Pinned toot

Did you know that in 1982 there was a "Silver Spoons" episode where the main character cracks the encryption of a US military computer and publishes classified weapons secrets in a school newspaper? This was before "War Games" was a movie. Bonus: Gary Coleman was in the episode, guest-starring as Arnold from "Different Strokes." Double bonus: They have to go on the run from the FBI. imdb.com/title/tt0700793/

Pinned toot

Let's see. When I was younger I liked telephones. A lot. I still do. That included exploring the PSTN and causing general mischief. I have a Western Electric 1D2 payphone in my bedroom. Among other hobbies... I'm an amateur radio operator, Linux user, open source supporter and electronics meddler. I admire any human who has the patience to work in infosec.

I can't really stomach the wallowing echo chamber of Twitter, so maybe this will be better.

Am I the only one who double checks to make sure their VPN is working properly every time? Like checking for DNS leaks and opening Wireshark each time you start it. Is that normal behavior or a tad obsessive? It's not like I'm dealing with top secret info.

Hot damn. It's only now that I truly understand all that goes into organizing a conference. And I was just a volunteer, not even an organizer! The WomenHackerz 1st (virtual) conference was a great success. We'll be back next year, hopefully in person.

Did you know that in 1982 there was a "Silver Spoons" episode where the main character cracks the encryption of a US military computer and publishes classified weapons secrets in a school newspaper? This was before "War Games" was a movie. Bonus: Gary Coleman was in the episode, guest-starring as Arnold from "Different Strokes." Double bonus: They have to go on the run from the FBI. imdb.com/title/tt0700793/

While we have a stellar lineup of speakers already we're still looking for more talks for WomenHackerz con.

is a virtual hacking conference held on June 6th & 7th welcoming everyone! Share your talks with the world! CFP submissions are still open.

papercall.io/whackzcon

Ok, I can't be the only one who has accidentally typed in infosex dot exchange as opposed to infosec dot exchange right? The keys are pretty close together.

woland boosted

Nearly half of Twitter accounts pushing to reopen America may be bots

Kathleen M. Carley and her team at Carnegie Mellon University’s Center for Informed Democracy & Social Cybersecurity have been tracking bots and influence campaigns for a long time. Across US and foreign elections, natural disasters, and other politicized events, the level of bot involvement is normally between 10 and 20%, she says. But in a…

technologyreview.com/2020/05/2

Every day is a chance to learn something new. That’s how I’ve been trying to cope with this crisis. A few days ago I started studying the Diffie-Hellman key exchange and now I understand how it works and the modular arithmetic behind it. This helped me learn more about cryptography. I’ve never been very good at math, and I don’t have a college degree. But that doesn’t matter. Don’t ever let society’s expectations or roles prevent you from learning. You don’t need anyone’s permission.

"While the hacker’s script has since stopped working after changes to Ohio’s website, another hacker has taken up the project and plans to release an updated version, the anonymous hacker told Motherboard."

Show thread

Hacker targets Ohio snitch-line set up for employers to report workers who do not return to work because of safety concerns (in order to kick them off unemployment). File this under play stupid games, win stupid prizes.

vice.com/amp/en_us/article/n7w

woland boosted

What could be better than a #netbsd VM running under #slackware ?

Why *two* #netbsd VMs running under #slackware of course!

(Stop me before I spawn a third!)

woland boosted

WeChat Surveillance Explained.
The Citizen Lab published a report that documents how WeChat (the most popular social app in China) conducts surveillance of images and files shared on the platform and uses the monitored content to train censorship algorithms. This document provides a summary of the research findings and questions and answers from the research team.
citizenlab.ca/2020/05/wechat-s

I've had a productive afternoon playing around with hping3, a packet creator and diagnostic tool. You can use it as a basic port scanner or send all kinds of terminal-crafted packets. All of the TCP flags! Looking forward to using it on my snort configuration.

From WomenHackerz: "We are celebrating our one year anniversary on June 6th & 7th in the best way possible ... a virtual conference! Everyone is welcomed to attend. We will have free talks, free workshops, free CTFs, lock picking sessions, and more!"

Details and CFP here womenhackerz.com/whackzcon-202

Random thought: With the virus, how many companies using biometrics for access control are going to have to revamp their operations? Facial recognition is out with masks and methods involving physical contact are a disaster waiting to happen.

woland boosted

Just got finished making a lovely network diagram of my home network, which has becoming surprising complex over the years. If you eve need a fantastic, free and open source tool for diagramming, mapping, and a ton of other uses, go checkout this out:

diagrams.net/

Lately I've been researching TCP/IP for fun. There was a lot I didn't know about the suite and it's fascinating stuff. Like using the IP TTL fields or Options in the TCP header to discover what OS is being used. Or predicting the next sequence number to hijack a session. infoq.com/articles/tcp-syn-sec

That didn't take long. "Spyware merchant NSO Group didn't password protect a backend server for their contact-tracing system...and it had a breach" Luckily it appears to have been used for testing purposes. techcrunch.com/2020/05/07/nso-

woland boosted

I know it's already been covered. But COVID-19 really is the final nail in the coffin for Payphones and COCOTs. Outside of hobbyists, it's the end of an era.

Pro tip: if you're creating an AstroTurf campaign to get people to go out in large groups and protest the quarantine and jeopardize public health you might want to remember to use a DNS proxy service for ALL of the domains you register instead of just a few. reddit.com/r/maryland/comments

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.