Just a paranoid giving up a little temporary safety for an essential liberty. Infosec.
The sky above the port was the color of television, tuned to a dead channel. --William Gibson
π΄ββ οΈ > π₯·
The moment you think you got it figured, you're wrong.
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereβs over 2m of them and itβs about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
Are we all millenials here or is that a misperception?
Could people boozt this? I am so curious.
Are you a:
Fantastic talk if you missed it (watch till the end, its justπ) https://media.ccc.de/v/39c3-the-heartbreak-machine-nazis-in-the-echo-chamber#t=0 #39c3
Happy new year to all!
The "Bluetooth Headphone Jacking" talk at #39c3 was awesome, too. They reversed a popular SOC that powers Bluetooth earbuds and headphones.
They found that (even without being paired to the headphone), they could dump flash and RAM from the device. Then they dumped a bunch of info from the device - e.g. the #Bluetooth address and "master" encryption keys used for the communication with paired devices (e.g. a #phone).
Then they impersonated the headphone from their laptop and connected to the phone (pretending to be the headphone).
The headphone (or the laptop impersonating the phone) has permissions to do some things on the phone, e.g. accept calls, increase/decrease volume, etc.
Then they started recovering access a #WhatsApp account via some account recovery mechanisms. That required some one-time security key which would normally be delivered via SMS, but that could be delivered via phone call as a fallback option, too. Since the phone thought it was connected to the Bluetooth headphone, phone call audio would go to the laptop via Bluetooth.
As the cherry on top, they escalated into the victim's #Amazon account.
Scary shit. #YouCannotBeParanoidEnough #security
The perfect snow plow name doesn't ex...
I stand corrected.
C.R.E.A.M. ( 2025 )
πΆ Cloudflare ruins everything around me πΆ
@krypt3ia Some states have outlawed the automated ticketing for just that reason. Additionally, many times they can't prove who the driver is. The whole thing is just a poor design and a money grab.
@krypt3ia hacked the camera-- you really should slow down....
Happy Max Headroom hack to all that celebrate! https://en.wikipedia.org/wiki/Max_Headroom_signal_hijacking
Mensahβs expression was not critical, but I can tell you the face she was making did not indicate that she thought Tural or Indah or anybody in the immediate area was doing a great job.
I am on my way home to Toronto and the aurorae are absolutely phenomenal. If you are anywhere in the northern half of the continent, get outside and look up! Or better still, put your camera on a 10 second exposure and point it up.
It's my fediversary! Three years ago today I said goodbye to several hundred thousand followers at the nazi bar and joined this community. No regrets! Thanks for making me want to stick around :)
Just sayin'
My god, WHAT is in those Epstein files that has him so terrified of swearing in Vote Number 218?
βI will not bring the House back to session until the Congress negotiates a budget that it needs to passβ is pretty much a pure pi-r-squared circle.
@hacks4pancakes -- random, but just wanted to say keep up the good fight.
