r000t @r000t@infosec.exchange

Help me prove a point to a colleague:

If your corporate computer (or school computer, or pretend you work for a place that issues computers) normally asks you to press ctrl+alt+del before logging on:

1) Would you ever notice if you *weren't* asked to do that, just once?

2) If you did notice, what would you do?

"Worst cloud vulnerability possible discovered in Microsoft Azure..." Granting read/write access to every database on the service.
#Infosec #News #Vulnerability #Cybersecurity #TheCloud #Cloud #Microsoft #Azure

https://arstechnica.com/information-technology/2021/08/worst-cloud-vulnerability-you-can-imagine-discovered-in-microsoft-azure/

A "podcast" behind a paywall is not a podcast.

A "podcast" that only one app can receive is not a podcast.

A "podcast" without a public feed that can be freely pulled into any podcast client or RSS reader is not a damn podcast, don't let people get away with calling it that.

Windows 10 running Ubuntu 21.04 running Windows 7 running Mac OS 8.5 running Windows 95

Btw, while a social engineer had control of teslamotors.com DNS

Nobody could start or lock/unlock their $45,000+ cars.

A teenager called up and asked Network Solutions very nicely for control of the domain. And got it. And grounded hundreds of thousands of vehicles.

This company wants you in a self driving car.

University banned from kernel development after professor and students repeatedly intentionally introduce security vulnerabilities into the Linux kernel.

Then they pull the inclusivity card when they're called out on it.

If you were wondering why Microsoft and all the rest are *really* big on Codes of Conduct and other shit that enables this sort of attack....

Celebrate pissed somebody off.

Say what you will about signal but Moxie knows how to make a drop.

https://signal.org/blog/cellebrite-vulnerabilities/