How I hijacked the top-level domain of a sovereign state
He registered an expired domain used by the .cd ccTLD. Great report.
NSA warns against using DoH inside enterprise networks
The NSA urges companies to host their own DoH resolvers and avoid sending DNS traffic to third-parties.
Ubiquiti: Change Your Password, Enable 2FA.
Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party clo...
Stealing Your Private YouTube Videos, One Frame at a Time
Really cool discovery and great bug bounty $$.
If you have a young child, remember to check what he is doing online and harden his personal (and school supplied) devices.
Sad story that could be prevented:
If you are looking for a solution, check https://cleanbrowsing.org
I am so glad to see that a judge threw out Apple's lawsuit against Corellium! ❤
The idea that running a virtual device is a violation of Apple's intellectual property rights is just obscene.
#SolarWinds wrote a blog post a in 2019 about how #FLOSS is dangerous because anyone can push malicious code to FLOSS projects:
The irony could not be sweeter.
SolarWinds, whose software was backdoored to allow hackers to breach U.S. government agencies, was warned last year that anyone could access its update server using the password "solarwinds123"...
... APT they said... ?
"Amazon owns more than $2B worth of IPV4 addresses"
Not sure about the $2B value, but what I found interesting about this article is that based on his numbers, Amazon owns ~3% of all the IPv4 addresses available - and growing.
Over the last months, hackers have quietly added a subtle security flaw to over 50 large online stores, only to exploit them right before Black Friday...
The backdoor would ensure future access for the attackers, even if their primary operation was blown.
Sansec has been tracking this developing campaign since April this year, and found numerous stealthy tactics to dodge detection.
Why is the Google Cloud UI so slow?
-Compilation (also happens lazily)
Initialization – the browser runs module initialization code,
-Running core app code – renders the application using the initialized modules
For the whole Google Cloud page, just parsing the source code takes 250ms, and compilation takes another 750ms ...
Linkedin is a weird social network.
Nearly 70% of smart TVs and 46% of game consoles were found to contain hardcoded DNS settings - allowing them to simply ignore your local network’s DNS server entirely.
On average, Smart TVs generate an average of 60 megabytes of outgoing Internet traffic per day, all the while bypassing tools like PiHole - and DNS filters.
Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device -- over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable...
Drupal sites vulnerable to double-extension attacks | ZDNet: https://www.zdnet.com/article/drupal-sites-vulnerable-to-double-extension-attacks/
#PHP 8.0 is out!
The migration to 7 was fairly straightforward for me and there aren't as many incompatibilities because of the way I've been writing since.
Of course, since my site is on OpenBSD, it would be some time before I see the 8.0 branch and 7.4 still the latest package
Infosec, Networking and Hacking stuff - on Mastodon.
Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the noc.org team.