r000t @r000t@infosec.exchange

"Worst cloud vulnerability possible discovered in Microsoft Azure..." Granting read/write access to every database on the service.
#Infosec #News #Vulnerability #Cybersecurity #TheCloud #Cloud #Microsoft #Azure

https://arstechnica.com/information-technology/2021/08/worst-cloud-vulnerability-you-can-imagine-discovered-in-microsoft-azure/

A "podcast" behind a paywall is not a podcast.

A "podcast" that only one app can receive is not a podcast.

A "podcast" without a public feed that can be freely pulled into any podcast client or RSS reader is not a damn podcast, don't let people get away with calling it that.

Windows 10 running Ubuntu 21.04 running Windows 7 running Mac OS 8.5 running Windows 95

Btw, while a social engineer had control of teslamotors.com DNS

Nobody could start or lock/unlock their $45,000+ cars.

A teenager called up and asked Network Solutions very nicely for control of the domain. And got it. And grounded hundreds of thousands of vehicles.

This company wants you in a self driving car.

University banned from kernel development after professor and students repeatedly intentionally introduce security vulnerabilities into the Linux kernel.

Then they pull the inclusivity card when they're called out on it.

If you were wondering why Microsoft and all the rest are *really* big on Codes of Conduct and other shit that enables this sort of attack....

Celebrate pissed somebody off.

Say what you will about signal but Moxie knows how to make a drop.

https://signal.org/blog/cellebrite-vulnerabilities/

Custom user agents. Cloak yourself as an instance that is trusted, and scrape undiscovered. Combine with some proxies to truly blend in.

Monitor an uncooperative instance automatically; fediEngine will automatically sit on the public streams of instances they peer with and import matching statuses.

@TheGibson
"If you can't fix it, you don't own it!"
#righttorepair
#righttodisassemble