Kir @dober@infosec.exchange

Little birdies

|>>> HIRES IMAGE <<<|
©

FIRST CONTACT: New vulnerabilities in contactless payments

TL;DR: Two new vectors of attack.

Possible to bypass cardholder verification limits for #contactless payment cards. Circumvention also works against mobile wallets using locked cell phones.
In the second, flaws in the values of generation keys, unpredictable number (UN), and application transaction counter (ATC) allow for reuse of transaction data. This makes it possible to carry out re-play attacks against contactless cards using #EMV modes.

Full Report (pdf)

#infosec, #cybersec, #BankSecurity, #carding, #NFC

Unreal. People in the federated timeline are debating whether or not to vote because “voting supports capitalism”. I do understand that there are a lot of anarchists on the fediverse, but not representing your own interests in the legal construct that you have to live under is, well, crazy. Otherwise, you end up looking like a “sovereign citizen” (for entertainment, look that up on YouTube) and no one takes you seriously.

Become informed and vote. Encourage others to do the same.

The Presents Must Flow.

http://www.pjmcquade.com/#/christmas-on-dune/

A Mini Vending Machine To Ramp Up Your Sales

A common sight in the world of hackerspaces is an old vending machine repurposed from hawking soda cans into a one-stop shop for Arduinos or other useful components. [Gabriel D’Espindula]’s mini vending machi… https://hackaday.com/2019/12/03/a-mini-vending-machine-to-ramp-up-your-sales/

Original tweet : https://twitter.com/hackaday/status/1201951011440594944

The AWS Incident Response Guide

https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf?utm_source=Unsupervised+Learning+Subscribers&utm_campaign=e0ab2b9f11-EMAIL_CAMPAIGN_10_6_2019_8_57_COPY_01&utm_medium=email&utm_term=0_49fdb7d723-e0ab2b9f11-495716161&mc_cid=e0ab2b9f11&mc_eid=0e7d497022

Warning: #Cybersecurity Professional

Has anyone experience with pentesterlab.com?

#pentest

Is NordVPN routing customer's traffic through other customers VPN connections? You decide.

https://medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30

RT @nixcraft@twitter.com

~/.ssh/authorized_keys

🐦🔗: https://twitter.com/nixcraft/status/1004234726633140224

Sign-ups closed on socialhome.network for a while

We've hit the 100 monthly active users (with over 1200 total) and due to some recent changes making things more CPU heavy, performance has started to degrade on the server. Rather than pour extra resources in, we've decided to close sign-ups for a while, while things are being tuned up.

Sign-ups will open again once things are a bit snappier! If in the mean time you would like to try #Socialhome, check out the list of other open instances or have a go at running your own.

That Uplifting Tweet You Just Shared? A #Russian Troll Sent It - Rolling Stone

https://www.rollingstone.com/politics/politics-features/russia-troll-2020-election-interference-twitter-916482/

#russia #politics

A message from the President:

3,607,243 accounts
+81 in the last hour
+2,377 in the last day
+42,364 in the last week

We've pushed some layout changes towards some UI redesign suggestions. The main changes are:

the "stamped element" that contains the stream name and profile information has been made full width. The profile image is also larger.
the content author element and content timestamp have been moved to the top of the content, with the author profile picture also made 2x larger.

Feedback most welcome on these changes. If the feedback is mostly positive, we'll continue towards the suggestions made in the above linked issue.

#socialhome #ux

Why the fuck was I breached?

Excuse generator will help you develop an air-tight breach statement in no time!

Вас взломали? Не беспокойтесь! Генератор отчетов после инцидентов #cybersec

WhyTheFuckWasIBreached

Windows 10 Home since 1903 build does not allow to create local (non-internet) account anymore by default. You can't do that if you connected to the internet (cable or Wi-Fi) at all, you can't even return to network configuration dialog once you've connected, even if you reboot.

If you’d prefer not to have a Microsoft account associated with your device, you can remove it. Finish going through Windows setup, then select the Start button and go to Settings > Accounts > Your info and select Sign in with a local account instead.

Apache Solr Injection

Whitepaper is now available: Apache Solr Injection Research

This research is aimed to present a new #vulnerability: "Solr parameter Injection" and describe how it may be exploited in different scenarios. It also accumulates all public exploits for Apache #Solr.

#defcon, #cybersec

Securing Docker Containers https://0x00sec.org/t/securing-docker-containers/16913