Posts by singe@chaos.social
(DIR) Post #ARWheuB4LM7DmbDF0S by singe@chaos.social
2023-01-11T06:10:50Z
0 likes, 0 repeats
But there are also tons of lessons about operators overly relying on automation - to the point they disbelieved there was a problem, and didn’t even do the appropriate checks, because they believed a problem so serious would have been highlighted by the emergency system. And this was 2001!
(DIR) Post #ARWhevlyPdEIjLUEAS by singe@chaos.social
2023-01-11T06:10:51Z
0 likes, 0 repeats
Beyond the big obvious lessons and parallels, there are lots of little one if you look for them - that the optional service bulletins *not* installed didn’t need to be disclosed, making it hard to figure out what state the engine was in - has strong parallels to patch management.
(DIR) Post #ARWhexLoXrUdcnGMfg by singe@chaos.social
2023-01-11T06:10:51Z
0 likes, 0 repeats
That even though there were legal mandates on the operator for compliance to a certain level - that needed to extend to the service provider. We’re still talking about legal mandates on the vendor - we’re nowhere near extending that all the way to managed service providers.
(DIR) Post #ARWhezFVUHdVVoKM7M by singe@chaos.social
2023-01-11T06:10:51Z
0 likes, 0 repeats
All in all, a fascinating read for those in the cyber world. I’d challenge you to up your post mortems to this level and see what system design features it leads you to implement or demand from your vendors. It might even be worth demanding such exercises from your pentest vendor.
(DIR) Post #ATEOnwxcZbgpmu7nTk by singe@chaos.social
2023-03-03T07:16:29Z
0 likes, 0 repeats
@mjg59 was it your work originally?
(DIR) Post #ATL6NHOoCTpfQ3tTyC by singe@chaos.social
2023-03-06T09:55:57Z
0 likes, 1 repeats
Is there someone who knows more about MiFare classic who can explain why the “reader attack” [1] gives a different key every five minutes? All readers in the building give the same key during that five minutes.[1] https://github.com/equipter/mfkey32v2
(DIR) Post #ATqnvgGrSJ12S6cmAa by singe@chaos.social
2023-03-21T19:50:19Z
1 likes, 0 repeats
Python’s finally getting multi threading in v3.12 “With PEP 684 and PEP 554, sub-interpreters can be created from Python, thus enabling genuine multi-threaded parallelism.” https://python.plainenglish.io/python-3-12-a-game-changer-in-performance-and-efficiency-8dfaaa1e744c
(DIR) Post #AU61WpMThJ0pFZ98jo by singe@chaos.social
2023-03-29T03:48:57Z
0 likes, 1 repeats
New WiFi vulns that downgrade power save buffered frames! As always @vanhoefm / @vanhoefm has usable code ready to go, this time without limitations to specific atheros cards. The readme is also super accessible if you aren’t the type to read the paper. https://github.com/vanhoefm/macstealer
(DIR) Post #AUD3FLi5nNnlbmDfCy by singe@chaos.social
2023-04-01T04:34:32Z
0 likes, 0 repeats
Putting your mastodon handle in places as username@server often triggers a mailto: action. It would be better to use server/username to trigger the browser instead. Will services that scan for usernames in the bio those pick it up?
(DIR) Post #AVRJQH7PYyYLsGeLE8 by singe@chaos.social
2023-05-08T05:22:30Z
0 likes, 0 repeats
Does anyone have a good sense of why we’re seeing retrenchments across the consulting space this year?Announced layoffs include:Accenture 19kNCC 7%BishopFox 13%McKinsey 2kKPMG 700EY 3kDeloitte 1.2kIt’s slower this year than last year’s phenomenal H1 - did people just overhire? Or are customers holding back on spending, or have the budgets been slashed?
(DIR) Post #AYPdbAsSI9a4BVyqZ6 by singe@chaos.social
2023-08-05T06:32:39Z
1 likes, 0 repeats
Time to start the 16 372 km (10 173 miles) commute to BlackHat and @defcon!
(DIR) Post #AYfN82mkoCYhx7lBZ2 by singe@chaos.social
2023-08-12T19:55:53Z
0 likes, 1 repeats
“Interop is how we seize the means of computation” - @pluralistic
(DIR) Post #AYqoKMd6OSLXcD1Jey by singe@chaos.social
2023-08-18T09:20:30Z
1 likes, 0 repeats
I have an old blog, running outdated and vulnerable blogging software. Instead of the hassle of migrating to something else - I now run it locally in a container, and turn it into static pages with this mirror script. https://gist.github.com/singe/a77a5522f776f993b7471a2e32431e73Results https://singe.za.net/
(DIR) Post #AZ9inm7Vn8r3Lh7jkG by singe@chaos.social
2023-08-14T21:14:37Z
0 likes, 1 repeats
I saw so many great talks at BlackHat & @defcon this year - but by far the most impressive and consequential was @doctorow’s eloquent skewering of the current state of the Internet - summarised by his neologism “enshittification”. And the ways we can claw ourselves back to a new better Internet.
(DIR) Post #AZOxuwEQ28uImHd9to by singe@chaos.social
2023-09-03T18:21:54Z
0 likes, 1 repeats
A Linux utility to conduct a WiFi scan without monitor mode and produce a pcap. https://github.com/intuitibits/scandump By @adriangranados
(DIR) Post #Ab9X4M0cU4ewyI4LJI by singe@chaos.social
2023-10-26T05:51:22Z
0 likes, 1 repeats
Why are iOS and macOS so bad at prompting the user to install patches? I went to check if Apple had released any patches for iLeakage and found there’s a massive security update from yesterday sitting and waiting. One day isn’t so bad, but if I hadn’t stumbled on it I wonder how long it would have taken. I’m more regularly made aware of patches from blogs and toots or other security software like Duo prompting me than from the OS itself.
(DIR) Post #Acbh9RWsSQ6MlDfqvw by singe@chaos.social
2023-12-08T17:46:56Z
1 likes, 1 repeats
Great thread on reversing rust binaries from Cindy. https://infosec.exchange/@cxiao/111545644921396626
(DIR) Post #AciqbTM3WUlIDylw1o by singe@chaos.social
2023-12-12T04:08:21Z
0 likes, 2 repeats
It doesn’t took like @marcnewlin@twitter.com’s Bluetooth HID protocol flaws got much coverage on the fedi.https://github.com/skysafe/reblog/tree/main/cve-2023-45866
(DIR) Post #AhrsEG8eCHav9CPr4S by singe@chaos.social
2024-05-06T04:36:19Z
0 likes, 0 repeats
@tedmielczarek @benno +1 for export
(DIR) Post #AiOUU1dVthh07TW3EW by singe@chaos.social
2024-05-29T20:09:43Z
0 likes, 0 repeats
@stux