Alexandre Keledjian @dervishe@mastodon.sdf.org
Entropy factor / Lurker at the threshold / ? = +
Interest: bsd /linux /infosec /retrocomputing /spycraft /coldwarhist
https://keybase.io/dervishe/pgp_keys.asc
Joined Aug 2017
"A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and (16) other major vendors."
“We found no consistency in a vendor or product line doing better or showing improvement. There was no evidence that anybody is making a concerted effort to address the safety hygiene of their products,”
https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/
"Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers."
"A security researcher [...] said that organizations that have the expertise to target iPhones can now use a bug in Safari, for example, to “ hack any up to date iPhone.” While it’s still not trivial to hack an iPhone remotely—even with the availability of this bug—the barriers to entry are now much lower"
https://www.vice.com/en_us/article/qvgp77/hacker-releases-first-public-iphone-jailbreak-in-years
"The not-so-secret life of boarding passes":
"What data you might be leaking publicly on that anachronistic piece of paper you discard in the seat in front of you. Turns out it is an awful lot more than you think…"
https://red-goat.com/osint/boarding_passes/
Remember the xkcd Little Bobby Table ? (https://xkcd.com/327/):
Hear the IRL story:
https://www.grahamcluley.com/null-vanity-plate-hack-to-dodge-parking-tickets-backfires-to-the-tune-of-12000/
A propos de l'empreinte énergétique du traffic internet, thread super intéressant: https://twitter.com/chiwawa_42/status/1163052439928528897?s=20
"Australian Signals Directorate launches open source data visualisation tool":
"ASD touts Constellation as a data analysis application enabling data access, federation, and manipulation activities across large and complex datasets."
https://www.zdnet.com/article/australian-signals-directorate-launches-open-source-data-visualisation-tool/
"Trump Administration Asks Congress to Reauthorize N.S.A.’s Deactivated Call Records Program"
https://www.nytimes.com/2019/08/15/us/politics/trump-nsa-call-records-program.html
"La carte vitale sur smartphone"
Ah, puis tu lis ça plus loin dans l'article:
"Par ailleurs, cette application permettra d’éviter la paperasse, mais devrait contribuer à réduire les fraudes."
Et là un instant de doute et tu rigoles...
Connaissent pas Android ces gens-là 🤔 👌 👏 😈
https://sciencepost.fr/la-carte-vitale-sur-smartphone-cest-pour-2021/
Venom Injection: How Ant Stingers Work!:
https://www.youtube.com/watch?v=_jygY-ZHPxQ
"Phone Numbers Exposed By Inconsistent Password Reset Processes": "Lack of standardization of the password reset procedures of web services can help hackers find the phone number linked to a victim's email address."
https://www.bleepingcomputer.com/news/security/phone-numbers-exposed-by-inconsistent-password-reset-processes/
Meet the Knob or when the specs sucks: "The encryption key length negotiation process in Bluetooth BR/EDR Core v5.1 and earlier is vulnerable to packet injection by an unauthenticated, adjacent attacker that could result in information disclosure and/or escalation of privileges." https://knobattack.com/
Remember the times where it was MacIntosh and not only Mac ? 😃
On the second photo, the antenna is for BI-BOP, kind of mobile telephony in France during the nineties: https://fr.wikipedia.org/wiki/Bi-Bop 😍 Unfortunately, i have to find some screens...
This is very astonishing: the brain is able to handle additionnal robotical arms wile it's using to two natural hands in "complicated" tasks: https://twitter.com/mashable/status/1161962488935698432?s=20
Alexandre Keledjian
boosted
**Germany believes no-deal Brexit 'highly likely': Handelsblatt**
"Germany's government expects Britain to crash out of the European Union on Oct. 31 without a deal in place on their future relations, the Handelsblatt business daily reported on Thursday, citing a finance ministry document. "
Security by Biometry you said ? These aren't easy to change:
"Major breach found in biometrics system used by banks, UK police and defence firms" https://www.theguardian.com/technology/2019/aug/14/major-breach-found-in-biometrics-system-used-by-banks-uk-police-and-defence-firms
If http2 is enabled in your server, you will surely need to update it:
"In an advisory today, Netflix says that all the attack vectors are variations of the same theme, where a client triggers a response from a vulnerable server and then refuses to read it. [...] The list includes big names like Amazon, Apache, Apple, Facebook, Microsoft, nginx, Node.js, and Ubuntu."
https://www.bleepingcomputer.com/news/security/multiple-http-2-dos-attacks-disclosed-vendors-release-patches/
Entropy factor / Lurker at the threshold / ? = +
Interest: bsd /linux /infosec /retrocomputing /spycraft /coldwarhist
https://keybase.io/dervishe/pgp_keys.asc
Joined Aug 2017
