PLEASE SHARE ESP TO UNDERREPRESENTED WOMEN LOOKING FOR INFOSEC JOBS: We at Red Queen Dynamics are proud to bring you the Infosec.Exchange State Of The Instance webinar on August 3rd at 11AM Pacific.

Join me, @jerry, Mari Galloway, and Talya Parker to talk about opportunities for underrepresented women in cybersecurity startups after the Twittersplosion removed all our weak social ties. How do we find job postings now that we've all gone to different places? There will be some *very frank opinions* shared.

Get jobs! Talk to Jerry about how I.E. is working to increase the voice of underrepresented women on this platform! Learn from Mari and @TalyaParker about how best to reach to communities respectfully to provide job postings!

Learn more and sign up here: https://redqueendynamics.com/en/blog/infosec.exchanges-state-of-the-instance-navigating-startup-hiring-in-the-post-twitter-world

You know what’s software engineering? Regaining control over a computer 20 billion kilometers away thanks to the design decisions made 50 years prior. #voyager2

SunOS 4.1.4 says it can't possibly be the year 2023: "WARNING: preposterous time in filesystem -- CHECK AND RESET THE DATE!"

sorry SunOS, there's nothing i can do to fix 2023.

So, uh, if you see an orb in public, DO NOT PONDER IT, because it's going to steal your biometrics and give them to the worst people in silicon valley:
https://news.artnet.com/art-world/worldcoin-orb-ai-2341500

Due to popular demand, here is a list of the fedi-services that are part of the infosec.* family:
1 - https://infosec.exchange - Glitch-soc fork of Mastodon (this instance does not block threads.net)
2 - https://relay.infosec.exchange - Activitypub relay
3 - https://video.infosec.exchange - Peertube instance (like youtube)
4 - https://infosec.press - WriteFreely blog*
5 - https://pixel.infosec.exchange - Pixelfed instance (like instagram)
6 - https://matrix.infosec.exchange - Synapse (with sliding sync) homeserver*
7 - https://infosec.place - Akkoma instance (like mastodon)
8 - https://infosec.town - iceshrimp instance (like mastodon)
9 - https://infosec.pub - Lemmy instance (like reddit)
10 - https://fedia.io - General interest mbin instance (also like reddit)
11 - https://fedia.social - General interst Iceshrimp instance
12 - https://elk.infosec.exchange - Elk web interface for Mastodon
13 - https://books.infosec.exchange - Bookworym instance (like goodreads)
14 - https://meetups.infosec.exchange (mobilizon)
15 - https://infosec.space - Glitch-soc fork of Mastodon (this instance does
block threads.net)

*indicates the instance authenticates against Infosec.exchange

For 25+ yrs police, military, intel agencies and critical infrastructure around the world have relied on the TETRA radio standard to secure their critical communications. But now Dutch researchers have examined secret algorithms used in TETRA and found something startling -- an intentional backdoor. This and other issues the researchers found would allow malicious actors to decrypt communications and also, in some cases, send malicious communication to radios to affect critical infrastructure or disrupt police operations and more.
https://www.wired.com/story/tetra-radio-encryption-backdoor/

'Zyxel released a security advisory regarding this vulnerability on April 25, 2023. Subsequently, [CISA] added this security flaw to its [KEV] catalog in May.

'Since the publication of the exploit module, there has been a sustained surge in malicious activity... significant increase in attack bursts starting from May... multiple botnets, including Dark.IoT, a variant based on Mirai, as well as another botnet that employs customized DDoS attack methods'.
https://www.fortinet.com/blog/threat-research/ddos-botnets-target-zyxel-vulnerability-cve-2023-28771

Once again forced to witness the deepest horrors of our reality

The failure of the Internet to deliver its promise is particularly noticeable when you hunt for repair manuals for a product from the 90s. Used to be, the information would either be there or not there, finable or unfindable.

Now, there are hundreds of algorithmically generated sites claiming to have it just because it appeared in their search logs, generating potemkin village content traps with endless paging, broken-thumbnail named-like-the-file-you-want but actually-just-ebay-photos bullshit

@campuscodi and after this writeup I threw the driver in IDA and found another vuln, to escalate a process to protected process or protected process light

i found the same vulnerability in battleye some time ago, which is why lots of bedaisy.sys got added to MS vulnerable driver blocklist

thread with jokes and discussion about how bad this echoac driver is: https://haqueers.com/@Rairii/110720082166451464

xss is just a loser's rce

🚧 Brute-Forcing One-Time Passwords 🚧

My last two threads discussed the probability of brute-forcing OTPs, how to do it effectively and how to defend against attacks.

Here is an overview of the topics covered:

1. Bernoulli Processes 🧮
https://infosec.exchange/@kpwn/110520985360492457

2. Increasing and Decreasing Probabilities 🤞
https://infosec.exchange/@kpwn/110561329301840527

Here's everything compiled into a blog post 📰
https://kpwn.de/2023/06/brute-forcing-one-time-passwords/

Do you find my content valuable?

🔔 Follow me for more web security content.

🔁 Also, boost this toot to spread the word!

#Infosec #CyberSecurity #BugBounty #Pentesting #Hacking #Passwords #OTP #Authentication

Twitter has suspended every single API key not belonging to a Twitter Blue subscriber.

Every. Single. Key. 9to5Mac’s? Dead. Apple’s for iMessage previews? Dead.

Every single API key has been revoked. The Twitter API is officially dead.

Ransomware, but they install an unlicensed copy of Oracle somewhere in your organization and threaten to tell Oracle about it if you don’t pay up.

AI is a lot like fossil fuel industry. Seizing and burning something (in this case, the internet, and more broadly, written-down human knowledge) that was built up over a long time much faster than it could ever be replenished.

Sennheiser makes headphones. Some of its models are very pricy, and others are cheaper. This is a common tactic for firms, selling products at multiple “price points” so it can capture revenue from people willing to pay at different levels.

It’s apparently not very cost effective to make all sorts of different models. But then how do you justify selling headphones at different prices? Why would someone pay hundreds more for the same headphones?

Why, just make one version *shittier.* Turns out Sennheiser was inserting a piece of foam into some of its headphones, to deliberately lower the sound quality, in order to sell the same headphones at different prices to different people.

Once you recognize sabotage for what it is, you can’t help but start to see it in every aspect of your life: a deliberate shittiness imposed on us so someone else can earn a profit.

http://mikebeauchamp.com/misc/sennheiser-hd-555-to-hd-595-mod/

8/8

It is confirmed that Reddit is forcing subreddits to open again. This is according to /r/antiwork moderators.

#reddit #blackout #redditmigration

"Reddit represents one of the largest data sets of just human beings talking about interesting things," Huffman said. "We are not in the business of giving that away for free."

You and me, we're just data sets. Years of interaction with fellow human beings, building community, sharing insight and creativity…it’s all just data. Data to be mined and monetized.

Huffman's not mad Reddit was scraped for a chatbot. He's mad he wasn't paid for the privilege. It's his data, you see. His. Not yours.