tweedge

tweedge, 4 months ago to random

A friend sent this to me and y'all might enjoy

tweedge, 9 months ago to random

Find of the day - someone dropped an AtlasVPN #0day on Reddit. The AtlasVPN daemon on Linux runs an HTTP server to accept CLI commands, it binds to 127.0.0.1:8076 by default.

What's hilarious is that it accepts commands without ANY authentication - so if you open a malicious webpage, that webpage can fire a POST to 127.0.0.1:8076/connection/stop and instantly disconnect your VPN.

Utter garbage.

Source: https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/

Proof below - used AtlasVPN's latest Linux client, version 1.0.3.

AtlasVPN 1.0.3 0day demonstration where I start their VPN client, connect, and confirm my IP is now hidden. I then visit a malicious page that disconnects me from AtlasVPN, revealing my original IP.

tweedge, 6 months ago to random

Oh your company is right-sizing? Why aren't you laying off any of the upper management who wrong-sized it? 👀

tweedge, 11 months ago to reddit

This is going to burst some bubbles, but traffic levels on #Reddit (AFAIK) appear to be close to normal, including mobile traffic. Data is from r/cybersecurity and may not be representative, would love to see other mods post data.

Those that left will be paving the way for a content-filled threadiverse - we'll see if the next wave of enshittification is as-tolerated if there are more lively alternatives.

tweedge, 10 months ago to random

Just checked my seedbox and found that someone downloaded a file I wasn't expecting would ~ever be downloaded, lol

Whoever is out there that actually downloaded the full genome sequence of my cat Aida (a whopping 30GB of data) that I published exclusively on Mastodon, you're my role model <3

And yes, this is real. Thread: https://cybersecurity.theater/@tweedge/108298759311976108

kwf, 23 days ago to linux

One of the fun parts of being a #Linux mirror operator is that you get to deal with China Mobile using ISO download mirrors to fix their traffic ratios with other ISPs at peering points.

Looks like they've moved to using Slackware now...

tweedge, 9 months ago to infosec

In case anyone was still wondering, yes, we've reached critical mass with the #InfoSec community on the fediverse. You can boost cool research/findings/etc. on Mastodon they'll be picked up by mainstream news outlets.

Alternative social media is gaining ground...

tweedge, 11 months ago to random

"The average consumer just doesn't need symmetric upload bandwidth" - ISPs

Mhm mhm yep yes and you've repeated that for 30+ years, creating a wider and wider moat between download and upload speeds, and now my parents are backing up 1.6TB of family photos/videos over a "10 Mbit" upload connection that shits itself if you push 8 Mbit. But at least they have 300 Mbit download, of which they rarely utilize more than 20%.

ugh.

tweedge, 8 months ago to infosec

Is it general knowledge in the #InfoSec community that publisher #Packt solicits fraudulent reviews to boost their products?

Usually they're better at feigning that they want "unbiased" reviews in exchange for free products, but not today. https://web.archive.org/web/20231007040533/https%3A%2F%2Fold.reddit.com%2Fr%2Fcybersecurity%2Fcomments%2F171tzby%2Fbook_reviewing_opportunity%2F

This isn't a one-off either - extensive history from other "DevRel Marketing Executives" on Reddit include guerrilla marketing from u/Namita_Packt & soliciting reviews from u/Ankur_Packt + u/Royreddituser3 + u/kunal_packtpub + etc.

tweedge, 10 months ago to infosec

Shamelessly re-plugging @netsec (r/netsec deeplink bot) for all my #InfoSec peoples - the past few posts are exactly the kind of cool, diverse research I was missing while moving more off Reddit. It's a great way to get exposed to new topics/ideas from folks I may have never heard of!

tweedge, 2 years ago to random

r/cybersecurity discusses joining the US military:

tweedge, 9 months ago to random

I'm looking into "are deceptive links on social media typically malicious" and the answer is no (of course) and the most popular deception in 2023 by far is still linking to Rick Astley's Never Gonna Give You Up on YouTube (OF COURSE)

tweedge, 10 months ago to random

Doing my part to influence corporate decision-making by responding to recruiters promptly and politely on LinkedIn, even when I'm not looking for a job, informing them:

1. Fully remote work must be supported for engineering roles
2. Salary range needs to be disclosed up-front
3. The salary range is too low for the role description

Probably doesn't really do anything but it's fun to imagine that if enough people did this, it could help nudge the market in the right direction.

tweedge, 2 years ago to random

This #caturday I have a little something special. Source material.

Everyone reading: "What?"

Source material - that is to say, 30.3 GB of whole genome sequencing results for my cat, Aida.

tweedge, 8 months ago to random

Remind your friends and loved ones that "hiring a hacker" to get into lost/hacked accounts is a #scam. Someone's redoubled their efforts ... from r/cybersecurity_help (<10k members) my scammer-detecting bot is going nuts in the past 24h.

All of these are true positive findings, and all of them are referencing fraudulent Instagram accounts that offer these "services." Of course Meta doesn't do shit about it, even for ultra-long-lived/obviously-fraudulent accounts ex. instagram[.]com/reels_cr4ck

tweedge, 8 months ago to random

The absolute ecstasy of slapping a pesky salesperson with a Data Protection Act request to divulge how they got my personal information, then delete it >>>

I wish all my USA citizen friends could enjoy the perks of GDPR and GDPR-derived laws

tweedge, 8 months ago to random

Alright. Fuckit. What's the real benefit of serving #malware samples in an encrypted zip with a password of "infected" ?

Protecting morons from themselves: they'd unzip and run, and disable AV/un-quarantine files/etc. if blocked anyway

Protecting against misclicks: people are going to unzip/unpack, then same issue

Malware downloads a second stage from a sample website: decrypts it seamlessly

Evading firewalls/etc: people will have to disable their protections anyway ...

What am I missing?

tweedge, 4 months ago (edited 4 months ago) to random

I've been pruning through Academic Torrents and looking for neat cybersecurity-adjacent data, papers, etc. for a while. I started pulling together a themed collection tonight - calling it The Cybersecurity Academic's Seedbox: https://academictorrents.com/collection/the-cybersecurity-academics-seedbox

Slowly building up the creative fuel in there - even despite its small size it already has: malware, machine learning papers, spam emails, internet census data, scraped data, etc. Fun stuff!

I'll keep adding to this as time goes on :)

tweedge, 4 months ago to random

The whole "you must buy a new phone every 3-4 years" thing has created some interesting authentication flows.

For example: scanning a QR code on my old device was enough to

• Log in a new device to my account without prompting 2FA
• That new device, using only my password (no 2FA again) was able to port over my phone number from my carrier by issuing itself an eSIM tied to my account
• I was not notified via email, text, etc. about either the new device sign-in or number transfer

tweedge, 4 months ago to random

Last call to get authentic devoops stickers from @kefimochi !! https://kefimochi.etsy.com (yes I did just buy a stack for my team)

tweedge, 14 days ago to random

I'm getting ready to move my family away from Chrome because of the Manifest V3 rollout - my grandparents especially need always-on and enhanced-filtering-by-default adblocking for safety reasons. I'm a little worried about moving to Firefox because they're marketing a lot of new unrelated features (VPN? come on) that are likely to confuse my grandparents. Do y'all have suggestions for simple, family-friendly browsers? I'm looking at Vivaldi as a possibility here but open to anything, really.

tweedge, 8 days ago to random

Super tiny project release - do you have a Tor site? Do you want to make sure it's online? Do you also have any service that includes "Cron monitoring" or "scheduled task monitoring" (ex. OhDear)?

If the answer to all three is yes, here's a super simple 30MB Docker image to make sure your Tor site is online! https://github.com/tweedge/tor-uptime-monitor