Kir boosted
Kir boosted

FIRST CONTACT: New vulnerabilities in contactless payments

TL;DR: Two new vectors of attack.

Possible to bypass cardholder verification limits for #contactless payment cards. Circumvention also works against mobile wallets using locked cell phones.
In the second, flaws in the values of generation keys, unpredictable number (UN), and application transaction counter (ATC) allow for reuse of transaction data. This makes it possible to carry out re-play attacks against contactless cards using #EMV modes.

Full Report (pdf)

#infosec, #cybersec, #BankSecurity, #carding, #NFC

Kir boosted

Unreal. People in the federated timeline are debating whether or not to vote because “voting supports capitalism”. I do understand that there are a lot of anarchists on the fediverse, but not representing your own interests in the legal construct that you have to live under is, well, crazy. Otherwise, you end up looking like a “sovereign citizen” (for entertainment, look that up on YouTube) and no one takes you seriously.

Become informed and vote. Encourage others to do the same.

Kir boosted
Kir boosted

A Mini Vending Machine To Ramp Up Your Sales

A common sight in the world of hackerspaces is an old vending machine repurposed from hawking soda cans into a one-stop shop for Arduinos or other useful components. [Gabriel D’Espindula]’s mini vending machi… hackaday.com/2019/12/03/a-mini

Original tweet : twitter.com/hackaday/status/12

Kir boosted
Kir boosted
Kir boosted

Has anyone experience with pentesterlab.com?

Kir boosted
Kir boosted
Kir boosted

Sign-ups closed on socialhome.network for a while

We've hit the 100 monthly active users (with over 1200 total) and due to some recent changes making things more CPU heavy, performance has started to degrade on the server. Rather than pour extra resources in, we've decided to close sign-ups for a while, while things are being tuned up.

Sign-ups will open again once things are a bit snappier! If in the mean time you would like to try #Socialhome, check out the list of other open instances or have a go at running your own.

Kir boosted

That Uplifting Tweet You Just Shared? A #Russian Troll Sent It - Rolling Stone

https://www.rollingstone.com/politics/politics-features/russia-troll-2020-election-interference-twitter-916482/

#russia #politics

Kir boosted

This is strong evidence that new group -092 is exploiting vulnerability in player.

Kir boosted

3,607,243 accounts
+81 in the last hour
+2,377 in the last day
+42,364 in the last week

Kir boosted

We've pushed some layout changes towards some UI redesign suggestions. The main changes are:

the "stamped element" that contains the stream name and profile information has been made full width. The profile image is also larger.
the content author element and content timestamp have been moved to the top of the content, with the author profile picture also made 2x larger.

Feedback most welcome on these changes. If the feedback is mostly positive, we'll continue towards the suggestions made in the above linked issue.

#socialhome #ux

Kir boosted

Why the fuck was I breached?

Excuse generator will help you develop an air-tight breach statement in no time!

Вас взломали? Не беспокойтесь! Генератор отчетов после инцидентов #cybersec

WhyTheFuckWasIBreached

Kir boosted

Windows 10 Home since 1903 build does not allow to create local (non-internet) account anymore by default. You can't do that if you connected to the internet (cable or Wi-Fi) at all, you can't even return to network configuration dialog once you've connected, even if you reboot.

If you’d prefer not to have a Microsoft account associated with your device, you can remove it. Finish going through Windows setup, then select the Start button and go to Settings > Accounts > Your info and select Sign in with a local account instead.

Kir boosted

Apache Solr Injection

Whitepaper is now available: Apache Solr Injection Research

This research is aimed to present a new #vulnerability: "Solr parameter Injection" and describe how it may be exploited in different scenarios. It also accumulates all public exploits for Apache #Solr.

#defcon, #cybersec

Kir boosted
Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.