Posts
2579
Following
628
Followers
1401
"I'm interested in all kinds of astronomy."
repeated

as is tradition, I just published my commentary on this year's Verizon Data Breach Investigations Report (aka ): https://kellyshortridge.com/blog/posts/shortridge-makes-sense-of-verizon-dbir-2025/

In the post, I include the following sections covering what I felt were the most notable insights and facets in the report:

🌍 So, what?

πŸ’ƒ Espionage: fast fashion or couture?

πŸ‘» APTs go BWAA-haha >:3

πŸ’Έ How do the money crimes generate money?

πŸ€– Attackers are still not really using GenAI

πŸ‘©β€πŸ³ If you can’t make your own 0day, store-bought creds are fine

πŸ”“ was the real supply chain threat all along

πŸ„ Things Rot Apart

πŸ•΅β€ Scooby Doo's Spooky Kooky Corporate IT Caper

🌈 At least some things are improving somewhere

Go forth and enjoy my commentary, and then make sure to find me at to tell me what you loved or hated Tuesday 14:30 at the @fastlydevs booth (where you'll also get a free copy of my book ✨)

thanks @alexcpsec for the early copy <3

1
8
0
repeated

Open Source Security mailing list

Trailing dot in Cygwin filenames https://openwall.com/lists/oss-security/2025/04/25/5
"foo" and "foo." are equivalent in DOS. This carried forward into contemporary Windows cmd.exe, explorer.exe (File Explorer), the usual file access APIs. But Cygwin actually creates a file with the dot.

0
2
0
repeated

A phrase I've been repeating a lot on vendor calls, regarding prevention vs. detection:

I want to win; I don't just want to know why we lost.

2
6
0
repeated
3081. PhD Timeline
Show content

title text: RΓΌmeysa Γ–ztΓΌrk was grabbed off the street in my town one month ago.

(https://xkcd.com/3081)
(https://www.explainxkcd.com/wiki/index.php/3081)

2
10
0
repeated

lol, more reason to hate Synology if you needed some - they threatened to sue Linus Sebastian if he *mentioned* a hack to put Synology OS onto other hardware https://www.youtube.com/watch?v=H1COU0ZpLQU

0
1
0
@csepp @Daffodil Emmarozsban egy konnyu ebed jol hangzik piacozas utan!
2
0
0
@csepp @Daffodil nincs, de nyitottak vagyunk az ajanlatokra! mindenki johet, en is csaladdal vagyok, szoval nem kell 100% kockulni :)
1
0
1
2025 OffensiveCon agenda - just the usual awesomeness

https://www.offensivecon.org/agenda/2025.html
1
2
4
repeated

joernchen :cute_dumpster_fire:

Parser Differentials have become pretty much my favorite bug class over the last years.

I am absolutely honored to get the chance to present on this topic at OffensiveCon in a few weeks.

https://www.offensivecon.org/speakers/2025/joernchen.html

3
6
1
repeated

For those playing along at home, here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433:

  • ConfD, ConfD Basic
  • Network Services Orchestrator (NSO)
  • Smart PHY
  • ASR 5000 Series Software (StarOS) and Ultra Packet Core
  • iNode Manager ( No fix planned. )
  • Ultra Cloud Core - Access and Mobility Management Function
  • Ultra Cloud Core - Redundancy Configuration Manager
  • Ultra Cloud Core - Session Management Function
  • Ultra Cloud Core - Subscriber Microservices Infrastructure
  • Enterprise NFV Infrastructure Software (NFVIS)
  • Small Business RV Series Routers RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P ( No fix planned. )

The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):

  • Wide Area Application Services (WAAS) Software
  • Virtualized Infrastructure Manager
  • Catalyst Center, formerly DNA Center
  • Ultra Cloud Core - Policy Control Function
2
3
0
repeated

Who doesn't like RCE in Viastat modems? Well here's two of them. Happy Friday.

https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the β€œSNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

https://nvd.nist.gov/vuln/detail/CVE-2024-6198

https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

https://nvd.nist.gov/vuln/detail/CVE-2024-6199

2
2
0
@csepp yup! We're in town for the weekend, we can have a drink or stg if you are around
1
0
0
repeated

Let's get this started, people!

The guest of today is one TMS70C42A by TI. It is a 8-bit MCU carrying 4KB of ROM and 256B of RAM, with three timers and a UART.

This particular die was bit by gremlins, and a small part of it is missing; nothing crucial though. Let's have a walk around. 🧡

SiPron page: https://siliconpr0n.org/archive/doku.php?id=infosecdj:ti:tms70c42a

1
3
0
repeated
Edited 8 hours ago

With bluesky (mostly) going down for a few hours today, I got to wondering about how decentralized the fediverse really is in terms of where its servers are hosted. I grabbed a server list from fedidb, with network information coming from ipinfo.io .

[EDIT: I did a better analysis on a dataset of 10x as many servers, see https://discuss.systems/@ricci/114400324446169152 ]

These stats are by the number of *servers* not the number of *users* (maybe I'll run those stats later).

fedidb currently tracks 2,650 servers of various types (Mastodon, pixelfed, lemmy, misskey, peertube, etc)

The fediverse is most vulnerable to disruptions at CloudFlare: 24% of Fediverse servers are behind it. Also note that this means that I don't have real data on where this 24% are located or hosted, since CloudFlare obscures this by design.

Beyond CloudFlare, the fediverse is not too concentrated on any one network. The most popular host, Hertzner, only hosts 14% of fediverse servers, and it falls off fast from there.

Here are the top networks where fediverse servers are hosted:

504 Cloudflare, Inc.
356 Hetzner Online GmbH
130 DigitalOcean, LLC
114 OVH SAS
56 netcup GmbH
55 Amazon.com, Inc.
55 Akamai Connected Cloud
36 Contabo GmbH
33 SAKURA Internet Inc.
32 The Constant Company, LLC
31 Xserver Inc.
28 SCALEWAY S.A.S.
24 Google LLC
23 Oracle Corporation
16 GMO Internet Group, Inc.
14 IONOS SE
14 FranTech Solutions
11 Hostinger International Limited
10 Nubes, LLC

Half of fediverse servers are on networks that host 50 or fewer servers - that's pretty good for resiliency.

There is even more diversity when it comes to BGP prefixes, which is good for resiliency: for example, the cloud providers that have multiple availability zones will generally have them on different prefixes, so this gets closer to giving us a picture of the specific bits of infrastructure the fediverse relies on.

The top BGP prefixes:

55 104.21.48.0/20
50 104.21.16.0/20
48 104.21.64.0/20
41 104.21.32.0/20
41 104.21.0.0/20
38 104.21.80.0/20
32 172.67.128.0/20
31 172.67.144.0/20
28 172.67.208.0/20
28 162.43.0.0/17
27 104.26.0.0/20
26 172.67.192.0/20
26 172.67.176.0/20
23 172.67.160.0/20
19 116.203.0.0/16
17 172.67.64.0/20
17 159.69.0.0/16
16 65.109.0.0/16
14 88.99.0.0/16
14 49.13.0.0/16
13 78.46.0.0/15
13 167.235.0.0/16
13 138.201.0.0/16
11 95.217.0.0/16
11 95.216.0.0/16
11 49.12.0.0/16
11 135.181.0.0/16
10 37.27.0.0/16
10 157.90.0.0/16

75% of fediverse servers are behind BGP prefixes that host 10 or fewer servers, meaning that the fediverse is *very* resilient to large network outages.

Top countries where fediverse servers are hosted:

871 United States
439 Germany
156 France
148 Japan
75 Finland
57 Canada
49 Netherlands
38 United Kingdom
26 Switzerland
26 South Korea
21 Spain
19 Sweden
18 Austria
17 Australia
15 Russia
12 Czech Republic
10 Singapore
10 Italy

And finally, a map of the locations of fediverse servers:
https://ipinfo.io/tools/map/91960023-e8c6-4bee-9b07-721f2c8febab

9
24
0
repeated

πŸ“… Mark your calendars!

https://www.hexacon.fr/

0
4
0
Razdan-3 soviet transistor computer used for ballistics/rocket calculations. Portable (with enough trucks)!

https://en.m.wikipedia.org/wiki/Razdan_(computer)
1
0
4
repeated

Remember the "You wouldn't steal a car" PSA? Turns out they pirated both the font AND the music. Exhibits:

font info: https://fontsinuse.com/uses/67480/piracy-it-s-a-crime-psa

pirated font embedded in this PDF: https://web.archive.org/web/20051223202935/http://www.piracyisacrime.com:80/press/pdfs/150605_8PP_brochure.pdf

and about the music: https://www.theransomnote.com/music/news/antipiracy-advert-music-was-stolen/

EDIT: more context re the composer, music, and royalties; the story is ofc more nuanced and apparently debunked: https://torrentfreak.com/sorry-the-you-wouldnt-steal-a-car-anti-piracy-ad-wasnt-pirated-170625/

1
9
0
repeated

A perfect 10 in SAP NetWeaver? Yes please. πŸ₯³

https://me.sap.com/notes/3594142

sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

https://nvd.nist.gov/vuln/detail/CVE-2025-31324

1
3
0
repeated

Citrix, and another case of:

client: let me in!
server: no, why?
client: this sweet ass header says you should
server: can't argue with that. have a good time, admin.

https://attackerkb.com/topics/7zebEgmGLs/cve-2024-6235

1
5
0
repeated

🐣 CRACKME RESULTS are OUT! πŸ’₯

Congrats to rt_saber for being so quick.

Kudos to all those who hammered CloudFlare hard.

https://github.com/phrackzine/crackme/blob/main/easter-2025/teaser-challenge-solution.md

0
4
0
Show older