FIRST CONTACT: New vulnerabilities in contactless payments
TL;DR: Two new vectors of attack.
Possible to bypass cardholder verification limits for #contactless payment cards. Circumvention also works against mobile wallets using locked cell phones.
In the second, flaws in the values of generation keys, unpredictable number (UN), and application transaction counter (ATC) allow for reuse of transaction data. This makes it possible to carry out re-play attacks against contactless cards using #EMV modes.
#infosec, #cybersec, #BankSecurity, #carding, #NFC
Unreal. People in the federated timeline are debating whether or not to vote because “voting supports capitalism”. I do understand that there are a lot of anarchists on the fediverse, but not representing your own interests in the legal construct that you have to live under is, well, crazy. Otherwise, you end up looking like a “sovereign citizen” (for entertainment, look that up on YouTube) and no one takes you seriously.
Become informed and vote. Encourage others to do the same.
A Mini Vending Machine To Ramp Up Your Sales
A common sight in the world of hackerspaces is an old vending machine repurposed from hawking soda cans into a one-stop shop for Arduinos or other useful components. [Gabriel D’Espindula]’s mini vending machi… https://hackaday.com/2019/12/03/a-mini-vending-machine-to-ramp-up-your-sales/
Original tweet : https://twitter.com/hackaday/status/1201951011440594944
The AWS Incident Response Guide
Is NordVPN routing customer's traffic through other customers VPN connections? You decide.
Sign-ups closed on socialhome.network for a while
We've hit the 100 monthly active users (with over 1200 total) and due to some recent changes making things more CPU heavy, performance has started to degrade on the server. Rather than pour extra resources in, we've decided to close sign-ups for a while, while things are being tuned up.
We've pushed some layout changes towards some UI redesign suggestions. The main changes are:
the "stamped element" that contains the stream name and profile information has been made full width. The profile image is also larger.
the content author element and content timestamp have been moved to the top of the content, with the author profile picture also made 2x larger.
Feedback most welcome on these changes. If the feedback is mostly positive, we'll continue towards the suggestions made in the above linked issue.
Why the fuck was I breached?
Excuse generator will help you develop an air-tight breach statement in no time!
Вас взломали? Не беспокойтесь! Генератор отчетов после инцидентов #cybersec
Windows 10 Home since 1903 build does not allow to create local (non-internet) account anymore by default. You can't do that if you connected to the internet (cable or Wi-Fi) at all, you can't even return to network configuration dialog once you've connected, even if you reboot.
If you’d prefer not to have a Microsoft account associated with your device, you can remove it. Finish going through Windows setup, then select the Start button and go to Settings > Accounts > Your info and select Sign in with a local account instead.
Apache Solr Injection
Whitepaper is now available: Apache Solr Injection Research
This research is aimed to present a new #vulnerability: "Solr parameter Injection" and describe how it may be exploited in different scenarios. It also accumulates all public exploits for Apache #Solr.
Securing Docker Containers https://0x00sec.org/t/securing-docker-containers/16913