@tweedge@cybersecurity.theater
@tweedge@cybersecurity.theater avatar

tweedge

@tweedge@cybersecurity.theater

Security goon at an online-bookstore-slash-server-rental company, adjunct professor at RIT, janitor for r/cybersecurity, and sporadic FOSS contributor. Cat person. Generally cheerful ^_^

Always trying to learn new things, and I'd rather be corrected than be correct. I try to be correct the first time anyway though!

How can I help?

(posts searchable via tootfinder)

This profile is from a federated server and may be incomplete. Browse more on the original instance.

tweedge, to random
@tweedge@cybersecurity.theater avatar

@jerry Howdy! I'm refreshing my media cache on cybersecurity.theater as I didn't realize lowering the media cache settings has no exception for favorites (ugh. aaand now I'm subscribed to https://github.com/mastodon/mastodon/discussions/19260) - during, I noticed that infosec.exchange links are 403ing when my server tries to re-cache them.

"Error processing 110231093662385392: https://media.infosec[.]exchange/infosecmedia/media_attachments/files/110/231/093/070/987/876/original/2d5fca99ebc73c20.jpeg returned code 403"

cont~

tweedge, (edited )
@tweedge@cybersecurity.theater avatar

@jerry When I go to infosec.exchange directly it seems like the new media storage URLs are "https://media.infosec[.]exchange/infosec.exchange/media_attachments/..." - I can go into my server's database and update 'em with ~relative confidence, but I wonder if it'd be useful for other federated servers if infosec.exchange had a rewrite rule that 302s to the correct directory for old posts?

tweedge, to random
@tweedge@cybersecurity.theater avatar

Internet of Dongs (gah I love them) also got their hands on the "Reddit said this vibrator has malware" vibrator this weekend, pulled it apart, and confirmed it doesn't have malware: https://internetofdon.gs/bad-vibes-or-why-you-shouldnt-trust-everything-you-read-on-reddit/

While my thread ~2 days ago was much less detailed I'm glad that I arrived at the same conclusion ^_^

tweedge, to random
@tweedge@cybersecurity.theater avatar

"Why is my RAM filling up ..."

--- five minutes later ---

"Ahhhh fuck I should have limited the size of that queue"

tweedge, to random
@tweedge@cybersecurity.theater avatar

About the vibrator that allegedly had malware on it 2wks ago... I found a seller and bought one. Say hi!

The people on the thread who pointed out that there wasn't any evidence tying the vibrator to the Redditor's malware download were - of course - downvoted.

And ... so far there are no signs of malware. It doesn't register as a HID or present any storage (therefore it has no autorun.inf). I'll be doing some more setup so I can plug it in and monitor it for an extended period of time.

tweedge, (edited )
@tweedge@cybersecurity.theater avatar

It's possible, though IMHO unlikely, that only some batches of this device had an implant. That'd be a manufacturing change, which gets expensive fast. Also I think you wouldn't do something so obvious if you're running an operation that's going to burn your factory/supplier/etc. reputation.

As funny as it would have been, it's another drop in the POC or GTFO bucket.

Archived thread: https://web.archive.org/web/20240219003151/https://old.reddit.com/r/Malware/comments/1asn02v/malware_from_a_vibrator/

tweedge, (edited )
@tweedge@cybersecurity.theater avatar

Probably not necessary to do anything further to test. I pulled the casing off and the data pins aren't even soldered (hard to get a good angle for this and all I have is my phone camera, sorry - but it is visible).

I'm not a hardware implant expert but from what I can tell, the PCB is not suspicious in any way either. Looks like exactly what kind of complexity and layout I'd expect from a button, battery, and vibration settings controls.

tweedge,
@tweedge@cybersecurity.theater avatar

If there's anything else I can do to test or look at please let me know! I won't toss it for a bit - unfortunately even if there's no malware on it, nobody in my house is going to use it as I am not trusting this to be body-safe, so if there's a destructive test you're interested in don't be shy!

tweedge, (edited )
@tweedge@cybersecurity.theater avatar

Even just did some undue diligence, connected the data pins, and tried again - no change.

tweedge, to random
@tweedge@cybersecurity.theater avatar

Reddit invited my moderation bot to buy shares in their company... fantastic work as always

tek, to random
@tek@freeradical.zone avatar

I just got an email from Reddit inviting me to get some IPO shares at institutional investor prices. It was legitimately from them. This is so weird.

tweedge,
@tweedge@cybersecurity.theater avatar

@tek I was invited, and separately, my moderation bot u/alara_zero was also invited. No idea what Reddit's criteria are.

tweedge, (edited ) to random
@tweedge@cybersecurity.theater avatar

I can't quit Reddit, where else am I going to learn what vibrator I need to buy to get a free infostealer sample? https://www.reddit.com/r/Malware/comments/1asn02v/malware_from_a_vibrator/

Edit - jokes aside, I did actually buy the vibrator, and did not find evidence which links it to this infostealer payload https://cybersecurity.theater/@tweedge/112028170219395768

tweedge,
@tweedge@cybersecurity.theater avatar

Real "gas station weed" vibes

tweedge, to random
@tweedge@cybersecurity.theater avatar

Security team does not use an eye, spy, shield, sword, or lock in their logo challenge 2024 (impossible)

tweedge, to random
@tweedge@cybersecurity.theater avatar

Damn, lot of critical Mastodon fixes. At least the upgrade process is pretty easy.

I wonder if there would be some watchtower-based way to do the update, a point in time backup, and any related migrations automatically? Would probably be more "cool" than "useful" but might be an interesting project.

tweedge, to random
@tweedge@cybersecurity.theater avatar

Readers, I made a lab where students could hunt on a heavily-firewalled host for the one port that was open.

I generated ten pseudorandom numbers. "I'll pick a number that's unlikely enough but still a number that I like, to use as the port number for the only running application," I thought.

I'm preparing to grade now and... discovered that my dumb ass managed to pick a port in the top 500 most used ports, according to nmap.

Can't (well, I can) believe I was this predictable 😩

tweedge, to random
@tweedge@cybersecurity.theater avatar

A friend sent this to me and y'all might enjoy

molly0xfff, to random
@molly0xfff@hachyderm.io avatar

fuck i love blogs. if i had nothing but time i would just read blogs all day.

tweedge,
@tweedge@cybersecurity.theater avatar

@molly0xfff cybersecurity things that I find myself in or around https://chris.partridge.tech/

tweedge,
@tweedge@cybersecurity.theater avatar

@molly0xfff vs. actually smart person writes about cybersecurity https://kellyshortridge.com/blog/posts/index.html

tweedge, to random
@tweedge@cybersecurity.theater avatar

Last call to get authentic devoops stickers from @kefimochi !! https://kefimochi.etsy.com (yes I did just buy a stack for my team)

ChrisShort, to random
@ChrisShort@hachyderm.io avatar

I think it's time to update my two-switch nightmare into a one-switch nightmare. What brand ethernet switch is reliable af and not $300? I'm looking at this one but, not sure: https://mikrotik.com/product/crs326_24g_2s_in

tweedge,
@tweedge@cybersecurity.theater avatar

@ChrisShort I can confirm, Mikrotik switches are rock solid. They're efficient, many are silent, and IMO unbelievably cheap for the hardware quality & stability you get. The UI is not great last I checked (3ish yrs ago) but since most people tweak switch configs only rarely ... it's a fine tradeoff.

tweedge, to random
@tweedge@cybersecurity.theater avatar

The whole "you must buy a new phone every 3-4 years" thing has created some interesting authentication flows.

For example: scanning a QR code on my old device was enough to

  • Log in a new device to my account without prompting 2FA
  • That new device, using only my password (no 2FA again) was able to port over my phone number from my carrier by issuing itself an eSIM tied to my account
  • I was not notified via email, text, etc. about either the new device sign-in or number transfer
tweedge,
@tweedge@cybersecurity.theater avatar

If it feels exploitable, I think that's because it very well could be exploitable. Trick someone into scanning a QR code and following a couple prompts, and you've got access to a hell of a lot of content. Or, can you leverage the auth flows here to create a more silent/subtle device cloning method. Etc.

tweedge,
@tweedge@cybersecurity.theater avatar

@Viss Google Fi (T-Mobile MVNO)

tweedge, to random
@tweedge@cybersecurity.theater avatar
tweedge,
@tweedge@cybersecurity.theater avatar

(I just crossed share ratio 50 - 1.35TB down, 68.64TB up - on Academic Torrents 😁)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • cisconetworking
  • khanakhh
  • mdbf
  • magazineikmin
  • modclub
  • InstantRegret
  • rosin
  • Youngstown
  • slotface
  • Durango
  • tacticalgear
  • megavids
  • ngwrru68w68
  • everett
  • tester
  • cubers
  • normalnudes
  • thenastyranch
  • osvaldo12
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •