"Call me snake". Plissken is BACK!!!! #SnakePlisskin #escapefromnewyork

https://screenrant.com/escape-from-new-york-john-carpenter-new-entry/

Mastodon 4.6 released today. It lets me force 2FA on accounts.

Also, heads up, I am going to force 2FA on accounts.

Note: this is only applicable to: infosec.exchange
infosec.space
ioc.exchange
convo.casa

⏱️ IDA 9.4 pre-release teasers start now.
First up: wider processor and platform support.

The upcoming release adds a Qualcomm Hexagon module, MCore and C-SKY V1, complete AArch64 SVE/SME, improved TriCore analysis with proper calling conventions, and expanded RISC-V coverage including Hazard3/RP2350 and new vendor extensions.

👉 https://hex-rays.com/blog/ida-9.4-wider-processor-and-platform-support

load bearing hardcoded credentials for national security purposes

Happy Birthday to M. C. Escher, born on June 17, 1898, in Leeuwarden, Friesland, the Netherlands.

Like other famous artists such as Michelangelo, Leonardo da Vinci, Raphael, Picasso, Toulouse-Lautrec and Rubens, Escher was left-handed. Escher was forced at school to become ‘double-handed’, which was beneficial for his artform.

More at https://escherinhetpaleis.nl/en/about-escher/escher-today/left-handedness?lang=en
https://www.dailyartmagazine.com/left-handed-artists/
1/n

RE: https://infosec.exchange/@aristot73/116500590393191853

this aged well #exportcontrols

An ecrime group has somehow gained access to 75k Fortinet firewall devices - dubbed Fortibleed

Blog https://www.infostealers.com/article/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosure/

Check if your domain is impacted: https://www.hudsonrock.com/fortinet

I’ve verified the data is real. They’ve been dumping the Fortinet config - not sure how yet - and then cracking the passwords it appears. Data is being resold online. #fortibleed

So many calcs so little time.

OMG. Apparently tons of people have been generating secrets on an old server-side key generation website that had incredibly weak entropy. Like, 10 bits or something.

The website was allkeysgenerator[.]com. Here is a dump of 1000 keys generated on it. Searching for the URL finds hundreds of people recommending it for key generation.

Some of these snippets have hundreds of GitHub results.

The exact algorithm is unknown but (see below) It generates extremely predictable strings, you can visually see how the delta from character to character is almost constant. Thanks @dramforever for doing some analysis here. Their script here can generate the vast majority of sequences from this website.

Update: This script generates the entire list from a single seed, and large chunks of another.

I'm certain you can break into production websites using these keys for cookie signing etc.