Pinned toot

Let's see. When I was younger I liked telephones. A lot. I still do. That included exploring the PSTN and causing general mischief. I have a Western Electric 1D2 payphone in my bedroom. Among other hobbies... I'm an amateur radio operator, Linux user, open source supporter and electronics meddler. I admire any human who has the patience to work in infosec.

I can't really stomach the wallowing echo chamber of Twitter, so maybe this will be better.

I just did this again this week with SAN and Fibre Channel and iSCSI. Send help.

My problem with studying for certifications is that I will get to a certain subject and inevitably want to know everything about it at opposed to the basics covered in the book. This sends me down rabbit holes and makes studying take a lot longer. Like, oh a brief summary of IPv6? Let me now go online and research everything about it, and NDP, and ICMPv6, and DHCPv6, and what is this Stateless Address Auto-configuration I keep hearing so much about and where does ff01::2 go? Sigh.

I've been using Linux for 15+ years, and I'm still learning commands! dmidecode is awesome. If you ever want to get detailed CPU/BIOS/hardware information, this is one of the commands to use.

linuxtechi.com/dmidecode-comma

Some sophisticated malware going around targeting Russian-speaking diplomats and government targets; it uses Tor-based communications and GSM fingerprinting. Ongoing since 2013. bleepingcomputer.com/news/secu

Disturbing story about how a man tracked down, stalked, and assaulted a woman near her home by examining a selfie she took and noticing the reflection of a bus stop in her pupils. He then used Google maps to find where she lived. Be safe everyone. asiaone.com/asia/obsessed-fan-

Ever hear of Ken Thompson, computer scientist who worked at Bell Labs and one of the creators of Unix? Well, someone just cracked one of his old BSD passwords. A+

leahneukirchen.org/blog/archiv

woland boosted
woland boosted

Re: the sudden closure of @HackerRadioShow home WBAI, we have a statement posted at 2600.com/content/lockout-wbai- .

We've arranged a live "Off the Hook" for 7-9 PM this Wednesday the 9th, at the Brooklyn Commons Cafe downstairs from the station. Please spread the word and, if you are in geographic range, PLEASE come join us; a show of numbers is pretty critical.

388 Atlantic Ave
Brooklyn, NY 11217

And please show the cafe some support. They're WBAI's landlord as well, and have also been thrown into peril by the station's closure.

We are working behind the scenes to figure out our next moves, and will talk about it at the event. We're also working on getting it recorded and streamed, we'll keep you posted.

Thanks, everyone. As you can imagine this is pretty daunting, but I'm keeping the faith that this isn't the last you'll hear of @HackerRadioShow.

So a Florida woman was recently arrested after police found dozens of pipe bombs she had made, and I'm glad nobody was hurt. But I found it humorous that the bombs were secured with what look to be two Master Lock 141Ds.

This book is invaluable. Tribe Of Hackers features opinions and advice from a diverse group of people in and I'm better for having read it. Main takeaway: get involved and never stop learning; there are people who just want a security career and then there are hackers.

woland boosted

How do you train for the technical aspects of IT incident response?

Diagnosing issues seems to be a mix of recognizing know patterns, and where that fails, methods of deduction.

Are there effective ways to teach these things without throwing someone into a real incident? If not, what’s the ideal balance between handing someone the solution, and allowing them to fail catastrophically?

woland boosted

Google finds Android zero day that can take control of Pixel and Galaxy devices. 7 day disclosure cycle on this one. They couldn't wait to announce that their Pixel models were vulnerable 😂
theverge.com/2019/10/4/2089846

Priorities: I was working and then BOOM! Got an email from an infosec school with a "hack challenge" in it. Not interested in thier classes but I must solve it. It's a standard logic puzzle. I work it out on a piece of paper and submit it and get a free sticker. Worth it.

Just woke up. Had a dream that I was at an event doing a CTF and I won. I picked a prize from this table after winning but it turned out all the prizes were meant for children. "Nobody told me the prizes were for kids!" I said. Then the organizer said "Ma'am, the contest was for children."

"New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS"

Looks like SimJacker has been used for quite a while. Full report comes out in October.

"What's worrisome? A specific private company that works with governments is actively exploiting the SimJacker vulnerability from at least the last two years to conduct targeted surveillance on mobile phone users across several countries."

thehackernews.com/2019/09/simj

So I was watching and there are multiple scenes with a phone number from one of the characters in the movie - 207-159-4557. That's a real Maine area code/NPA too. Called it but it doesn't go anywhere. Just disconnected. 😓

It's been a great day so far! Started sparring again (I'm an amateur boxer when not reading technical manuals) and then when I got out of the ring I checked my phone and saw I got off the waiting list for my local BSides. I'll be going to my first ever infosec/hacking conference in a few weeks! I'm excited to meet people locally.

Last night I was playing bar trivia (presented on the bar's TVs via PowerPoint) with some friends and realized the trivia company's website had some hidden directories and in them were images that they used on their slides when revealing answers for that day, which gave me the answers to all the questions. I looked at the first 3 and when I realized what they were I stopped. Didn't want to ruin the fun. Your welcome, trivia company.

I would love it if journalists could pose as law enforcement like these people did and see how many times the teclos would give over the GPS data, but of course that would be very illegal. It's scary stuff.

So generally, all you have to do to get someone's current GPS data from a telco is 1: find the telco's law enforcement outreach number, which is not difficult 2: create a fake Web site that looks like you belong to a legitimate law enforcement entity 3: call and tell the telco representative that the matter is urgent and could lead to the immediate death of someone if the info is not handed over. -- It has worked over and over again, and these are only the cases they caught.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.