How I hijacked the top-level domain of a sovereign state

labs.detectify.com/2021/01/15/

He registered an expired domain used by the .cd ccTLD. Great report.

NSA warns against using DoH inside enterprise networks

The NSA urges companies to host their own DoH resolvers and avoid sending DNS traffic to third-parties.

zdnet.com/article/nsa-warns-ag

Ubiquiti: Change Your Password, Enable 2FA.

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party clo...
krebsonsecurity.com/?p=53996

Anyone else think that in times of national crisis, legitimate media sources should drop their freaking paywalls so they don't lose viewers to conspiracy-pushing right-wing sites that don't have such paywalls?

I mean, leave it up for the sports section if you want, but c'mon!

Stealing Your Private YouTube Videos, One Frame at a Time

bugs.xdavidhu.me/google/2021/0

Really cool discovery and great bug bounty $$.

If you have a young child, remember to check what he is doing online and harden his personal (and school supplied) devices.

Sad story that could be prevented:

washingtonpost.com/local/educa

If you are looking for a solution, check cleanbrowsing.org

I am so glad to see that a judge threw out Apple's lawsuit against Corellium! ❤

The idea that running a virtual device is a violation of Apple's intellectual property rights is just obscene.

washingtonpost.com/technology/

SolarWinds, whose software was backdoored to allow hackers to breach U.S. government agencies, was warned last year that anyone could access its update server using the password "solarwinds123"...

... APT they said... ?

reuters.com/article/global-cyb

"Amazon owns more than $2B worth of IPV4 addresses"

dangoldin.com/2020/12/11/amazo

Not sure about the $2B value, but what I found interesting about this article is that based on his numbers, Amazon owns ~3% of all the IPv4 addresses available - and growing.

Over the last months, hackers have quietly added a subtle security flaw to over 50 large online stores, only to exploit them right before Black Friday...

The backdoor would ensure future access for the attackers, even if their primary operation was blown.

Sansec has been tracking this developing campaign since April this year, and found numerous stealthy tactics to dodge detection.

Good research:

sansec.io/research/magento-2-p

Why is the Google Cloud UI so slow?

debugbear.com/blog/slow-google

"Here's what happens when the browser wants to run some JavaScript code.

-Parsing

-Compilation (also happens lazily)
Initialization – the browser runs module initialization code,

-Running core app code – renders the application using the initialized modules

For the whole Google Cloud page, just parsing the source code takes 250ms, and compilation takes another 750ms ...

The #CentOS Project just committed suicide.

To me, this is more like foul play, and #IBM is the mastermind. #redhat

fosspost.org/centos-project-su

Nearly 70% of smart TVs and 46% of game consoles were found to contain hardcoded DNS settings - allowing them to simply ignore your local network’s DNS server entirely.

On average, Smart TVs generate an average of 60 megabytes of outgoing Internet traffic per day, all the while bypassing tools like PiHole - and DNS filters.
...

labzilla.io/blog/force-dns-pih

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device -- over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable...

Just wow..

apple.slashdot.org/story/20/12

#PHP 8.0 is out!

php.net/archive/2020.php#2020-

The migration to 7 was fairly straightforward for me and there aren't as many incompatibilities because of the way I've been writing since.

Of course, since my site is on OpenBSD, it would be some time before I see the 8.0 branch and 7.4 still the latest package

Show more
Noc.Social

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the noc.org team.