whonose123 boosted

@jerry Sounds good - like a modern philosophy that sells well. I loved it when Mr Durov (Telegram, VK) explained (in attractive words) the significance of having no things, properties, etc, to be a burden, to limit oneself, how "things you have will in the end have you" . Then it leaked out he has a very expensive property here, and one there, and spends lots of money just to prove he can. Things he said still *sound* good. I smile and think about them every time I mow my lawn :)

whonose123 boosted

Facebook is the least trusted tech company, for handling personal data: fortune.com/2018/11/08/mark-zu

I have been wondering: how quickly could a site like Facebook die? I think it could happen very quickly, if there were an alternative platform. Once the network effect shifts from Facebook to something else, it's basically Myspace city. The challenge is establishing that network effect somewhere else.

whonose123 boosted

It looks like I will be spending my Saturday doing some SD card forensics. That’s now what I had in mind for this weekend, but well, looks like the landlord of a friends friend installed a surveillance cam without them knowing...

@HackerRadioShow BOO!!! Missed the show for the last month! - Good to see you on Mastodon, but I think the way you introduced it on the show would confuse some people.
Maybe explain how they can "sign up" and then follow you?

whonose123 boosted

Is there a good guide to setting up an IPv6 home network (including DHCP, DNS, etc) for moderately savvy users? Trying to teach it to someone and realizing I don’t understand it well enough to simplify it usefully…

whonose123 boosted

^^^ <End of Thread> ^^^

I breached a company through a newly constructed branch location.

I slipped in in that short moment between them implementing the network and them implementing the security to protect that network.

whonose123 boosted

Walked around the place. Looking at the newly constructed cubical farms.

Seats freshly installed.

Plastic, boxes, styrofoam on the floor.

Found the hot ethernet jacks to the side and plugged in some more RPi dropboxes.

Folks just thought I was an installation tech.

Left the site and checked my listeners. The RPi’s had connected.

I had complete access to that location, of course.

But I also had internal access to the WAN. To the central corporate network in another city.

A flat network.

whonose123 boosted

All of the servers had their IP addresses printed out on labels.

The security camera management console had each IP camera’s IP address on display.

Firewall appliances, vuln scanner appliances, security appliances, all labeled neatly.

Lot of little devices on the wall and in the racks plugged in.

I had a couple Raspberry Pi dropboxes in thise black official cases.

I took them out. Plugged them in. Left.

whonose123 boosted

Got out of my car & walked up to the main lobby. A lot of folks coming and going.

It had a badge reader, man trap, and locked down lobby...

...that hadn’t been locked down yet.

So I walked through. Nodding to folks as I passed.

Went into the office area of the warehouse & looked around. Made sure folks saw me. Became part of the busy flow.

Found the server room. Door propped open. Room crowded with network field techs finishing their cabling. Camera folks setting up the management console.

whonose123 boosted

New warehouse just finishing construction. A lot of different people there. Electricians, network field techs, physical security engineers, etc.

Drove up to the parking lot to see all manner of different companies and installation techs, coming and going.

While driving up to the site, I noticed the place surrounded by high fences, barbed wire, lots of cameras. It had good coverage. Didn’t see a dead zone.

When this place becomes fully operational, it’s going to be a tough nut to crack.

whonose123 boosted

So I recently completed a physical pentest. Was going to live toot it.

But it happened a little too quickly.

Went to case the joint; conduct some active recon.

And then just sort of breached the place while I was there...

@tinker I really love the story you put on Tweeter about dropping the Pi's into the client site during setup. Nothing works better than the "I am supposed to be here" walk through a worksite. LOL!

whonose123 boosted

@ScottMortimer @jackiebailz
It is. I have it running on the first gen rPI since last weekend. Runs great for a small home network. But piping an installation script into bash should be banned. It's a good reason for punishment

whonose123 boosted

@ScottMortimer
im curious about your experience running it on a rPi 1, i've got one laying around myself

whonose123 boosted

Another Friday, another day at the data pumps...

whonose123 boosted

the is transmitting SSTV on 145.800Mhz until tomorrow for anyone who may be interested.

whonose123 boosted
Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.