chosen to log in with your Google account. The signs to recognize this scam are the pages hosted at sites.google.com which should have been support.google.com and accounts.google.com and the sender address in the email header. Although it was signed by accounts.google.com, it was emailed by another address. If a person had all these accounts compromised in one go, this could easily lead to identity theft.

How to avoid scams like this

Don’t follow links in unsolicited emails or on unexpected websites.

Carefully look at the email headers when you receive an unexpected mail.

Verify the legitimacy of such emails through another, independent method.

Don’t use your Google account (or Facebook for that matter) to log in at other sites and services. Instead create an account on the service itself.

Technical details Analyzing the URL used in the attack on Nick, (https://sites.google.com[/]u/17918456/d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/edit) where /u/17918456/ is a user or account identifier and /d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/ identifies the exact page, the /edit part stands out like a sore thumb. DKIM-signed messages keep the signature during replays as long as the body remains unchanged. So if a malicious actor gets access to a previously legitimate DKIM-signed email, they can resend that exact message at any time, and it will still pass authentication. So, what the cybercriminals did was: Set up a Gmail account starting with me@ so the visible email would look as if it was addressed to “me.” Register an OAuth app and set the app name to match the phishing link Grant the OAuth app access to their Google account which triggers a legitimate security warning from [email protected] This alert has a valid DKIM signature, with the content of the phishing email embedded in the body as the app name. Forward the message untouched which keeps the DKIM signature valid. Creating the application containing the entire text of the phishing message for its name, and preparing the landing page and fake login site may seem a lot of work. But once the criminals have completed the initial work, the procedure is easy enough to repeat once a page gets reported, which is not easy on sites.google.com. Nick submitted a bug report to Google about this. Google originally closed the report as ‘Working as Intended,’ but later Google got back to him and said it had reconsidered the matter and it will fix the OAuth bug.

Serrabone Priory, France, 2020. Bruno Rabanel.

The last two things Pope Francis did were to call for peace in Gaza and tell JD Vance to fuck off. Iconic end.

Augustus Egg - A Cottage Garden (1863)

Title: Seascape Artist: Alfred Richard Gurrey Sr. (American [born England], 1852-1944) Date: 1920 Genre: seascape Medium: oil on canvas Location: Hawaii State Art Museum, Honolulu, HI, USA

The nonprofit group that runs Wikipedia was threatened by Ed Martin, the interim United States Attorney for the District of Columbia, in a letter accusing it of “allowing foreign actors to manipulate information and spread propaganda to the American public.”

“Wikipedia is permitting information manipulation on its platform, including the rewriting of key, historical events and biographical information of current and previous American leaders, as well as other matters implicating the national security and the interests of the United States,” Martin wrote in a letter dated Thursday that was first reported by The Free Press.

The letter accuses the Wikimedia Foundation, the organization behind the online encyclopedia, of violating a tax code that requires nonprofits to operate exclusively for “religious, charitable, scientific, testing for public safety, literary, or educational purposes.”

Investigations into the tax-exempt statuses of nonprofits are usually handled by the Internal Revenue Service, not criminal prosecutors, The Free Press noted, citing the IRS complaint process.

Martin said in the letter that his office received information that Wikipedia’s “information management policies” have benefited “foreign powers.” He claimed that Wikipedia subverts “the interests of American taxpayers” due to its board being made up “primarily of foreign nationals.”

“Masking propaganda that influences public opinion under the guise of providing informational material is antithetical to Wikimedia’s ‘educational’ mission,” Martin wrote.

Wikipedia editor Molly White told the Washington Post that Martin’s letter is another way Trump and his allies are “weaponizing laws to try to silence high-quality independent information.”

Kaoru Yamada

embroidery from peacockandpinecones my friends and I have been losing our minds over all morning.