Alexandre Keledjian @dervishe@mastodon.sdf.org
Entropy factor / Lurker at the threshold / ? = +
Interest: bsd /linux /infosec /retrocomputing /spycraft /coldwarhist
https://keybase.io/dervishe/pgp_keys.asc
Joined Aug 2017
This youtube serie made my day:
https://www.youtube.com/watch?v=DHQRZXM-4xI
"Bypassing the WebARX Web Application Firewall (WAF)": https://osandamalith.com/2019/10/12/bypassing-the-webarx-web-application-firewall-waf/
"With Category Theory, Mathematics Escapes From Equality"
"Two monumental works have led many mathematicians to avoid the equal sign. Their goal: Rebuild the foundations of the discipline upon the looser relationship of “equivalence.” The process has not always gone smoothly."
https://www.quantamagazine.org/with-category-theory-mathematics-escapes-from-equality-20191010/
"Putin's Skyfall missile failed a test and exploded in a deadly nuclear accident, the US says":
"The United States has determined that the explosion near Nyonoksa, Russia, was the result of a nuclear reaction that occurred during the recovery of a Russian nuclear-powered cruise missile," the official wrote. "The missile remained on the bed of the White Sea since its failed test early last year, in close proximity to a major population center."
http://www.businessinsider.fr/us/us-putins-skyfall-missile-failed-test-and-exploded-during-recovery-2019-10
Tu le sens venir le moment où ça part définitivement en coui**es ?
https://www.newsweek.com/us-troops-syria-turkey-1464727
*cough cough* "Revealed: Google made large contributions to climate change deniers"
“When it comes to regulation of technology, Google has to find friends wherever they can and I think it is wise that the company does not apply litmus tests to who they support,” the source said.
https://www.theguardian.com/environment/2019/oct/11/google-contributions-climate-change-deniers
"Hunting down Ken's PDP-7: video footage found": http://bsdimp.blogspot.com/2019/10/video-footage-of-first-pdp-7-to-run-unix.html
A very good and interesting project about #osint #twitter:
https://github.com/twintproject/twint 😈
"Cyber Command's latest VirusTotal upload has been linked to an active attack": https://www.cyberscoop.com/cyber-command-virustotal-apt28-kaspersky-zonealarm/
Which one had the stronger password between Dennis Ritchie, Ken Thompson, Brian W. Kernighan, ... ? A journey in the BSD3 sources #history #unix
https://leahneukirchen.org/blog/archive/2019/10/ken-thompson-s-unix-password.html
Etude de l'ANSSI (en)
"Supply chain attacks : menaces sur les prestataires de service et les bureaux d’études":
"Les premières analyses menées pourraient laisser penser à des attaques en deux phases : elles sont temporellement éloignées et aucun lien technique n’a pour le moment été établi entre les deux. La première phase utilise principalement le code malveillant PlugX. La seconde s’appuie essentiellement sur des outils légitimes et le vol d’identifiants de connexion."
https://www.cert.ssi.gouv.fr/cti/CERTFR-2019-CTI-004/
A very good opportunity to switch to floss solutions (gimp, inkscape, ...) 😈
https://www.zdnet.com/article/adobe-to-deactivate-accounts-for-all-venezuelan-users-due-to-us-sanctions/
Big move from GNu maintainers: "We believe that Richard Stallman cannot represent all of GNU. We think it is now time for GNU maintainers to collectively decide about the organization of the project. The GNU Project we want to build is one that everyone can trust to defend their freedom."
http://guix.gnu.org/blog/2019/joint-statement-on-the-gnu-project/
beta server misconfigured + same set of data than prod = 15,000$ BB
"I figured out a way to hack any of Facebook’s 2 billion accounts, and they paid me a $15,000 bounty for it":
"I tried to brute force the 6 digit code on www.facebook.com and was blocked after 10–12 invalid attempts.
Then I looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com. Interestingly, rate limiting was missing from forgot password endpoint."
https://medium.com/appsecure/responsible-disclosure-how-i-could-have-hacked-all-facebook-accounts-f47c0252ae4d
Very interesting #web:
"Interview with a Pornhub Web Developer": https://davidwalsh.name/pornhub-interview
"jQuery and jQueryUI are slowly moving away, so we are going back to more efficient object oriented programming in vanilla JS." 😉
Je ne l'avais pas vu passer celle-ci #alicem
"France Set to Roll Out Nationwide Facial Recognition ID Program":
https://www.bloomberg.com/news/articles/2019-10-03/french-liberte-tested-by-nationwide-facial-recognition-id-plan
Alexandre Keledjian
boosted
Les gens qui utilisent ou connaissent des outils de crosspost twitter->mastodon, vous pouvez me donner les liens vers les dépôts des différents outils ?
(Je connais pas et ça me ferait gagner pas mal de temps)
Merci 🙂
L'idée est de proposer quelque chose comme ça https://github.com/YoloSwagTeam/t2m/issues/22 pour chaque outil (donc t2m c'est fait hein ;) :
- Supprimer les liens raccourcis et autres liens de pistage
- remplacer les liens TW par #Nitter
- remplacer les liens YT par #Invidious
Ouch that hurt... "Attackers are exploiting a zeroday vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models"
"the vulnerability is being actively exploited, either by exploit developer NSO Group or one of its customers"
“This issue is rated as high severity on Android and by itself requires installation of a malicious application for potential exploitation,”
https://arstechnica.com/information-technology/2019/10/attackers-exploit-0day-vulnerability-that-gives-full-control-of-android-phones/
Entropy factor / Lurker at the threshold / ? = +
Interest: bsd /linux /infosec /retrocomputing /spycraft /coldwarhist
https://keybase.io/dervishe/pgp_keys.asc
Joined Aug 2017
