For 25+ yrs police, military, intel agencies and critical infrastructure around the world have relied on the TETRA radio standard to secure their critical communications. But now Dutch researchers have examined secret algorithms used in TETRA and found something startling -- an intentional backdoor. This and other issues the researchers found would allow malicious actors to decrypt communications and also, in some cases, send malicious communication to radios to affect critical infrastructure or disrupt police operations and more.
https://www.wired.com/story/tetra-radio-encryption-backdoor/

'Zyxel released a security advisory regarding this vulnerability on April 25, 2023. Subsequently, [CISA] added this security flaw to its [KEV] catalog in May.

'Since the publication of the exploit module, there has been a sustained surge in malicious activity... significant increase in attack bursts starting from May... multiple botnets, including Dark.IoT, a variant based on Mirai, as well as another botnet that employs customized DDoS attack methods'.
https://www.fortinet.com/blog/threat-research/ddos-botnets-target-zyxel-vulnerability-cve-2023-28771

Once again forced to witness the deepest horrors of our reality

The failure of the Internet to deliver its promise is particularly noticeable when you hunt for repair manuals for a product from the 90s. Used to be, the information would either be there or not there, finable or unfindable.

Now, there are hundreds of algorithmically generated sites claiming to have it just because it appeared in their search logs, generating potemkin village content traps with endless paging, broken-thumbnail named-like-the-file-you-want but actually-just-ebay-photos bullshit

As a developer I find automatic closing of brackets, quotes, etc. by editors

@campuscodi and after this writeup I threw the driver in IDA and found another vuln, to escalate a process to protected process or protected process light

i found the same vulnerability in battleye some time ago, which is why lots of bedaisy.sys got added to MS vulnerable driver blocklist

thread with jokes and discussion about how bad this echoac driver is: https://haqueers.com/@Rairii/110720082166451464

xss is just a loser's rce

🚧 Brute-Forcing One-Time Passwords 🚧

My last two threads discussed the probability of brute-forcing OTPs, how to do it effectively and how to defend against attacks.

Here is an overview of the topics covered:

1. Bernoulli Processes 🧮
https://infosec.exchange/@kpwn/110520985360492457

2. Increasing and Decreasing Probabilities 🤞
https://infosec.exchange/@kpwn/110561329301840527

Here's everything compiled into a blog post 📰
https://kpwn.de/2023/06/brute-forcing-one-time-passwords/

Do you find my content valuable?

🔔 Follow me for more web security content.

🔁 Also, boost this toot to spread the word!

#Infosec #CyberSecurity #BugBounty #Pentesting #Hacking #Passwords #OTP #Authentication

Twitter has suspended every single API key not belonging to a Twitter Blue subscriber.

Every. Single. Key. 9to5Mac’s? Dead. Apple’s for iMessage previews? Dead.

Every single API key has been revoked. The Twitter API is officially dead.

Ransomware, but they install an unlicensed copy of Oracle somewhere in your organization and threaten to tell Oracle about it if you don’t pay up.

AI is a lot like fossil fuel industry. Seizing and burning something (in this case, the internet, and more broadly, written-down human knowledge) that was built up over a long time much faster than it could ever be replenished.

Sennheiser makes headphones. Some of its models are very pricy, and others are cheaper. This is a common tactic for firms, selling products at multiple “price points” so it can capture revenue from people willing to pay at different levels.

It’s apparently not very cost effective to make all sorts of different models. But then how do you justify selling headphones at different prices? Why would someone pay hundreds more for the same headphones?

Why, just make one version *shittier.* Turns out Sennheiser was inserting a piece of foam into some of its headphones, to deliberately lower the sound quality, in order to sell the same headphones at different prices to different people.

Once you recognize sabotage for what it is, you can’t help but start to see it in every aspect of your life: a deliberate shittiness imposed on us so someone else can earn a profit.

http://mikebeauchamp.com/misc/sennheiser-hd-555-to-hd-595-mod/

8/8

It is confirmed that Reddit is forcing subreddits to open again. This is according to /r/antiwork moderators.

#reddit #blackout #redditmigration

"Reddit represents one of the largest data sets of just human beings talking about interesting things," Huffman said. "We are not in the business of giving that away for free."

You and me, we're just data sets. Years of interaction with fellow human beings, building community, sharing insight and creativity…it’s all just data. Data to be mined and monetized.

Huffman's not mad Reddit was scraped for a chatbot. He's mad he wasn't paid for the privilege. It's his data, you see. His. Not yours.

Yesterday's new #moveIT vulnerability has been allocated CVE-2023-35708. Patch is out now. #CVE202335708

@jsmall I vaguely remember that? But a follow-up then: how do I know if the database is being updated now or MS just decided to rather implement this feature in MS Cloud Protector 365 Advanced Pro?

Search engines are useless. Windows is packaging Internet features few asked for. The major public sites are sealed tight to avoid third party tools.

Web 1.0 is back, baby!

No random open source application, I do not want to join your Discord channel for support.

There's this really cool technology called hypertext markup language, and if you use it for your documentation another piece of amazing technology called a search engine can help me find the answer I'm looking for

And the real magic is you only have to answer it once and the answer helps anyone. You don't have to answer the same question every day. This frees you up for more fun development

autoexec.bat (credit: Adam Koford)