@mdfranz @dangoodin @tychotithonus I have no intention to do so, I only want to setup simple-ass WebAuthn.

@dangoodin @tychotithonus Thanks, I tried that, but problem is I'm on Linux that is apparently not compatible with passkeys, so I can't even add a security key.

@mumblegrepper you should use K&R or similar as mouse pad for best energy

U.S. Treasury: Treasury Sanctions Technology Company for Support to Malicious Cyber Group
Treasury bites back at China: the Office of Foreign Assets Control (OFAC) sanctioned Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its role in multiple computer intrusion incidents against U.S. victims. These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. critical infrastructure sectors.

Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure.

See the joint FBI, CNMF and NSA advisory People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations (PDF) from 18 September 2024. cc: @nattothoughts

#integritytech #ofac #treasury #sanctions #china #flaxtyphoon #cyberespionage #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI

@tychotithonus How do I get to the point to register? Where do I click on the web interface?

(This is fucking ridiculous btw.)

Some people have asked that 404 Media moves from a magic link system (to login you are emailed a link to click) to a user/password system. We're four journalists trying to spend as much time as possible doing journalism. We don't want your password https://www.404media.co/we-dont-want-your-password-3/

Why do vendors claim reliable and secure and then have vulns like this?? Let me guess, ping again?? https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo

⚠️ If you use iTerm with the SSH integration functionality: some debug code accidentally shipped to production and it may be logging the entire session to /tmp... on the REMOTE server. If you SSH to shared hosts with iTerm, you'll probably want to look into deleting that as quickly as possible https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog

Does anyone know how to add a new security device to a Google account? It seems the UI only supports passkeys now, but I don't want passkeys.

ghidra-r2web is a project to expose the functionality of #Ghidra to #radare2. After some compatibility fixes I refactored the original Ghidra script into a plugin for better integration and maintainability:

https://github.com/radareorg/ghidra-r2web/tree/master/GhidraR2Web

As I don't have much experience with r2 I can only rely on feature requests to add functionality that makes sense, so please use the issue tracker liberally!

IMO this is also a great opportunity to discuss possible improvements of the r2web protocol to support more integrations.

/cc @pancake

Please Boost: To all Hacker Spaces in Berlin. I have a decommissioned server to give away. So far, I have been unable to find a beneficiary.

**Who wants this server?**
HP ProLiant DL360 Gen9 - 2 CPU E5-2697 v3 @ 2.60GHz, 128 GB DDR4, 2x 900GB SAS.

Pick-up in Berlin Kreuzberg.

Somebody fooled Google AI to believe that EU mandated RS-232 usage in 1997 :)
#retrocomputing #rs232 #fakehistory

@bagder Someone is testing their spam bots?

🎨Art by algixmc

"Apple has agreed to pay $95 million to settle a lawsuit alleging that its voice assistant Siri routinely recorded private conversations that were then sold to third parties for targeted ads." https://arstechnica.com/tech-policy/2025/01/apple-agrees-to-pay-95m-delete-private-conversations-siri-recorded/

[2412.20324] AFLNet Five Years Later: On Coverage-Guided Protocol Fuzzing

https://arxiv.org/abs/2412.20324

#frombsky

I have tentatively done the work needed to get #Tailscale Taildrive sharing working on #illumos / #solaris.

It works for me. @papertigers please take a look!

https://github.com/nshalman/tailscale/releases/tag/v1.78.1-taildrive-sunos

The world's richest man has joined a growing chorus of right-wing voices attacking Wikipedia as part of an intensifying campaign against free and open access information. Why do they hate it so much?

https://www.citationneeded.news/elon-musk-and-the-rights-war-on-wikipedia/

#Wikipedia #ElonMusk #USpolitics #USpol

@vulnerability_lookup @wdormann the vulnerability reporter Yuki Chen says CVE-2024-49113 and is incorrectly tagged as Denial of Service when it should be "information leak": https://twitter.com/guhe120/status/1874605842353594579

heres a work related question for you, if you are in a position where you can hire consulting companies to help with security work (red/blue/eng/etc):

would it be handy to be able to buy a single day of effort, 7hrs of effort, 1hr reporting, and get a report worth sharing with either partners, customers, or leadership?

I'm thinking of building out a new offering. A one-day triage/best-effort assessment. internal, external, whatevs - dealers choice.