Martin Schmiedecker

Automotive security by day, online privacy by night. Digital forensics & teaching it in between.

Martin Schmiedecker boosted:
cryptaxcryptax
2025-07-16
Martin Schmiedecker boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2025-07-15

Wrapped up an energising Vulnerability Lookup workshop during @circl’s Virtual Summer School 2025.

Video and slides are now available.

Big thanks to everyone who joined the discussions.

:youtube: Video youtu.be/imkPqA-1mVE
📜 Slides vulnerability-lookup.org/files

#opensource #gcve #vulnerability #vulnerabilitymanagement

@gcve
@cedric
@rafi0t

Martin Schmiedecker boosted:
2025-07-15

If you’re wondering why half the internet broke tonight for a short period, TCS accidentally hijacked Cloudflare.HT @ssamulczyk

Martin Schmiedecker boosted:
2025-07-15

New, at KrebsOnSecurity.com: Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI.

krebsonsecurity.com/2025/07/do

A photograph of Marco Elez. He is wearing a red t-shirt and has brown, tussled hair in this photo.A photo of a hand holding a large phone with a white background and the xAI logo in black. Behind the phone is a lighted computer screen.
Martin Schmiedecker boosted:
Filippo Valsorda (🏝️🔙 Aug 1)filippo@abyssdomain.expert
2025-07-15

Passkeys are an authentication mechanism, but the prf WebAuthn extension lets us use them for symmetric encryption, too!

I wrote about how that works, and how it's implemented in Typage, the TypeScript implementation of age.

Bonus: there's also a CLI plugin to use passkeys stored on FIDO2 hardware tokens.

words.filippo.io/passkey-encry

Martin Schmiedecker boosted:
2025-07-14

Torrent client but you can chat with your peers

Conceptual UI of a chatroom-like panel below a list of peers
Martin SchmiedeckerFr333k@infosec.exchange
2025-07-14

In case you missed the #pwnies nominations for this year, find the stream here: youtube.com/live/TuKPA-CeDFA?t

Martin Schmiedecker boosted:
Catalin Cimpanucampuscodi
2025-07-14

Talks from the RuhrSec 2025 security conference, which took place in February, are available on YouTube

youtube.com/playlist?list=PLbD

Martin Schmiedecker boosted:
bert hubert 🇺🇦🇪🇺🇺🇦bert_hubert@eupolicy.social
2025-07-13

Europe appears to just have given up on doing anything technical. Perhaps we should hurry up & stop pretending we want to do anything ourselves, so we can speed up getting to our eventual destiny of a full time holiday destination for American, Chinese and Russian tourists. And mind you, that is the _best_ outcome I can see right now. therecord.media/spain-awards-c

Martin Schmiedecker boosted:
Merlin.2160p.BDRip.x265.10bitruhrscholz@kif.rocks
2025-07-13

Finally some cursed content

Tutorial

Set up Kubernetes on a Red Hat Enterprise Linux system running on IBM Power servers
A step-by-step guide
Martin Schmiedecker boosted:
Wladimir Muftywlaatje@social.edu.nl
2025-07-13

So #Google “surprisingly” kills #adblockers by removing webRequestBlocking in MV3…
But forgets to clean up one ancient line of C++ that lets you just spoof a WebView ID…

#priceless

0x44.xyz/blog/web-request-bloc

Martin Schmiedecker boosted:
Gaël Duval - /e/OS & Murenagael
2025-07-13

See how /e/OS protects my device from tracking attempts!
Why mobile apps trackers are one of the most impactful threats regarding your privacy and your freedom: read our Privacy Guide at e.foundation/wp-content/upload

Martin Schmiedecker boosted:
2025-07-12

Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially cisa.gov/news-events/ics-advis

Martin Schmiedecker boosted:
jiska 🦄:fairydust:jiska@chaos.social
2025-07-12

The Apple Watch has a closed down ecosystem, only compatible with the iPhone. @trusted_device reverse engineered its interfaces and opened it up for compatibility with Android! ✨ WatchWitch ✨ allows you using your Apple Watch ⌚ on Android devices, interpreting your health data, answering messages on the Watch and more.

Demo video: youtube.com/watch?v=dHz8NHMhtL
Read the full paper: arxiv.org/abs/2507.07210

The WatchWitch app in context, showing the Apple Watch and the paired iPhone as well as the Android phone running the app.
Martin Schmiedecker boosted:
2025-07-11

The Apple Watch uses IPSec over Bluetooth?!?! That’s mildly horrifying but also a certain level of genius

arxiv.org/pdf/2507.07210

Martin Schmiedecker boosted:
pancake :radare2:pancake@infosec.exchange
2025-07-10

eBPF: Unlocking the Kernel [OFFICIAL DOCUMENTARY] youtube.com/watch?v=Wb_vD3XZYOA

Martin Schmiedecker boosted:
René Mayrhofer :verified: 🇺🇦rene_mobile@infosec.exchange
2025-07-09

So, the #Austrian Parliament ignores all expert opinion and ratifies a law to allow #statetrojan #spyware to be bought and used, making the whole population less safe while spending tax money on (non-EU) malware instead of more actual police forces. #Karner has won - at least until #VfGh nullifies it (again) - in getting his legal illusion past the Parliament, even though it can't be technically implemented as written in the law.

orf.at/stories/3399187/

> Nach jahrelanger Diskussion ist die Messengerüberwachung am Mittwoch vom Nationalrat ermöglicht worden. Widerstand gab es nicht nur von FPÖ und Grünen, sondern auch innerhalb der Koalition von NEOS-Abgeordneten. Mit der Vorlage wird es dem Staatsschutz künftig möglich sein, unverschlüsselte und verschlüsselte Nachrichten bei Diensten wie WhatsApp und Signal auszulesen.

Martin Schmiedecker boosted:
2025-07-09

I've now also elaborated some more of my thoughts on this in a (way too infrequent) blog post at laforge.gnumonks.org/blog/2025

Martin Schmiedecker boosted:
Linux Kernel Securitylinkersec@infosec.exchange
2025-07-09

The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction

Article by Pumpkin about the internals of the Ubuntu's implementation of restricting unprivileged user namespaces and figuring out another bypass method.

u1f383.github.io/linux/2025/06

Martin Schmiedecker boosted:
2025-07-09

If you haven’t watched it already, I recommend checking out the “What’s new in passkeys” session from WWDC. It features my colleague Andrew detailing several exciting improvements to passkeys, including the new “Account Creation API” for help native apps create an account (i.e. get the user’s name and email address) that starts off with a passkey — never going through the temporary state of having a password. developer.apple.com/videos/pla

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst