Mast Security  

How I hijacked the top-level domain of a sovereign state

labs.detectify.com/2021/01/15/

He registered an expired domain used by the .cd ccTLD. Great report.

0
Mast Security  

NSA warns against using DoH inside enterprise networks

The NSA urges companies to host their own DoH resolvers and avoid sending DNS traffic to third-parties.

zdnet.com/article/nsa-warns-ag

1
Mast Security boosted
Krebs on Security Feed  

Ubiquiti: Change Your Password, Enable 2FA.

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party clo...
krebsonsecurity.com/?p=53996

0
Mast Security boosted
ZorinFloof  

Anyone else think that in times of national crisis, legitimate media sources should drop their freaking paywalls so they don't lose viewers to conspiracy-pushing right-wing sites that don't have such paywalls?

I mean, leave it up for the sports section if you want, but c'mon!

1+
Mast Security  

Stealing Your Private YouTube Videos, One Frame at a Time

bugs.xdavidhu.me/google/2021/0

Really cool discovery and great bug bounty $$.

0
Mast Security boosted
Daniel Cid  

If you have a young child, remember to check what he is doing online and harden his personal (and school supplied) devices.

Sad story that could be prevented:

washingtonpost.com/local/educa

If you are looking for a solution, check cleanbrowsing.org

1
Mast Security boosted
Adam  

I am so glad to see that a judge threw out Apple's lawsuit against Corellium! ❤

The idea that running a virtual device is a violation of Apple's intellectual property rights is just obscene.

washingtonpost.com/technology/

0
Mast Security boosted
Rysiekúr Memesson  

#SolarWinds wrote a blog post a in 2019 about how #FLOSS is dangerous because anyone can push malicious code to FLOSS projects:
thwack.solarwinds.com/t5/Geek-

The irony could not be sweeter.

#InfoSec #IronySec #SupplyChainAttacks

/via @cguess

1+
Mast Security  

SolarWinds, whose software was backdoored to allow hackers to breach U.S. government agencies, was warned last year that anyone could access its update server using the password "solarwinds123"...

... APT they said... ?

reuters.com/article/global-cyb

1
Mast Security boosted
Nobody [Linux Walt Alt (@lnxw37a2)]  

US Gov Breach 

https://www.reuters.com/article/usa-cyber-amazoncom/exclusive-u-s-treasury-breached-by-hackers-backed-by-foreign-government-sources-idUSL1N2IT0HS

#US_Treasury_Dept breached #security

@thegibson @mastsec
1+
Mast Security boosted
Daniel Cid  

"Amazon owns more than $2B worth of IPV4 addresses"

dangoldin.com/2020/12/11/amazo

Not sure about the $2B value, but what I found interesting about this article is that based on his numbers, Amazon owns ~3% of all the IPv4 addresses available - and growing.

1+
Mast Security boosted
Hideki  
1+
Mast Security  

Over the last months, hackers have quietly added a subtle security flaw to over 50 large online stores, only to exploit them right before Black Friday...

The backdoor would ensure future access for the attackers, even if their primary operation was blown.

Sansec has been tracking this developing campaign since April this year, and found numerous stealthy tactics to dodge detection.

Good research:

sansec.io/research/magento-2-p

0
Mast Security  

Why is the Google Cloud UI so slow?

debugbear.com/blog/slow-google

"Here's what happens when the browser wants to run some JavaScript code.

-Parsing

-Compilation (also happens lazily)
Initialization – the browser runs module initialization code,

-Running core app code – renders the application using the initialized modules

For the whole Google Cloud page, just parsing the source code takes 250ms, and compilation takes another 750ms ...

0
Mast Security boosted
ClaudioM  

The #CentOS Project just committed suicide.

To me, this is more like foul play, and #IBM is the mastermind. #redhat

fosspost.org/centos-project-su

1+
Mast Security  

Linkedin is a weird social network.

divinations.substack.com/p/lin

0
Mast Security  

Nearly 70% of smart TVs and 46% of game consoles were found to contain hardcoded DNS settings - allowing them to simply ignore your local network’s DNS server entirely.

On average, Smart TVs generate an average of 60 megabytes of outgoing Internet traffic per day, all the while bypassing tools like PiHole - and DNS filters.
...

labzilla.io/blog/force-dns-pih

1+
Mast Security  

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device -- over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable...

Just wow..

apple.slashdot.org/story/20/12

0
Mast Security boosted
DigeeX  

Drupal sites vulnerable to double-extension attacks | ZDNet: zdnet.com/article/drupal-sites

0
Mast Security boosted
r҉ustic cy͠be̸rpu̵nk🤠🤖  

#PHP 8.0 is out!

php.net/archive/2020.php#2020-

The migration to 7 was fairly straightforward for me and there aren't as many incompatibilities because of the way I've been writing since.

Of course, since my site is on OpenBSD, it would be some time before I see the 8.0 branch and 7.4 still the latest package

1
Show more
Noc.Social

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the noc.org team.

Resources

Developers

What is Mastodon?

noc.social

More…