fsebugoutzone.org:9999

       Post AzIhWtcaVi1mS543aC by da_667@infosec.exchange
 (DIR) More posts by da_667@infosec.exchange
 (DIR) Post #AzIhWsJ3OqoANCuwUq by da_667@infosec.exchange
       2025-10-17T12:49:10Z
       
       0 likes, 0 repeats
       
       RE: https://mastodon.social/@campuscodi/115389194338957566guys it is fucking INSANE how much attack surface IoT devices and SOHO devices provide. I&#39;ve covered what feels like hundreds of CVEs for IoT devices for about a year now, and it&#39;s fucking endless. What&#39;s more is that the bad guys know it, and they&#39;re using them. Nation-states create entire networks of compromised devices for plausible deniability.Not that it was ever acceptable, but not updating your firmware isn&#39;t really an option. But even worse is when massive command injections and auth bypass vulns are found, and the vendor says &quot;tough shit, its EOL.&quot; while still allowing it to be sold on Amazon.
       
 (DIR) Post #AzIhWtcaVi1mS543aC by da_667@infosec.exchange
       2025-10-17T12:50:30Z
       
       1 likes, 0 repeats
       
       It isn&#39;t even just for initial access anymore. I remember hearing stories from competent pentesters and adversary emulation experts being able to persist on printers. Then there are stories about how ransomware groups persisted on DVR/cams, and just used SMB shares to encrypt everything without dealing with Windows EDR.
       
 (DIR) Post #AzIikwqnOvxmTWyTpo by rootwyrm@weird.autos
       2025-10-17T13:02:31Z
       
       0 likes, 0 repeats
       
       @da_667 it&#39;s so far beyond depressing and demotivating. Even if you, as a user, TRY to keep your shit up to date?Doesn&#39;t matter. The vendor keeps doing the exact same stupid shit, introducing and reintroducing the exact same vulnerabilities, and just shrugging and telling you to buy the slightly revised piece of shit with allegedly incompatible firmware that has the exact fucking same problems.
       
 (DIR) Post #AzIiky8YcNlUSuIB9s by rootwyrm@weird.autos
       2025-10-17T13:05:26Z
       
       1 likes, 0 repeats
       
       @da_667 I&#39;m pretty sure the two &quot;smart plugs&quot; I own (you know, the kind you can yank out as ewaste) have multiple vulnerabilities with no patch available and also they won&#39;t work with the &#39;app&#39; soon.But I can buy the newer version which has a built-in web server with even MORE vulnerabilities AND introduces more layers to reduce stability and reliability! HOW FANTASTIC. I&#39;ve always wanted a light switch that can fucking crash.