r000t @r000t@infosec.exchange
Hacker, comedian, RED Scout fan, gold Ekko one-trick. Watching them sorting debris.
Joined Aug 2018
Pinned toot
@fluffy @angristan @rotawerx
More to the point, if someone needs to be pre-emptively shielded from all negativity, they may wish to put the computer away.
Nick Jr., Noggin, and Sprout are still broadcasting for their convenience.
r000t
boosted
"voting software should always be fre-"
Voting software should not exist. Software should not be involved in casting ballots. Period. No such thing should exist. It's not possible to do it right in theory, it sure as shit will never happen in practice.
Paper. Ballots. Paper. Ballots. Paper. Ballots. If you don't understand and insist on using anything electronic, it better fucking have a paper backup copy that cannot be disabled.
Electronic voting is stupid, man. It's universally stupid.
r000t
boosted
Imagine writing this regex, wtf. URL regex:
_^(?:(?:https?|ftp)://)(?:\S+(?::\S*)?@)?(?:(?!10(?:\.\d{1,3}){3})(?!127(?:\.\d{1,3}){3})(?!169\.254(?:\.\d{1,3}){2})(?!192\.168(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)(?:\.(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)*(?:\.(?:[a-z\x{00a1}-\x{ffff}]{2,})))(?::\d{2,5})?(?:/[^\s]*)?$_iuS
_^(?:(?:https?|ftp)://)(?:\S+(?::\S*)?@)?(?:(?!10(?:\.\d{1,3}){3})(?!127(?:\.\d{1,3}){3})(?!169\.254(?:\.\d{1,3}){2})(?!192\.168(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)(?:\.(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)*(?:\.(?:[a-z\x{00a1}-\x{ffff}]{2,})))(?::\d{2,5})?(?:/[^\s]*)?$_iuS
r000t
boosted
The fediverse would be much harder to compromise in such a way.
a benefit of decentralization.
r000t
boosted
Anyone who sends bitcoin to that address posted by the hacked Jeff Bezos account deserves to lose their bitcoins.
r000t
boosted
HEY EVERYBODY!
dunk on twitter!
BREAKING: ZERO fediverse accounts breached by rogue Twitter employee with access to database.
Centralized platforms btfo
In order to combat the spread of any worms arising from this particular vulnerability, administrators are advised to keep servers at least 6U apart in racks.
Hi, are you... Paying... For your business' server software?
Better patch it. That software you pay through the nose for is more insecure than a yasuo main on a 10 game loss streak.
https://www.wired.com/story/sigred-windows-dns-flas-wormable/
r000t
boosted
Imagine doing this and then thinking you're the good guys.
https://twitter.com/AlecStapp/status/1276604449616564224
RT @AlecStapp@twitter.com
Are we going to talk about the fact that official reports from the European Parliament are openly (and approvingly) talking about implementing their own version of the Great Firewall of China?
🐦🔗: https://twitter.com/AlecStapp/status/1276604449616564224
r000t
boosted
A lengthy and very detailed blog post by Matthew Green on why #Signal PINs are problematic: https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/
r000t
boosted
Linux 5.7 adds support for Apple fast charging. It enables iOS devices to pull up to 2.5 amps.
How exactly are they doing that without blowing up cheap motherboards?
r000t
boosted
It would have been funny if it weren't true!
The proposal to re-evaluate "years of experience" in "skill level" is interesting.
#recruitment #experience
Hey iPhone fans, congrats on your innovative, never before seen, brand new, groundbreaking, disruptive, status quo smashing, home screen widgets.
This is the HTC Dream. It was released in 2008.
The richest man on the planet became this way by building a warehouse and shipping behemoth that... Somehow carried on for 20 years without necessarily knowing who their suppliers were.
Huh.
I sent this statuses from two places at the same time with #fediEngine
r000t
boosted
Something is going on with email lately. Huge uptick in attempts to crack some very specific accounts on my mail server.
The accounts in question can't actually be hacked: they are one-off aliases created per-service, but like, some kinda troubling ones. Like "adobe@", which is an email only Adobe would know exists. They're not trying adobe@every-domain-on-the-server, just adobe@one-specific-domain, and a few other aliases at different domains, like one was an alias made for The Lady so that she could run an Instagram account for the dog for like a month before losing interest, and it's been completely unused for about two years.
To be clear, this isn't spam directly, probably they're trying to get into the account to *send* spam, but to stem the tide of individual hosts getting blocked, I killed off all traffic from a handful of subnets and it's still coming in.
Here's a graph of unique hosts that tried to brute-force on a given day. About 30 happened while I was writing this post, so that graph shows 957 today but it's 990 now. As you can see, it's usually close enough to zero that it doesn't matter, then consistently around 100 this week, 325 yesterday, and it'll hit 1k today at this rate. Keep in mind, all the hosts that tried this yesterday are blocked, so it's 1k *new* IPs trying to do this, so there's some kind of moderately large botnet.
(FSE is the usual subject of graphs here, but this doesn't affect FSE.)
hax_my_email.gif
whohaxmyemail.gif
The accounts in question can't actually be hacked: they are one-off aliases created per-service, but like, some kinda troubling ones. Like "adobe@", which is an email only Adobe would know exists. They're not trying adobe@every-domain-on-the-server, just adobe@one-specific-domain, and a few other aliases at different domains, like one was an alias made for The Lady so that she could run an Instagram account for the dog for like a month before losing interest, and it's been completely unused for about two years.
To be clear, this isn't spam directly, probably they're trying to get into the account to *send* spam, but to stem the tide of individual hosts getting blocked, I killed off all traffic from a handful of subnets and it's still coming in.
Here's a graph of unique hosts that tried to brute-force on a given day. About 30 happened while I was writing this post, so that graph shows 957 today but it's 990 now. As you can see, it's usually close enough to zero that it doesn't matter, then consistently around 100 this week, 325 yesterday, and it'll hit 1k today at this rate. Keep in mind, all the hosts that tried this yesterday are blocked, so it's 1k *new* IPs trying to do this, so there's some kind of moderately large botnet.
(FSE is the usual subject of graphs here, but this doesn't affect FSE.)
hax_my_email.gif
whohaxmyemail.gif
r000t
boosted
I dislike working with garbage collected languages bc what if the garbage collector decides to come for me next
Hacker, comedian, RED Scout fan, gold Ekko one-trick. Watching them sorting debris.
Joined Aug 2018
