Post AV1gCS0PXD6CQCnImW by dushman@asbestos.cafe
(DIR) More posts by dushman@asbestos.cafe
(DIR) Post #AV0ZwWOQf2hsVq5ckC by Cloudguy@sackheads.social
2023-04-24T22:44:06Z
7 likes, 18 repeats
For those who trust me:Goto your Amazon account, sign out of all your devices, everything, everywhere all your Echos (yes I know it's a pain), reset your password, delete 2FA and any tokens and reset them. Now.That doesn't include Fido / Yubikeys but does include Auth tokens.Do it now.As much a pain as it is to reset Echo and all smart devices, trust me, please do it.I can't tell you more yet, but I am being ethical and you need to actually realise I have a clue.It's been a scary day
(DIR) Post #AV0fb3FgPY4xmE90uO by topher@mastodon.online
2023-04-25T00:33:14Z
0 likes, 0 repeats
@Cloudguy This is a bit vague. Is this applicable to strictly Amazon accounts with devices e.g. Echos? All Amazon accounts whatsoever, including those only used for shopping and never connected with any "smart" devices like Echos or vacuum cleaners? Does this apply to AWS? I understand you can't divulge any specific details, but it would be helpful to know what you're suggesting is impacted to know what to preventatively lock down and redo 2FA.
(DIR) Post #AV0fb3vVu1XVrxiQ6q by Cloudguy@sackheads.social
2023-04-25T06:52:41Z
0 likes, 0 repeats
@topher Its not vague It's a blanket, sign out of everything, reset your password, turn off 2FA then immediately turn it back on and regen Auth QRs or whatever you use, Yubikey not affected
(DIR) Post #AV0fb4adR8QtvUxGCm by varx@infosec.exchange
2023-04-25T11:45:34Z
0 likes, 0 repeats
@Cloudguy @topher It's at least a little bit vague. :-) I used to have the same login for the ecommerce and AWS sites, but I don't any more; I don't recall what happened, but I think they've separated them, or encouraged people to separate them.For people with *AWS-only* accounts, does anything need to be done? Because that's the bigger lift.
(DIR) Post #AV0fb5HsqL1m5dBncG by feld@bikeshed.party
2023-04-25T12:03:23.022295Z
0 likes, 0 repeats
AWS forced the accounts to be separate recently yeah
(DIR) Post #AV0fb6RqWmahgorGme by varx@infosec.exchange
2023-04-25T11:52:21Z
0 likes, 0 repeats
@Cloudguy Or to put it more pointedly: How about those of us at work, with AWS-only accounts that have never connected to the shopping site or to IoT thingies? Or is this really just specific to the shopping site/IoT?
(DIR) Post #AV1cnMsn91wDQnZvTU by jbwharris@mstdn.ca
2023-04-24T23:17:18Z
0 likes, 0 repeats
@Cloudguy I don’t know you, but at the same time will use this opportunity to freshen up my Amazon security all the same knowing most people like yourself don’t sound the alarm without good reason 😬
(DIR) Post #AV1cnNboRdwzgQdseG by Cloudguy@sackheads.social
2023-04-24T23:18:26Z
0 likes, 1 repeats
@jbwharris then I suggest you Google me, over 2bn people a day rely on my security globally including a dozen US agencies including FBI, CDC, FEMA and Ford
(DIR) Post #AV1crks9tR36zbNGFc by bowreality@mstdn.ca
2023-04-25T00:16:22Z
0 likes, 0 repeats
@Cloudguy How do I sign out? Is there one spot in my amazon account? Or do I go from device to device? I only use kindle on iPhone/iPad/Mac. No amazon devices.
(DIR) Post #AV1crlLa82aKSr8l72 by jbwharris@mstdn.ca
2023-04-25T00:26:00Z
0 likes, 0 repeats
@bowreality @Cloudguy look under the Compromised Account section, sign out everywhere is in there
(DIR) Post #AV1crlvjxbVaH03dTM by Cloudguy@sackheads.social
2023-04-25T00:27:47Z
0 likes, 0 repeats
@jbwharris @bowreality from a company who ask you to send them your SSID and password for your WiFi who have never admitted they scan and report on your network every day and send back nice JSON files of your network gear profiles to HQ.I am so angry right now
(DIR) Post #AV1crmN2K7LJdepR1E by JustinDerrick@mstdn.ca
2023-04-25T12:10:07Z
0 likes, 0 repeats
@Cloudguy @jbwharris @bowreality This is why I don’t have any voice assistants at home. IoT gets a separate WiFi network. Streaming boxes get their own wired network. None of them can see each other, I have to switch my laptop between them to manage devices there.
(DIR) Post #AV1crmqoXPA780lDQu by Cloudguy@sackheads.social
2023-04-25T12:13:28Z
3 likes, 3 repeats
@JustinDerrick @jbwharris @bowreality you do know that the Alexa Echo devices constantly vet and actively vet all your WiFi ? And then call home with a nice .json file ?
(DIR) Post #AV1dmgdgJ0vuMvkXlw by bougiekitty@mastodon.online
2023-04-25T16:51:09Z
0 likes, 0 repeats
@Cloudguy Not to be that person, but this all thread is very "Trust me, bro" and seemingly little substance. Rather than this dramatic display, why can't you tell us more yet, what do you have beyond Amazon sending network metrics?
(DIR) Post #AV1dmi5iuExSsBsS7U by Cloudguy@sackheads.social
2023-04-25T17:52:39Z
0 likes, 0 repeats
@bougiekitty we are all looking at you over the rims of our glasses
(DIR) Post #AV1dmimcKlGl1Dwhyi by bougiekitty@mastodon.online
2023-04-25T17:57:08Z
0 likes, 0 repeats
@Cloudguy I look forward to seeing your publication on this sudden discovery of yours - I'd like to be proven wrong in my thinking that it's nothing more than overly dramatic scaremongering
(DIR) Post #AV1dmjIARSVSb4hu9g by Cloudguy@sackheads.social
2023-04-25T17:58:52Z
0 likes, 0 repeats
@bougiekitty it's not sudden I've been working on this 17 months
(DIR) Post #AV1dmjlag42g4KTP16 by bougiekitty@mastodon.online
2023-04-25T18:07:01Z
0 likes, 0 repeats
@Cloudguy Forgive me for my pessimism - there's a lot of people online who start a call to action with "Trust me" "I can't tell you more" - compounded with the taking steps as though an account is compromised, and devices on your network have to be removed immediately. I'm honestly interested to learn more on your discovery when the time comes
(DIR) Post #AV1dmkGQpOiDbyu25Y by Cloudguy@sackheads.social
2023-04-25T18:20:41Z
0 likes, 1 repeats
@bougiekitty don't trust me, trust me. I won't lose sleep. Or you can follow the guidance given and say thank you Either or I am making pizzas and trying to keep up with my inbox which is overflowing
(DIR) Post #AV1do4INpwzq1mRkW0 by Cloudguy@sackheads.social
2023-04-25T15:20:30Z
0 likes, 1 repeats
@Zyraph @jbwharris @bowreality it's the biggest security problem and capex problem Amazon never knew they had and the worst thing is is I can't tell you more.I'd love to but I am maintaining ethics
(DIR) Post #AV1doP9wGXiejfenlg by topher@mastodon.online
2023-04-25T14:05:54Z
0 likes, 0 repeats
@Cloudguy I mean that it is vague as to who is impacted by your possible upcoming advisory. Strictly users of Amazon hardware (e.g. Echos, robot vacuum cleaners, et al)?
(DIR) Post #AV1doPsbaTRqyCYTOC by topher@mastodon.online
2023-04-25T14:44:29Z
0 likes, 0 repeats
@Cloudguy Or was the discussion of nearby SSIDs and device information auxiliary and not directly related to the primary concern you're warning about?
(DIR) Post #AV1doQZV0zl97EcjFQ by Cloudguy@sackheads.social
2023-04-25T15:09:33Z
0 likes, 1 repeats
@topher it's more a wtf is this EULA where I allow a device to report back a complete site survey at pentest level ?
(DIR) Post #AV1e6AhKltcx64kWB6 by ringo@talk-here.com
2023-04-25T23:21:53.951997Z
1 likes, 0 repeats
@Cloudguy people use echos and alexas and so on?too rich for my paygrade all of it. :)sounds like some opsec breach in production servers?
(DIR) Post #AV1eEG0otftptaiebg by 1ns0mniak@cyberstorm.one
2023-04-25T23:23:22.825523Z
1 likes, 0 repeats
@Cloudguy @bougiekitty Whatever, I have inside dirt on PornHub, say thank you.
(DIR) Post #AV1fH1oyDQeqho3thI by dushman@asbestos.cafe
2023-04-25T23:35:05.875093Z
0 likes, 2 repeats
@Cloudguy cc @meso @Moon @animeirl I think you should smash the echo (corporate surveillance device) with a rock instead :gnujihad:
(DIR) Post #AV1fIa6gEBrjKX5Od6 by MischievousuTomatosu@boks.moe
2023-04-25T23:35:20.832841Z
0 likes, 0 repeats
@dushman @meso @Cloudguy @Moon @animeirl why
(DIR) Post #AV1fUNLrTdMBFIoLHU by dushman@asbestos.cafe
2023-04-25T23:37:30.455870Z
0 likes, 0 repeats
@MischievousuTomatosu @meso @Cloudguy @Moon @animeirl ?Because it datamines the fuck out of you
(DIR) Post #AV1fYFoBSqcF0duLkO by dushman@asbestos.cafe
2023-04-25T23:38:12.725068Z
0 likes, 0 repeats
@MischievousuTomatosu @Cloudguy @Moon @animeirl @meso consoom corporate surveillance devicesget excited for next corporate surveillance devices
(DIR) Post #AV1fj1QBIOKVZdoc4m by Moon@shitposter.club
2023-04-25T23:40:05.891856Z
0 likes, 1 repeats
@dushman @meso @MischievousuTomatosu @Cloudguy @animeirl i have an alexa but i'm gonna replace it with the foss thing i forget the name of
(DIR) Post #AV1fjqNnozjLd25vwu by animeirl@shitposter.club
2023-04-25T23:40:18.280042Z
1 likes, 1 repeats
replace it with a homepod!
(DIR) Post #AV1fkN1cSUasrmyBSC by MischievousuTomatosu@boks.moe
2023-04-25T23:40:22.757038Z
0 likes, 0 repeats
@dushman @meso @Cloudguy @Moon @animeirl lol alrightthe apple homepod seems more useful, i know anemone has one
(DIR) Post #AV1fkcFHrxRK4WToLA by meso@asbestos.cafe
2023-04-25T23:40:26.394207Z
1 likes, 0 repeats
@Moon @dushman @MischievousuTomatosu @Cloudguy @animeirl mycroft
(DIR) Post #AV1fkx54P8kEgurRpY by MischievousuTomatosu@boks.moe
2023-04-25T23:40:29.242984Z
0 likes, 0 repeats
@dushman @meso @Cloudguy @Moon @animeirl yea ngl
(DIR) Post #AV1fnM4sRC7inSutiS by MischievousuTomatosu@boks.moe
2023-04-25T23:40:55.258158Z
0 likes, 0 repeats
@meso @dushman @Cloudguy @Moon @animeirl mycrotch
(DIR) Post #AV1fw8RMVhLR6jcXI0 by meso@asbestos.cafe
2023-04-25T23:42:31.495594Z
0 likes, 0 repeats
@animeirl @dushman @MischievousuTomatosu @Cloudguy @Moon spyware :marseyglow:
(DIR) Post #AV1g45BSVAYVKAyIRk by dushman@asbestos.cafe
2023-04-25T23:43:57.900290Z
1 likes, 1 repeats
@Cloudguy @MischievousuTomatosu @Moon @animeirl @meso I'm knowledgeable about technology so I will never touch an IoT device. I will always use mechanical locks and manual light switches.
(DIR) Post #AV1g7THlLgNOwXXIQa by dushman@asbestos.cafe
2023-04-25T23:44:33.749568Z
0 likes, 0 repeats
@Cloudguy @MischievousuTomatosu @Moon @animeirl @meso Their security is fucking awful
(DIR) Post #AV1gCS0PXD6CQCnImW by dushman@asbestos.cafe
2023-04-25T23:45:28.632540Z
0 likes, 0 repeats
@Cloudguy @MischievousuTomatosu @Moon @animeirl @meso I don't even use wifi on anything besides my phone and I got it on WPA3 with a very strong password
(DIR) Post #AV1gInfnt6itMOBPMW by dushman@asbestos.cafe
2023-04-25T23:46:37.530803Z
0 likes, 0 repeats
@Ukko @meso @MischievousuTomatosu @Cloudguy @Moon @animeirl Nah, even if they weren't spying on you they would still suck.
(DIR) Post #AV1gJ1z6g8TxkJK1OS by MischievousuTomatosu@boks.moe
2023-04-25T23:46:38.073346Z
0 likes, 0 repeats
@dushman @meso @Cloudguy @Moon @animeirl wow look at mr security here
(DIR) Post #AV1gMs03k8exwBb8vA by Tony@clew.lol
2023-04-25T23:47:21.262261Z
1 likes, 0 repeats
Can confirm - no trust for “dick”
(DIR) Post #AV1gNHRZ90W6qjexlY by meso@asbestos.cafe
2023-04-25T23:47:25.817867Z
0 likes, 0 repeats
@MischievousuTomatosu @dushman @Cloudguy @Moon @animeirl Yes :gigachad:
(DIR) Post #AV1gPZTF5iERL3XJ5s by meso@asbestos.cafe
2023-04-25T23:47:50.691482Z
1 likes, 0 repeats
@Tony @dushman @MischievousuTomatosu @Cloudguy @bot @Moon @animeirl Always trust the corporations. They're always correct.
(DIR) Post #AV1gRThrUe2W2ZHeGO by MischievousuTomatosu@boks.moe
2023-04-25T23:48:08.107346Z
0 likes, 0 repeats
@dushman @Ukko @meso @Cloudguy @Moon @animeirl i find them sort of cool but have no idea what i would do with one
(DIR) Post #AV1gRU24HWCd3Ejml6 by dushman@asbestos.cafe
2023-04-25T23:48:11.596195Z
0 likes, 0 repeats
@MischievousuTomatosu @meso @Cloudguy @Moon @animeirl wpa3 is nice, also wifi6 ¯\_(ツ)_/¯
(DIR) Post #AV1gSp0rlHYgPXoUuO by MischievousuTomatosu@boks.moe
2023-04-25T23:48:24.874545Z
0 likes, 0 repeats
@meso @dushman @Tony @Cloudguy @bot @Moon @animeirl unironically
(DIR) Post #AV1gYSOKmShTzOTfRQ by dushman@asbestos.cafe
2023-04-25T23:49:27.219308Z
0 likes, 0 repeats
@MischievousuTomatosu @Ukko @meso @Cloudguy @Moon @animeirl If it ain't broke, don't fix it. Traditional solutions just work and don't send your data to Chinese servers.
(DIR) Post #AV1gZjRarhFRANbszQ by MischievousuTomatosu@boks.moe
2023-04-25T23:49:39.037830Z
0 likes, 0 repeats
@dushman @meso @Cloudguy @Moon @animeirl i dont have wifi 6 sadly. i do have wpa2 with a strongish password but eh, nothing weird ever happened over here
(DIR) Post #AV1gap7PFlVL3Sgixs by dushman@asbestos.cafe
2023-04-25T23:49:52.916861Z
0 likes, 0 repeats
@MischievousuTomatosu @Cloudguy @Moon @animeirl @meso wifi 6 is fast as fuck
(DIR) Post #AV1gcgHJ5mksDTCkrY by dushman@asbestos.cafe
2023-04-25T23:50:13.023050Z
0 likes, 0 repeats
@MischievousuTomatosu @meso @Cloudguy @Moon @animeirl Install openwrt
(DIR) Post #AV1gdIoboPyLjl4t2u by meso@asbestos.cafe
2023-04-25T23:50:19.585955Z
1 likes, 0 repeats
@bot @dushman @MischievousuTomatosu @Tony @Cloudguy @Moon @animeirl Good take
(DIR) Post #AV1gdaglMKOLAdXsJc by dushman@asbestos.cafe
2023-04-25T23:50:22.977161Z
0 likes, 0 repeats
@MischievousuTomatosu @Cloudguy @Moon @animeirl @meso https://openwrt.org/
(DIR) Post #AV1gdcaSIkXD3ebrlI by MischievousuTomatosu@boks.moe
2023-04-25T23:50:22.398368Z
0 likes, 0 repeats
@dushman @Ukko @meso @Cloudguy @Moon @animeirl snazzylabs made a video about making his own homepod-controlled iot system that had offline/analog fallbacks and it seemed nice
(DIR) Post #AV1geori8WJ5QbFgvo by dushman@asbestos.cafe
2023-04-25T23:50:36.198793Z
0 likes, 0 repeats
@Cloudguy @MischievousuTomatosu @Moon @animeirl @meso you'll get more features and control
(DIR) Post #AV1gfvNdOqFNvIi98C by MischievousuTomatosu@boks.moe
2023-04-25T23:50:47.277050Z
0 likes, 0 repeats
@dushman @meso @Cloudguy @Moon @animeirl i dont wanna break anything. i would if i bought another router
(DIR) Post #AV1ggXR9uBe3xEeUts by usernameswift@asbestos.cafe
2023-04-25T23:50:55.077808Z
0 likes, 0 repeats
@dushman @Cloudguy @MischievousuTomatosu @Moon @animeirl @meso Who needs updates for software that was 3 years out of date when it shipped anyways?
(DIR) Post #AV1gh5ZUzgWDowodcW by MischievousuTomatosu@boks.moe
2023-04-25T23:50:58.542371Z
0 likes, 0 repeats
@dushman @meso @Cloudguy @Moon @animeirl i know but see my other post plz
(DIR) Post #AV1gkY6tLQNvCU5KNc by dushman@asbestos.cafe
2023-04-25T23:51:38.315887Z
0 likes, 0 repeats
@MischievousuTomatosu @meso @Cloudguy @Moon @animeirl If you follow the instructions nothing bad will happen
(DIR) Post #AV1gkpVGg2z790cXEe by Tony@clew.lol
2023-04-25T23:51:41.624047Z
0 likes, 1 repeats
Exactly - full trust, no questions
(DIR) Post #AV1grEuV7y3jgETnBQ by SuperDicq@minidisc.tokyo
2023-04-25T23:52:29.638Z
3 likes, 2 repeats
@dushman@asbestos.cafe @MischievousuTomatosu@boks.moe @meso@asbestos.cafe @Cloudguy@sackheads.social @Moon@shitposter.club @animeirl@shitposter.club :thumbsupkonata:
(DIR) Post #AV1gs0IYwKEUeT6AiG by supernovae@universeodon.com
2023-04-24T22:45:48Z
0 likes, 0 repeats
@Cloudguy Oh do tell :D
(DIR) Post #AV1gs0tQjFiuUoLcB6 by Cloudguy@sackheads.social
2023-04-24T23:05:54Z
0 likes, 1 repeats
@supernovae am being ethical and responsible.Anyone who knows me knows how seriously I take security. I had to wade through 2Gb plus of event data and JSON files today. What I found is a siloed retail company pretending to understand end user securityAs much a pain as it may seem to go to your Amazon security settings and sign out of all devicesPleaseDo itRight nowYes it's a pain. Yet it's a ball ache. Remake your 2FA Auth tokens and when I can go public we will just laugh nervously
(DIR) Post #AV1guk13vvFH1QDb2O by dushman@asbestos.cafe
2023-04-25T23:53:28.794933Z
0 likes, 0 repeats
@MischievousuTomatosu @Cloudguy @Moon @animeirl @meso you gotta flash the image through telnet
(DIR) Post #AV1gvMqnY1CxSsiRxA by dushman@asbestos.cafe
2023-04-25T23:53:35.468005Z
0 likes, 1 repeats
@SuperDicq @Moon @animeirl @Cloudguy @meso @MischievousuTomatosu based
(DIR) Post #AV1gvplq1XTJ9tcOkS by meso@asbestos.cafe
2023-04-25T23:53:40.520336Z
0 likes, 0 repeats
@SuperDicq @Moon @animeirl @Cloudguy @dushman @MischievousuTomatosu what brand is that?
(DIR) Post #AV1gwop91rMUVodOs4 by SuperDicq@minidisc.tokyo
2023-04-25T23:53:33.380Z
1 likes, 0 repeats
@meso@asbestos.cafe @Moon@shitposter.club @animeirl@shitposter.club @Cloudguy@sackheads.social @dushman@asbestos.cafe @MischievousuTomatosu@boks.moe Fritz!Box
(DIR) Post #AV1gy632TYPsDmk6zo by dushman@asbestos.cafe
2023-04-25T23:54:05.257568Z
0 likes, 0 repeats
@Cloudguy @MischievousuTomatosu @Moon @animeirl @meso well the install method depends on the router
(DIR) Post #AV1gyGouQQeLd9DU00 by Leaflord@leafposter.club
2023-04-25T23:54:07.019854Z
2 likes, 0 repeats
I will only google you if you wine and dine me. I'm not some cheap slut to google you just because you ask.
(DIR) Post #AV1gyjSZwX1ESHzYie by ThePolishDispatch@mstdn.social
2023-04-25T12:15:45Z
0 likes, 0 repeats
@Cloudguy Tried to initiate "Compromised Account" path and this happened 😂
(DIR) Post #AV1h9OwCaIT9zZw3A8 by dushman@asbestos.cafe
2023-04-25T23:56:07.741862Z
0 likes, 0 repeats
@Cloudguy @MischievousuTomatosu @Moon @animeirl @meso some of them you can just flash the image through the default web interface
(DIR) Post #AV1hAPMEVc8BaGaiLQ by meso@asbestos.cafe
2023-04-25T23:56:18.536173Z
0 likes, 0 repeats
@SuperDicq @Moon @animeirl @Cloudguy @dushman @MischievousuTomatosu 4040? does OpenWRT support it well? any issues? it looks really good I've been looking for a router for a while
(DIR) Post #AV1hBfmquVlopPe4fI by wolf480pl@mstdn.io
2023-04-25T12:01:45Z
0 likes, 0 repeats
@Cloudguy does this include AWS?
(DIR) Post #AV1hLkP2bT5U2YJNp2 by shitpisscum@shitpisscum.mooo.com
2023-04-25T23:58:13.266818Z
1 likes, 1 repeats
@dushman @meso @MischievousuTomatosu @Cloudguy @Moon @animeirl >If you follow the instructions nothing bad will happenFamous last words lol
(DIR) Post #AV1hMciOfiekUDmbUO by SuperDicq@minidisc.tokyo
2023-04-25T23:58:11.748Z
1 likes, 1 repeats
@meso@asbestos.cafe @Moon@shitposter.club @animeirl@shitposter.club @Cloudguy@sackheads.social @dushman@asbestos.cafe @MischievousuTomatosu@boks.moe Yes, it's the fritzbox 4040. Only had one issue, but a fix is described on the wiki: https://openwrt.org/toh/avm/avm_fritz_box_4040#slow_performance_issueAll my fedi instances are behind this router.
(DIR) Post #AV1hPLD2DMzD3tPRZI by lewdthewides@hidamari.apartments
2023-04-25T23:58:48.319489Z
1 likes, 2 repeats
@meso @dushman @MischievousuTomatosu @Cloudguy @Moon @animeirl they've pretty much went underhttps://mycroft.ai/blog/update-from-the-ceo-part-1/
(DIR) Post #AV1hSE4NDTPtmrjYQ4 by meso@asbestos.cafe
2023-04-25T23:59:31.787571Z
0 likes, 0 repeats
@lewdthewides @dushman @MischievousuTomatosu @Cloudguy @Moon @animeirl i think theyre useless if i were to make my home smart i'd go diy all the way
(DIR) Post #AV1hUDSOSsiOSyuyR6 by meso@asbestos.cafe
2023-04-25T23:59:53.338777Z
0 likes, 0 repeats
@SuperDicq @Moon @animeirl @Cloudguy @dushman @MischievousuTomatosu fuck yeah man it's available at a local tech store i'm buying this
(DIR) Post #AV1hdqFxZwUpPIgyRM by meso@asbestos.cafe
2023-04-26T00:01:37.675167Z
1 likes, 0 repeats
@SuperDicq @Cloudguy @MischievousuTomatosu @Moon @animeirl @dushman we are so fucking back
(DIR) Post #AV1hfGiMh3VPksetvs by SuperDicq@minidisc.tokyo
2023-04-26T00:01:34.217Z
1 likes, 1 repeats
@meso@asbestos.cafe @Moon@shitposter.club @animeirl@shitposter.club @Cloudguy@sackheads.social @dushman@asbestos.cafe @MischievousuTomatosu@boks.moe I really like their early 00s styling of their branding that they have never updated once, such a vibe.
(DIR) Post #AV1hfgrpSUWarlHpIG by lewdthewides@hidamari.apartments
2023-04-26T00:01:50.285261Z
2 likes, 0 repeats
@meso @dushman @MischievousuTomatosu @Cloudguy @Moon @animeirl home assistant + zwave devices is the only way to go
(DIR) Post #AV1hi5C9ykj6tfw9Wy by meso@asbestos.cafe
2023-04-26T00:02:23.697727Z
0 likes, 0 repeats
@SuperDicq @Moon @animeirl @Cloudguy @dushman @MischievousuTomatosu i want to work for these guys they seem fucking awesome
(DIR) Post #AV1hilwN3Ke9T9seOG by MischievousuTomatosu@boks.moe
2023-04-26T00:02:29.696853Z
0 likes, 0 repeats
@lewdthewides @dushman @meso @Cloudguy @Moon @animeirl home assistant niggss be so weird they got pissed at nixpkgs for packaging their shit
(DIR) Post #AV1hjaQvK0nM4OYkxE by MischievousuTomatosu@boks.moe
2023-04-26T00:02:39.229632Z
0 likes, 0 repeats
@SuperDicq @Moon @animeirl @Cloudguy @meso @dushman what the tuck is that
(DIR) Post #AV1hjvQHHbkxATQ2Ma by meso@asbestos.cafe
2023-04-26T00:02:43.638772Z
0 likes, 0 repeats
@SuperDicq @Cloudguy @MischievousuTomatosu @Moon @animeirl @dushman maybe one day if they're still around...
(DIR) Post #AV1hlYJiA3W45M7ieO by meso@asbestos.cafe
2023-04-26T00:03:01.318059Z
0 likes, 0 repeats
@MischievousuTomatosu @dushman @lewdthewides @Cloudguy @Moon @animeirl mycroft seems like duct taped software to me. bad vibes
(DIR) Post #AV1hnQl1EqHjDdnAJs by MischievousuTomatosu@boks.moe
2023-04-26T00:03:20.984293Z
0 likes, 0 repeats
@meso @dushman @lewdthewides @Cloudguy @Moon @animeirl lol
(DIR) Post #AV1hnRjdbSm4Fe9Zo0 by meso@asbestos.cafe
2023-04-26T00:03:21.752498Z
0 likes, 0 repeats
@MischievousuTomatosu @Cloudguy @Moon @animeirl @dushman @lewdthewides if i HAD to pick though mycroft all the way at least it doesn't spy on you even if it's dogshit
(DIR) Post #AV1hp34eGPPALTkFnc by meso@asbestos.cafe
2023-04-26T00:03:39.306646Z
0 likes, 0 repeats
@Cloudguy @MischievousuTomatosu @Moon @animeirl @dushman @lewdthewides dogshit as a piece of software not dogshit compared to competitors
(DIR) Post #AV1i1sOfGwn6zmDxs8 by SuperDicq@minidisc.tokyo
2023-04-26T00:05:39.087Z
1 likes, 0 repeats
@meso@asbestos.cafe @Moon@shitposter.club @animeirl@shitposter.club @Cloudguy@sackheads.social @dushman@asbestos.cafe @MischievousuTomatosu@boks.moe Eh, the hardware could be better, but it's affordable. Also their OEM software is garbage but that's where OpenWRT comes in.If I had more money I'd probably buy a Turris Omnia router, which uses an actual open hardware design.
(DIR) Post #AV1i5ZLO3JEl3vS53Y by meso@asbestos.cafe
2023-04-26T00:06:37.868658Z
0 likes, 0 repeats
@SuperDicq @Moon @animeirl @Cloudguy @dushman @MischievousuTomatosu yeah I'd buy a Turris Omnia as well but damn it's too expensive
(DIR) Post #AV1i6B5Pj92U7OGrR2 by SuperDicq@minidisc.tokyo
2023-04-26T00:06:27.101Z
1 likes, 1 repeats
@meso@asbestos.cafe @Moon@shitposter.club @animeirl@shitposter.club @Cloudguy@sackheads.social @dushman@asbestos.cafe @MischievousuTomatosu@boks.moe And comes with OpenWRT out of the box most importantly.
(DIR) Post #AV1iDfZEnWb0gFnELA by SuperDicq@minidisc.tokyo
2023-04-26T00:07:46.771Z
1 likes, 1 repeats
@meso@asbestos.cafe @Moon@shitposter.club @animeirl@shitposter.club @Cloudguy@sackheads.social @dushman@asbestos.cafe @MischievousuTomatosu@boks.moe Yeah my Fritz!Box 4040 I managed to buy from my ISP with a discount for only 50 euros so it was totally worth it.
(DIR) Post #AV1iZHeuMzKutskgDY by SuperDicq@minidisc.tokyo
2023-04-26T00:11:42.654Z
0 likes, 1 repeats
@meso@asbestos.cafe @Moon@shitposter.club @animeirl@shitposter.club @Cloudguy@sackheads.social @dushman@asbestos.cafe @MischievousuTomatosu@boks.moe I really like my ISP (freedom.nl) so much that I even bought 300 euro worth of stocks in their company.
(DIR) Post #AV1igBCKn0n2tCfu6K by meso@asbestos.cafe
2023-04-26T00:13:15.483518Z
0 likes, 0 repeats
@SuperDicq @Moon @animeirl @Cloudguy @dushman @MischievousuTomatosu incredible https://freedom.nl/over-freedom/privacy-security
(DIR) Post #AV1iu8JgIddQ0TlU92 by SuperDicq@minidisc.tokyo
2023-04-26T00:15:28.770Z
0 likes, 1 repeats
@meso@asbestos.cafe @Moon@shitposter.club @animeirl@shitposter.club @Cloudguy@sackheads.social @dushman@asbestos.cafe @MischievousuTomatosu@boks.moe They also support Bits of Freedom (which is like the Dutch equivalent of the EFF) and they often host polls where they ask their users about business decisions to make. Truly based ISP.I laugh at silly Americans who are stuck with shitty ISPs that don't give a fuck about them.
(DIR) Post #AV1jzR5S2Sm9cmCXp2 by Tony@clew.lol
2023-04-26T00:27:56.779080Z
1 likes, 0 repeats
Nothing upsets me more than visiting my parents and sitting around while they say "hey google" all goddamn day. 🙄
(DIR) Post #AV1lcrkIxHfrYNfxUe by feld@bikeshed.party
2023-04-26T00:45:48.550826Z
0 likes, 0 repeats
Smells to me like a data dump was found, Amazon accounts with all the auth tokens, 2FA seeds, and MD5 or SHA1 passwords were found (for compatibility with an ancient LDAP or something, guessing), so regen all to avoid being popped in the future
(DIR) Post #AV1sQdu3IPLMpDLzDU by calculsoberic@mstdn.social
2023-04-26T02:02:28Z
0 likes, 0 repeats
@Cloudguy thank you for letting us know. Really scary 😨
(DIR) Post #AV1z4LLwHf9ubJiAwS by jmgustasson@mastodon.online
2023-04-25T02:05:00Z
0 likes, 0 repeats
@Cloudguy Thanks for the heads up! It’s greatly appreciated.
(DIR) Post #AV1z4MBLCYH9AjlE3s by joffhopkins@mastodon.me.uk
2023-04-25T05:59:05Z
1 likes, 0 repeats
@jmgustasson @Cloudguy tip: don't do this at 6:45am, otherwise every sodding smart speaker in the house goes into setup mode, at full volume, and wakes the kids up...! 😬
(DIR) Post #AV1z6CqOtEr8n5qct6 by Cloudguy@sackheads.social
2023-04-25T06:47:55Z
1 likes, 0 repeats
@joffhopkins @jmgustasson I beat you. I did it at 1am.It was hysterical
(DIR) Post #AV1z6DQuhU3ycKvmng by SecurityWriter@infosec.exchange
2023-04-25T11:56:33Z
1 likes, 0 repeats
@Cloudguy @joffhopkins @jmgustasson I love these “Ok, scorched earth it is then” moments at ungodly times when you uncover an absolute hellscape. Wife: “What are you doing?”Me: “Getting the network switches out of the crawl spaces and setting fire to them in the garden”Wife: “oh, ok, don’t be up too late”
(DIR) Post #AV1zDLtvcBtuuJuCOG by Artemis201@mstdn.social
2023-04-25T12:30:36Z
0 likes, 0 repeats
@Cloudguy @JustinDerrick @jbwharris @bowreality what are the implications of this? on a level i can use to explain to my dad
(DIR) Post #AV1zDMiyYOjZSdmxxQ by JustinDerrick@mstdn.ca
2023-04-25T12:35:42Z
0 likes, 0 repeats
@Artemis201 @Cloudguy @jbwharris @bowreality “Your device is spying on you - and you shouldn’t be complacent because YOU can’t think of a reason why they want it. You should be worried because they have already found MANY reasons why they want that info.”Sounds a little conspiracy-theory, but it’s close to the mark without being technical. But then again, some people pay to submit their DNA to get a paper report full of pie charts of dubious accuracy.
(DIR) Post #AV1zLRSepIMmT70VZw by legumancer@tech.lgbt
2023-04-25T13:24:50Z
0 likes, 0 repeats
@Cloudguy
(DIR) Post #AV1zLSPrHBinQihmr2 by AncientGood@qoto.org
2023-04-25T17:30:59Z
0 likes, 0 repeats
@legumancer this pisses me off so much, every bank and other company so hungry for my phone, just give me ability to attach couple yubikeys/email and gtfo off my phone@Cloudguy
(DIR) Post #AV1zbrZxUN5I6YFiIC by ashnu@berlin.social
2023-04-25T14:52:11Z
0 likes, 0 repeats
@Cloudguy well, I noticed that I had 31 devices signed-in at my account.I didn't even know what they really were, but signed-out all of them, password reseted and 2FA renewed. I'm only using it on my phone, notebook, desktop PC and tablet with Amazon, no Echo "spy" devices. I most likely forgot to sign-out 2 old smartphones where the batteries had gone flat. I factory reseted both.It's not good that Amazon doesn't sign-out old devices automatically. Thanks a lot for tooting about it!
(DIR) Post #AV1zbsHuqwFKIsoooC by Cloudguy@sackheads.social
2023-04-25T15:08:36Z
0 likes, 0 repeats
@ashnu it's fucking appalling that I had 27 devices logged in I had owned since 2013. That Amazon were still trying to deliver notifications to (Dev/null). Now. Let's extrapolate.Say I'm one of 600,000 folk on the planet this affects and Amazon are sending 150-180 messages a day to devices that don't exist.What CPU could they recover not doing so ?How much power could that save in one week ?This is just ONE of the problems.This is what happens when revenue trumps sanctity of code
(DIR) Post #AV1zbss4gVAa71jhAW by fluffy@plush.city
2023-04-25T15:21:06Z
0 likes, 0 repeats
@Cloudguy @ashnu I worked on the original Kindle and years ago I was shocked to discover that my internal-only development hardware was still connected to my account, a decade after it was supposedly made inactive. Amazon doesn’t make this easy to figure out.By your warning I take it 2FA codes are part of what’s sent willy-nilly?
(DIR) Post #AV1zc6FExgQNadfsa8 by Cloudguy@sackheads.social
2023-04-25T15:25:39Z
0 likes, 0 repeats
@fluffy @ashnu no 2FA removal and regen is just sensible due diligence2FA is NOT affected and never was, and nor are devices themselves This is an infra and design cock up of monumental proportions that has probably wasted billions of dollars over the last decade.Bad design, deployed at speed and deployed under pressure from marketing VPs no doubt.Thanks to you and the likes of Greg Zehr you guys really really blazed a trail back in the day. Thanks for all your hard work.
(DIR) Post #AV1zc6teXQkbbya9ZY by fluffy@plush.city
2023-04-25T15:35:39Z
0 likes, 0 repeats
@Cloudguy ah so this is less a security concern and more a power consumption one? Totally reasonable! And yeah so much shit at Amazon is just… frustrating in how it’s all about pushing new stuff out without evaluating whether the old stuff needs revisiting.When I worked on the service caching team, our unofficial slogan was, “Building the legacy systems of tomorrow.”I also worked on the image service team and oh god that was a nightmare of legacy code and ridiculous dependencies and waste.
(DIR) Post #AV1zc8beBLXIuiAnmi by fluffy@plush.city
2023-04-25T15:38:40Z
0 likes, 0 repeats
@Cloudguy on the caching team I had plenty of insight into just how wasteful the service stack was. at least at the time, something like 90% of the CPU time used by DynamoDB was just spent marshalling messages between a dozen different RPC layers. I’d like to think it’s better now but it almost certainly isn’t.
(DIR) Post #AV1zcAGnzo3M4eRBZo by fluffy@plush.city
2023-04-25T15:38:41Z
0 likes, 0 repeats
@Cloudguy We were also working on an initiative to do the *amazing* innovative idea of running multiple backing services on a single server instance, which was just so gobsmackingly foreign of a concept to this whole world of “everything should be a single-function microservice running on multiple redundant VMs with a dedicated load balancer”
(DIR) Post #AV1zkx4ES8pDjTkL8y by Cloudguy@sackheads.social
2023-04-25T15:14:43Z
0 likes, 0 repeats
@topher it's not vague if you engage brain
(DIR) Post #AV1zkxf6F4JdZozmbo by topher@mastodon.online
2023-04-25T15:35:01Z
0 likes, 0 repeats
@Cloudguy That hardly seems like a constructive response. I'm merely trying to clarify the actual concern and impact here.Wouldn't bother asking for clarification and follow-up detail were my brain not engaged.
(DIR) Post #AV1zkyEu5wxJMrkNPs by Cloudguy@sackheads.social
2023-04-25T15:40:02Z
0 likes, 0 repeats
@topher not being rude.Take 5 mins. Step out the box and look at the bigger picture.Then get angry
(DIR) Post #AV1zkysbiKiNM0K5Im by Zoeswipe@nitech.online
2023-04-25T17:56:09Z
0 likes, 0 repeats
@Cloudguy I realise you're getting a bunch of messages right now, so might not see this.By recommending a password and 2FA reset, you're implying that there's a major vulnerability in Amazon's account authentication process, and that credentials have or have the potential to have been leaked. If that is the case, then resetting your credentials will not have any effect unless the underlying vulnerability has been fixed.
(DIR) Post #AV1zl11Xk53E0IWFVY by Zoeswipe@nitech.online
2023-04-25T18:01:27Z
0 likes, 0 repeats
@Cloudguy But, in other posts you're implying that the vulnerability is coming from Amazon's Alexa functionality through device integration.In your auth reset message, you say that it's a pain to reset the smart devices, with the implication that you'll be reattaching them to your reset account details. If that's the case, and the vuln is coming from those devices, then won't this just be security theatre as soon as those devices are reattached, the vuln will happen all over again?
(DIR) Post #AV1zoKlimunS6shWRk by Cloudguy@sackheads.social
2023-04-25T17:58:12Z
0 likes, 0 repeats
@Zoeswipe I am not implying anything or even inferring everything.Sadly logging out and refactoring stuff is the only proactive fix there is for this specific issue that I can't give you any more info on right now.I wouldn't lead you up the garden path, @briankrebs and I just got off the phone and this one is just about as dumb as you can get
(DIR) Post #AV1zoLXDwInIUCvSUK by Zoeswipe@nitech.online
2023-04-25T18:03:39Z
0 likes, 0 repeats
@Cloudguy Again, that's only a fix if the underlying vulnerability has been fixed. Or that there's some other unsaid step in your recommendation that makes the vulnerability no longer apply. If the problem is at the account authentication step, then until that vulnerability is fixed, this is just security theatre. The same conditions that lead to credential leak continue to exist with the reset creds.
(DIR) Post #AV1zoM4tv5jUAegLyq by Zoeswipe@nitech.online
2023-04-25T18:06:50Z
0 likes, 0 repeats
@Cloudguy If instead the problem is coming from a connected Amazon smart device, then your recommendation won't have any effect unless you're also asking for people not to reconnect those devices and apps after the credential reset. Because as soon as you reconnect those devices, the same conditions that caused you to ask people to reset their credentials exists. However if you do decide not to reconnect the devices, then any Echo and FireTV devices you own have basically become paperweights.
(DIR) Post #AV1zuIS0Jqs8esK05A by alessandrolai@phpc.social
2023-04-25T18:07:52Z
0 likes, 0 repeats
@Cloudguy thank you for the suggestion, I has SEVENTY-EFFING-FOUR logged devices... Unbelievable! 🤦♂️
(DIR) Post #AV1zuJ1oAjVoRv4atE by ben@mastodon.bentasker.co.uk
2023-04-25T18:55:41Z
0 likes, 0 repeats
@alessandrolai @Cloudguy Got you beat...Also... WTaF? Are they not killing off old sessions at all? My cookie killer effectively logs me out client side periodically.I don't think I've *owned* 331 devices capable of signing into Amazon
(DIR) Post #AV20dSxM6df4GwWZge by jbwharris@mstdn.ca
2023-04-24T23:21:21Z
0 likes, 0 repeats
@Cloudguy Yikes, definitely heeding your advice.
(DIR) Post #AV20dUx4gecoSePNWi by Cloudguy@sackheads.social
2023-04-24T23:23:27Z
0 likes, 0 repeats
@jbwharris it's a pain to reset everything but for the sake of ten minutes of pain....It doesn't solve some of the dumb as hell stuff that I've seen in output from Amazon this last 24 hours but am hoping those accountable will listen and workshop a solution.Issue is the fact that they put usability before security and didn't think about transparency for the sake of simplicity.We need security by right not by throwing big stones to get it.
(DIR) Post #AV20dVgRxwvAjNdcFk by jt_rebelo@masto.pt
2023-04-25T00:04:41Z
0 likes, 0 repeats
@Cloudguy @jbwharris it's kind of easy to log out of everything everywhere at once on Amazon. And using password and 2FA managers like Bitwarden and Aegis creates the opportunity to have heightened security afterwards.[P.S.: Thank you for the heads up, better tired and safe than late and sorry.]
(DIR) Post #AV20dWodkz4CF4Tfeq by oliphaunt@mstdn.social
2023-04-25T21:27:23Z
0 likes, 0 repeats
@jt_rebelo Thank you for pointing me in the direction of #Aegis! Going to install that right away. I already had this nagging feeling about Google Authenticator...(For those interested: see https://getaegis.app/ )@Cloudguy @jbwharris
(DIR) Post #AV21EhekPnkCZsZoki by Cloudguy@sackheads.social
2023-04-25T18:21:05Z
0 likes, 0 repeats
@Zoeswipe Zoe Politely Don't make assumptions
(DIR) Post #AV21EiFyBPWCRJzXlo by Zoeswipe@nitech.online
2023-04-25T18:27:28Z
0 likes, 0 repeats
@Cloudguy If you want people to stop making assumptions, or otherwise guessing as to the scope and conditions, then you need to be a little more specific in the information you're giving out.I've tried asking you for some clarity here. If I'm going to reset my account credentials because of some undisclosed vulnerability, I need to know some generalities of what lead to this vulnerability so that I can take other steps to ensure my new credentials don't get leaked.
(DIR) Post #AV21EjwXubAZfev3lw by Zoeswipe@nitech.online
2023-04-25T18:35:53Z
1 likes, 0 repeats
@Cloudguy Apart from resetting my account credentials, are there any other reasonable steps I can take to ensure that I'm not still vulnerable after the reset on an ongoing basis? Am I safe to reattach any Alexa based smart devices to my account and network? Or will doing so, in some way that you don't need to elaborate on, leave me vulnerable to the same exploit that have lead to the initial recommendation to reset my credentials?
(DIR) Post #AV29bxnPNDmcvaEJto by ringo@talk-here.com
2023-04-26T05:14:55.789754Z
0 likes, 0 repeats
@roboneko that sounds terrible.and im a big fan of "stupid tech"-i have a 2 way pager.-i have a smartphone BURIED in the dirt outside (not interested in getting remotely EMP'd..) cell = microwave and they do use them to assassinate folks that speak out- la la la alexa et al has NEVER appealed to me.300 sessions? ive been on fedi for 2 smth years over 12 or so instances and at most i've only ever seen 4-5 sessions to revoke and i vpn from dozens of places every week or so.anyhow, hi.ps; why do i think roboneko is anime shrimp poster ? :)are you two different people ?
(DIR) Post #AV2A8Ol8exrvotdP3g by dcc@annihilation.social
2023-04-26T05:20:50.534354Z
1 likes, 0 repeats
@ringo @roboneko i should destroy my android also yea alex still makes no sense, its like saying i want the government in my pants
(DIR) Post #AV2AeEtYrzWSUel0FM by ringo@talk-here.com
2023-04-26T05:26:37.322769Z
1 likes, 0 repeats
@dcc @roboneko my iphone stays OUTSIDE.no tv here.none of the rest of that stuff.
(DIR) Post #AV2AiMLN7OHikkjJUu by dcc@annihilation.social
2023-04-26T05:27:22.484365Z
1 likes, 0 repeats
@ringo @roboneko i dont even use my tv anymore since i took the media box as the http server
(DIR) Post #AV2CWMy7AXHL7mGIxE by dcc@annihilation.social
2023-04-26T05:47:32.866888Z
0 likes, 0 repeats
@roboneko @ringo im going to turn it into the http server for anni
(DIR) Post #AV2HAlpAZhhVc4b916 by Twig@talk-here.com
2023-04-26T06:39:26.030992Z
2 likes, 0 repeats
@ringo @dcc @roboneko Camaraderie, no TV and Smartphone!
(DIR) Post #AV2HMtA37fdLqJ8vKK by ringo@talk-here.com
2023-04-26T06:41:50.926608Z
0 likes, 0 repeats
@Twig @dcc @roboneko Amen.
(DIR) Post #AV2IfLwOxU5qGi7yCW by dcc@annihilation.social
2023-04-26T06:56:24.355772Z
1 likes, 0 repeats
@ringo @roboneko @Twig as a pinephone pro enjoyer, its nice
(DIR) Post #AV2N216YzaCM7iwXKK by Twig@talk-here.com
2023-04-26T07:44:57.133844Z
2 likes, 0 repeats
@dcc @roboneko @ringo I bet
(DIR) Post #AV2gqBGJOscJEZ8WEi by drwho@hackers.town
2023-04-26T00:56:58Z
0 likes, 0 repeats
@Cloudguy Request for clarification: Relative threat if one has zero Amazon IoT devices?
(DIR) Post #AV2gqCBjxMYQ6g0NkW by Cloudguy@sackheads.social
2023-04-26T08:25:52Z
0 likes, 1 repeats
@drwho if you have an Amazon account you're affected
(DIR) Post #AV2hdMTsTg8ADZvuBk by Cloudguy@sackheads.social
2023-04-26T08:27:20Z
0 likes, 0 repeats
@feld this is the biggest load of shit I've seen.Please please don't post stuff online that has no relevance in polite and intelligent company
(DIR) Post #AV2hdN4OHvL02p146K by varx@infosec.exchange
2023-04-26T11:32:02Z
0 likes, 0 repeats
@Cloudguy @feld This is quite a rude response to a reasonable inquiry.You're making some grand claims, and leveraging limited social capital to do so. (I've never heard of you, and you haven't made it easy to verify you.) Posting insults is not making it any easier to take your word on faith.
(DIR) Post #AV2hdNiRszNe33l3XU by feld@bikeshed.party
2023-04-26T11:35:39.570440Z
0 likes, 0 repeats
Why else would you need to reset all of this if what I stated is not true? Your password, 2FA (except hardware tokens!), and all connected devices are compromised? Sure sounds like password hash, 2FA seeds, and tokens were stolen or leaked.
(DIR) Post #AV2kaWgGOlZgqV496O by Cloudguy@sackheads.social
2023-04-26T11:56:01Z
0 likes, 0 repeats
@feld @varx the very very worst thing about the security community is that some will rely on years of experience and understanding responsible ethical disclosure react politelty.Then there are others who will attempt to gain position or amplify an issue which they should know are not going to form the basis of a response out of respect for a vendor.Politely and with respect You are in distinguished company. Enjoy the community and don't throw rocks in the water.
(DIR) Post #AV2kaXGmD0mWfk9J0y by feld@bikeshed.party
2023-04-26T12:08:55.224776Z
0 likes, 0 repeats
Yeah great I worked at Sourcefire/Talos for a while. I've been in charge of protecting databases of our 0days, processing embargoes, etcI get the whole "look at me, I am important security researcher" shtick but your ego is about 6 sizes too big to be calling yourself "distinguished company"
(DIR) Post #AV2sGFCeTAIiTv3TNY by thatguyoverthere@xmrposter.club
2023-04-26T13:35:19.140948Z
0 likes, 0 repeats
@Moon @dushman @meso @MischievousuTomatosu @Cloudguy @animeirl home assistant? OpenHAB?