Web Monetization makes it easier than ever to offer new payment solutions, and getting started is simple:
Download the Web Monetization beta extension:
Chrome | Firefox | Edge
Sign up for an Interledger Wallet to start supporting and engaging with content in a whole new way!
Connect your wallet and explore flexible payment options for your consumers.
Want to get started? Learn more at: https://webmonetization.org/
@ozoned is live on Owncast!
Catch the stream here: https://stream.ozoned.net/
Announcement: Beta Launch of Web Monetization!
Web Monetization is here to offer more content support for owners and publishers, while consumers can access content on their own terms.
Today, we announce the beta release of the Web Monetization extension, allowing for seamless micropayments powered by Interledger Wallets.
Read all the details in our blog: https://interledger.org/news/announcing-interledger-foundations-web-monetization-extension-beta-release
Tech Tuesday 
February 25, 2025 – Progress Report
#Beyond365DaysOfCode Day 56 #100DaysOfCode Day 56
Daily Reading:
freeCodeCamp news – 1 article Daily.dev – 1 article
Vim: Practiced plugin configurations (30 min)
Trello: Updated the board
freeCodeCamp: Full Stack Developer Program
Small steps every day lead to big results. Keep coding! 
#TechTuesday
This #Lemmy post https://programming.dev/post/22672085 links to the recording of the talk I gave earlier in the year, about how #dotNet #dotNetMAUI and other #programmers #developers can get the most out of #Mastodon and the #Fediverse in general. Show to people you want to come here, or watch yourself if you feel like you could learn more about it.
CC @andypiper @evanprodromou@evanp.me @evanprodromou@socialwebfoundation.org @Gargron @mapache @alvinashcraft @alvinashcraft.com @jamesmontemagno
Fraud Alert: Beware the SIM Swap Scam.
#TechTip brought to you by Yours *TrulyJuly*.
#YoursTrulyJuly #TechTuesday #TechBlogger #TechBlog #Scam #Spam #Phishing #ScamAlert #FraudAlert #BeCyberSmart #GetCyberSafe #ThinkBeforeYouAct #ThinkBeforeYouPost #InternetSafety #OnlineSecurity #eSafety #CyberSecurity #DataSecurity #CyberTips #online #digital #DigitalMarketing #OnlineMarketing #ContentMarketing #Hack #Trick #SocialEngineering #usability #UX #UserExperience #techie…
https://trulyjuly.wordpress.com/2024/12/03/fraudalert-beware-the-sim-swap-scam/
#TechTuesday
ICYMI did you know that you can use your #mouse #ScrollWheel to #scroll horizontally? All you have to do is hold down the shift-key at the same time. I saw (and boosted) a post about this recently, and it's life-changing - so much easier than trying to grab the thin and almost invisible scroll-bar! (thanks Microsoft for making everything harder to use due to your never-ending commitment to giving us changes we didn't want)
Tech News: Google Calendar finally offers dark mode.
#TechNews brought to you by Yours *TrulyJuly*.
#YoursTrulyJuly #TechTuesday #TechBlogger #TechBlog #TechTip #tech #techie #digital #online #DigitalMarketing #OnlineMarketing #techsupport #DarkMode #DarkTheme #GoodDesign #usability #UX #UI #UserExperience #UXdesign #UIdesign #WebDesign #DesignThinking #CustomerJourney #ContentMarketing #GoodPractice #BetterDigitalWorld #ContentIsKing #QualityOverQuantity #VAC…
https://trulyjuly.wordpress.com/2024/11/26/technews-google-calendar-finally-offers-dark-mode/
It’s all in the details 
On this #TechTuesday, get an up-close look at the new KB998 machine 
The worst case has happened: Hackers have managed to breach your network and elevate their privileges to their ultimate goal: Domain Admin.
Today, we will take a look at one of the attacks that this absolute nightmare scenario makes possible for attackers: Golden Tickets (MITRE T1558.001)
But let’s start at the beginning: Kerberos authentication. When a user logs in, a Ticket Granting Ticket (TGT) is issued to the user. Put very simply, the ticket contains, among other things, the username to identify the user. To prevent users from simply modifying a ticket and impersonating other users, the ticket is encrypted.
The encryption key that secures the ticket is essentially the password hash of a user called krbtgt. This makes the krbtgt user one of the most sensitive, if not the most sensitive, user in an Active Directory domain. If this user's password is weak or the password (hash) is compromised, the entire domain is compromised.
This is because attackers can use this password hash to forge their own tickets and impersonate any user they want. They simply create a ticket with the username they want and encrypt it with the password hash. They now have an authentication ticket that, if done correctly, is virtually indistinguishable from a real ticket.
And that's what’s called a “Golden Ticket”. And there are many tools available to attackers, the most prominent of which are: Mimikatz, Rubeus and Impacket.
The fact that it abuses legitimate functionality, makes it difficult to detect a Golden Ticket attack. However, there are a few things that you can look out for:
* Are there TGS requests (Event 4769) without the original TGT being issued by the KDC (Event 4768)?
* Is RC4 encryption being used?
* Strange TGT parameters (e.g. very long lifetimes)?
* Are there logins from sensitive accounts that aren’t normally used (e.g. the default domain administrator account)?
Additionally, you can also look for signs of Pass the Ticket attacks (MITRE T1550.003).
To mitigate this attack, the krbtgt password should be changed whenever a highly privileged user leaves the organization and additionally on a fixed schedule (and, of course, if you suspect a compromise). Make sure that the password is very, very strong.
But changing the password once is not enough. It has to be changed twice because of the password history. However, be careful not to do this in quick succession. The change must be replicated to other domain controllers first. Otherwise, you risk severe authentication problems.
In the recent years it has become increasingly difficult for attackers to get their malware on victim computers. But, it is far from impossible, which today's technique can easily demonstrate: "Obfuscated Files or Information: HTML Smuggling" (MITRE T1027.006).
Okay, first a bit of theory about HTML Smuggling.
Instead of directly sending a malicious or even suspicious file over the wire, an attacker can use an HTML file to smuggle the malicious file. Often, the smuggled file is placed compressed and encrypted somewhere in the HTML file. Upon opening, JavaScript is used to extract the malicious file and drop it to disk with browser API's like msSaveBlob.
Enough with the theory! You can test whether you are susceptible to this kind of attack in our newest article. There we provide two links to HTML pages that try to download harmless executable files via HTML Smuggling. So try it yourself:
English: https://lutrasecurity.com/en/articles/html-smuggling/
German: https://lutrasecurity.com/articles/html-smuggling/
It is very difficult to actually defend against this kind of attack, since the malicious file is only assembled in the victims browser and the data can be obfuscated with JavaScript. Therefore, a web gateway cannot really help here. Blocking JavaScript and the HTML5 features used by this attack is also not a viable solution, because it will probably break something like 99% of the internet.
However, you can block the download of potentially malicious files through JavaScript in browsers. But remember, such files can also be contained in other normally harmless files, such as ZIP archives.
So there is no 100%-working, painless solution to defend against HTML smuggling. Therefore, it is best to always assume that undetected malicious files could be on your employees' computers and build a defense in depth strategy.
Progress Report - October 1, 2024 
Tuesday Tech Journey: • #365DaysofCode Day 275 • #100daysofcode Day 9 • #freeCodeCamp #Round_3_100daysofcode • #MySQL 
Learning Highlights:
Daily Reading:
freeCodeCamp News: 1 article 
Daily.dev: 1 article 
SoloLearn: Intro to SQL 
Stanford: Databases - Relational Databases and SQL ~ Day 6
Onward to more coding and learning! Let’s keep the momentum going! 
Good Practice Tip: Notify users when redirected to a different site.
#Good #Practice #Tip brought to you by Yours *TrulyJuly*.
#GoodPracticeTip #YoursTrulyJuly #TechTuesday #TechBlogger #HowTo #tech #digital #online #DigitalMarketing #OnlineMarketing #ContentMarketing #usability #UX #UserExperience #uxdesign #WebDesign #DesignThinking #CustomerJourney #BetterDigitalWorld #InternetSafety #OnlineSecurity #ConsumerProtection
Usability Fail: Google Doodle promotes shooting street signs.
#UsabilityFail brought to you by Yours *TrulyJuly*.
#YoursTrulyJuly #TechTuesday #TechBlogger #TechBlog #TechTip #tech #techie #digital #online #DigitalMarketing #OnlineMarketing #usability #UX #UI #UserExperience #uxdesign #uidesign #WebDesign #DesignThinking #CustomerJourney #ContentMarketing #GoodPractice #BetterDigitalWorld #ContentIsKing #QualityOverQuantity #VAC #ValueAddedContent #Google…
Usability Fail: Microsoft blocks its own content.
#GoodPractice #Tip brought to you by Yours *TrulyJuly*.
#YoursTrulyJuly #TechTuesday #TechBlogger #TechBlog #TechTip #tech #techie #digital #online #DigitalMarketing #OnlineMarketing #usability #UX #UI #UserExperience #uxdesign #uidesign #WebDesign #UsabilityFail #DesignThinking #CustomerJourney #ContentMarketing #GoodPractice #BetterDigitalWorld #ContentIsKing #QualityOverQuantity #VAC #ValueAddedContent
https://trulyjuly.wordpress.com/2024/08/27/usabilityfail-microsoft-blocks-its-own-content/
𝚂𝗆𝖺𝗋𝗍𝗆𝖺𝗇 𝙰𝗉𝗉𝗌
