r000t @r000t@infosec.exchange

Something is going on with email lately. Huge uptick in attempts to crack some very specific accounts on my mail server.

The accounts in question can't actually be hacked: they are one-off aliases created per-service, but like, some kinda troubling ones. Like "adobe@", which is an email only Adobe would know exists. They're not trying adobe@every-domain-on-the-server, just adobe@one-specific-domain, and a few other aliases at different domains, like one was an alias made for The Lady so that she could run an Instagram account for the dog for like a month before losing interest, and it's been completely unused for about two years.

To be clear, this isn't spam directly, probably they're trying to get into the account to *send* spam, but to stem the tide of individual hosts getting blocked, I killed off all traffic from a handful of subnets and it's still coming in.

Here's a graph of unique hosts that tried to brute-force on a given day. About 30 happened while I was writing this post, so that graph shows 957 today but it's 990 now. As you can see, it's usually close enough to zero that it doesn't matter, then consistently around 100 this week, 325 yesterday, and it'll hit 1k today at this rate. Keep in mind, all the hosts that tried this yesterday are blocked, so it's 1k *new* IPs trying to do this, so there's some kind of moderately large botnet.

(FSE is the usual subject of graphs here, but this doesn't affect FSE.)
hax_my_email.gif
whohaxmyemail.gif

I dislike working with garbage collected languages bc what if the garbage collector decides to come for me next

I forced an AI to read the x86 reference manual alongside 1000 programs to produce a program on its own. This is the result.

$ ./a.out
Segmentation fault (core dumped)

PSA: cloth and paper masks worn to help prevent spread of Coronavirus (and other diseases) do not need to form a seal to be effective.

They do two things:
a. capture most of the droplets you exhale/cough/sneeze out
b. slow down (and thus reduce the range of) any droplets not caught

If you have two layers of fabric covering your nose and mouth, you are wearing a fabric mask correctly.

If breath reflects off of them and escapes around the edges, that is just fine -- the bulk of the droplets were caught, and those few that leave around the edges are slowed a ton. Mission accomplished.

Misinformation on this point (most of which seems to be repeating proper fit and donning for PPE masks, which do need to form a seal) is leading people to not wear masks because they believe they are difficult or impossible to wear correctly.

the gargron community is dying, rt if you're a real eugenicist

One wonders if Snowden regrets throwing away his life to warn ungrateful Americans about unconstitutional NSA wire-tapping.

When the going gets weird, the weird turn pro.

@tuxcrafting
That's a good question!

The first big vuln with a name and logo was heartbleed. This made it easier to sell to news media, which in turn made patching easier to sell to executives.

The name and the logo make the vulnerability seem serious. Unfortunately, after the first one that does this, now managers won't authorize a maintenance window for any bug that doesn't.

So now every bug needs marketing.

why do security vulnerabilities have names and logos

"Edison Mail rolls back update after users reported they could see strangers' emails. The company says the issue was caused by a bug, not a security breach."

WELL, in that case there is no need to worry, I guess? 😂🤦