en4rab

@en4rab@infosec.exchange

Cybersecurity and hardware hacking

This profile is from a federated server and may be incomplete. Browse more on the original instance.

malwaretech, to random

I saw a TikTok recommending putting olive oil in cappuccino. I love olive oil and I love cappuccino, so I was super excited to try it. Can't get over how well it did not work. Somehow combining two things I like turned into undrinkable coffee.

en4rab,

@malwaretech I heard that putting Pepto Bismol in your coffee made it delicious, please report back 😂​

jerry, to random

Someone needs to go stunt hack something so the media can move on from this toothbrush story

en4rab,

@jerry Someone needs to work out how to steal a car with an ice hockey stick and shut Canada down.

en4rab, to random

A fantastic job opportunity here, a German train company are looking for a Windows 3.11 Administrator https://www.gulp.de/gulp2/g/projekte/agentur/C00929028

malwaretech, to random

The downside of being on TikTok is occasionally some cybersecurity person will find out I'm on there and try to use it to call into question my credibility as a security professional. Then I basically have to try and nicely explain the nuance risks posed by the platform and how it fits into my own threat model, knowing full well they're just going to have an aneurism the second China is mentioned and then the American exceptionalism brain worms will be taking over the conversation.

en4rab,

@malwaretech Just ask them how they like their Lenovo laptop

mattblaze, to photography
@mattblaze@federate.social avatar

AT&T Long Lines Oak Hill Tower, San Jose, CA 2021.

This unusual Brutalist tower was part of the former AT&T terrestrial microwave network that once carried the bulk of US long distance telephone traffic. The (long since disconnected) horn antennas are too big and heavy to remove.

Too many pixels at https://www.flickr.com/photos/mattblaze/51261791084

en4rab,

@mattblaze and HF radio https://sniperinmahwah.wordpress.com/2018/05/07/shortwave-trading-part-i-the-west-chicago-tower-mystery/

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

Pretty incredible report here about what is likely lawful interception of TLS encrypted communications (used by basically every web service) targeted at an instant messaging service popular in Russia..

the TLS communications were being recertificated in the middle (similar to how enterprise firewalls do TLS decryption) for six months to snoop on communications.. it only got rumbled as somebody (drum roll) let the interception certificate expire by mistake.

https://notes.valdikss.org.ru/jabber.ru-mitm/

en4rab,

@GossiTheDog facebook has a tool that will bonitor Certificate Transparency logs and alert you when certs are issued for domains or homographs of domains you are monitoring are issued, im not sure if there are any other similar services https://developers.facebook.com/tools/ct/subscriptions

PhilipLeftwich, (edited ) to random

Every year we run a "graph crimes" lecture for my data analysis class - so people - what are the most egregious crimes you have seen committed this year?

en4rab,

@j_bertolotti @PhilipLeftwich also @ChartCrimes on twitter, aparently they have moved to mastodon but I don't know where https://twitter.com/ChartCrimes

0x58, to infosec

Belgium’s intelligence service has been monitoring Alibaba’s main logistics hub in Europe for espionage following suspicions Beijing has been exploiting its growing economic presence in the west.

https://web.archive.org/web/20231006050435/https://www.ft.com/content/256ee824-9710-49d2-a8bc-f173e3f74286

en4rab,

@0x58 given the wild and totally unrelated items AliExpress reccomends to me based on aparently a random number because I have never bought similar items and the fact its easier to search for stuff on aliexpress using google than their own sites search im not sure they will be able to extract any meaningfull data from my purchase history

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

deleted_by_author

    •
    en4rab,

    @GossiTheDog forced to turn it off or forced to turn it off for the UK?

    revk, to random
    @revk@toot.me.uk avatar

    Wow, have gone down hill.

    I have someone that does not know the difference between a card payment and Direct Debit (froze the card in response to request to refund a direct debit).

    They do not know what a direct debit is, calling them "subscriptions".

    They are not able to understand the payments have gone through and need refunding.

    They don't know the direct debit guarantee.

    This is terrible. I have asked to be transferred 4 times now.

    Bills How do direct debits work? PAID FROM Set Payment from a Pot Put money aside for this payment 10:50 They are direct debits. As you clearly lack training, please transfer me to someone competent now. 10:50 ° Can you see the word subscription? 10:51 Can you see the words direct debit 10:51

    en4rab,

    @revk Ask them how to make a pipe bomb lol https://infosec.exchange/@geordie@aus.social/111186662718884422

    malwaretech, to random

    FML, It looks like the Airline Pilots Union is going to force the FFA to close the charter loophole because it's taking business away from major airlines. The loophole allows carriers running planes with 30 seats or less to operate like private jets and not force passengers to go through security. It was the last remaining not completely garbage experience of commercial air travel.
    https://simpleflying.com/faa-close-regulatory-charter-loophole/

    en4rab,

    @malwaretech This seems like it would result in less pilots as small planes would no longer have an advantage, im not sure the Airline Pilots Union has thought this through.

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    deleted_by_author

    •
    en4rab,

    @GossiTheDog all requests must have the X-cyberwar header and all IP packets must have the evil bit set

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    deleted_by_author

    •
    en4rab,

    @GossiTheDog @tomwarren Like a drunk ex calling you at 3am asking for one more chance

    hdm, to random

    This is the article to send to your IT team when they refuse to enforce boot-time PINs for BitLocker:

    Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop: https://www.errno.fr/BypassingBitlocker.html by Guillaume Quéré

    en4rab,

    @Rairii @hdm This is a pretty good sigrok decoder for spi TPM traffic https://github.com/ghecko/libsigrokdecoder_spi-tpm and if you export the trace and write a script to turn it into a pcap wireshark has a TPM dissector

    en4rab,

    @hdm @Rairii I just read that post properly instead of skimming it, you absolutely need to capture CS# no wonder he had problems, some machines have the TPM and SPI flash on the same spi bus

    jerry, to random

    I do wonder if how the 4% retention rate for Infosec.exchange accounts (over 6 months) compares to other social media platforms. I am guessing it’s really low due to the challenges we have.

    en4rab,

    @GossiTheDog @jerry @0xtero Today's Twitter hammer seems to be rate limiting, If i try to view anything I get a toast popup informing me "Sorry, you are rate limited. Please wait a few moments then try again." but I can still post, presumably screaming into the void if everyone else is rate limited too 😂​

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • tacticalgear
  • DreamBathrooms
  • cisconetworking
  • osvaldo12
  • ngwrru68w68
  • magazineikmin
  • thenastyranch
  • Youngstown
  • ethstaker
  • rosin
  • slotface
  • mdbf
  • kavyap
  • anitta
  • InstantRegret
  • Durango
  • tester
  • everett
  • cubers
  • GTA5RPClips
  • khanakhh
  • provamag3
  • modclub
  • Leos
  • normalnudes
  • megavids
  • lostlight
  • All magazines
    •