The theme song of every Mastodonian:
Mr. Toot - Ylvis
Operation of systems in abnormal environments, such as floods, earthquakes, and accidents.
Systems used to prevent or detect an attack by a malevolent human adversary.
“It is useful...to recognize that a fire has no powers of reasoning, while adversaries do.”
- Design & Evalutation of Physical Protection Systems. M. L. Garcia
There are still only a few viable mitigations for “person with thumb drive”, none which are particularly appealing if you want to preserve that access for folks who really need it
Meanwhile, a fly on the wall is worth 20,000x its weight in gold, but only when used the right time
One technique they use that seems applicable to #infosec is the multiple uses of a keycode at the external entrance, internal entrance, and elevator; that's followed by one cylinder lock and possibly another padlock.
Every time you have to authenticate to reach the next deepest layer.
Also, thank you to everyone who suggested places to buy phone batteries!
Repair and Refurb all the way!
Remote Code Execution in Alpine Linux https://justi.cz/security/2018/09/13/alpine-apk-rce.html
For those interested in leaving Apple and Google, and reconquer their privacy, the first beta of /e/ is here for download and testing! Happy flashing.
So Alpine Linux has a pretty serious set of vulnerabilities because
- It doesn’t download packages over TLS, making them prone to MitM. Which on its own isn’t terrible but it also...
- Doesn’t check hashes before extracting to root (!)
- And uses custom gzip code which is vulnerable to arbitrary code execution (!!)
I actually built a little toy service (that I will also eventually open source) which converts any RSS feed to an ActivityPub actor that you can subscribe to in Mastodon (or any other AP-compatible client).
Play with it if you like! It is SUPER rough and most feeds end up horribly rendered in Mastodon but it's still kinda cool to see it work: https://bots.tinysubversions.com/convert/
My home lab has become ruin through months of neglect.
Today I shall clean and organize it.
This will be a good day.
My top 10 people who's toots I favorite are:
Found these numbers with this tool:
Great work @codesections !
Tinkerer | Cypherpunk | Hacker
A Mastodon instance for info/cyber security-minded people.