Perhaps the parent commenter was referring to the section in the report which stating the IOCs indicated that the attackers used the known third-party command and control system named Sliver. There are multiple public yara signatures for Sliver.
I have a few friends who have cashed out through various acquisitions. In every case it made them a "thousandaire". But they were ICs/engineers, not founding management.
Any chance you could elaborate on this? What about stock grants were you unaware of (or misunderstood) until it was too late? What should people reading this watch out for?
I’m not the parent, but it’s really hard to pull a future-proof contract about stock grants. The most frequent shenanigan is probably to dillute the employee shares. Even if you are the CEO, investors can get you fired-in-bad-terms just to cancel out your shares.
Some contracts require 66% or 75% of votes to be able to change the repartition of shares or extend capital, or even any shareholder can veto. Some contracts don’t have conditions.
Philosophically, even if not written in the contract, someone could convince you to dilute at the last minute. The best interest of a buyer is to put the target in close bankruptcy before buying it. Anything is possible in peer-to-peer negotiations, and legal framework can only go so far.
That can't be evaluated without full knowledge of the contract and a lot of knowledge of the personalities involved. There is no 'safety' in dealing with other people, you need to know whom to trust.
they gave a fraction of a fraction of a percent, from a particular share class that likely was subordinate to other liquidity preferences.
like, even if you were personally more informed the outcome wouldn't be different? you would have rooted for an even bigger upside for the whole company.
Once, I reported the VP of engineering for instructing me to commit fraud. I got back "Just do what he says, he's got experience in these things.". Then they hired someone to take over my team.
Another time, I reported someone for sexual assault to HR. I shared the incident without names at first and HR told me "oh, that's awful. Who is it? They need to go.". When I shared the name, I got "oh. Well, they are too important to the company. I'll talk to them."
So... if you're referring to a challenge that did that during one of the DDTEK years of DEFCON-CTF, that was one of mine.
The expectation wasn't to buy time in an adjacent cloud, but to use out of order ip fragmentation or tcp segments, having the servers network stack reassemble the packets such that the read was coherent in one go.
My goal was to teach competitors to model real world challenges of exploitation.
Cool! I don't believe I was referencing any specific challenge. We've had a number of challenges throughout the years that have had these issues. The most common culprits are challenges hosted by Asian organizers, as the ping times from America to some parts of Asia tend to be quite bad sometimes.
The challenge you're describing sounds cool - I wish I'd played it! By the time I started playing DEF CON CTF though, it was with LegitBS as organizers.
The dataset does not appear to discuss the lifecycle of Linux distributions taking the security patches from upstream, nor the update process for all of the downstream distributions.
Something that's been widely discussed elsewhere is how often security issues are silently fixed in Linus's repo and therefore not picked up by distributions for their stable/LTS releases.
I buy the immediacy of patches if you compile your own kernel from the latest kernel.org sources, not if you're relying on distributions.
However, it's not surprising when you consider the massive breadth of software that Microsoft builds, as one of the oldest and largest software development orgs.
(disclaimer: I work for Microsoft, but entirely unrelated to the team that built this.)
The privacy ramifications are intense. As the youth is apt to say, "like woah".
That said, I would love to see a tool that gives work-day insight where the user entirely owns and controls the data.
I've found it helpful to have a summarized report on how much of my work day is spent in meetings and emails verses writing code. It helps me to have data, rather than a vague feeling as to how much time I'm spending on things and how I could optimize my time.
I have no desire for HR or my management to see that information and I fully see where others having that data is ripe for abuse, but for my own sake if I totally control the data, it's useful.
