Let's see. When I was younger I liked telephones. A lot. I still do. That included exploring the PSTN and causing general mischief. I have a Western Electric 1D2 payphone in my bedroom. Among other hobbies... I'm an amateur radio operator, Linux user, open source supporter and electronics meddler. I admire any human who has the patience to work in infosec.
I can't really stomach the wallowing echo chamber of Twitter, so maybe this will be better.
"New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS"
Looks like SimJacker has been used for quite a while. Full report comes out in October.
"What's worrisome? A specific private company that works with governments is actively exploiting the SimJacker vulnerability from at least the last two years to conduct targeted surveillance on mobile phone users across several countries."
So I was watching #ITChapterTwo and there are multiple scenes with a phone number from one of the characters in the movie - 207-159-4557. That's a real Maine area code/NPA too. Called it but it doesn't go anywhere. Just disconnected. 😓
It's been a great day so far! Started sparring again (I'm an amateur boxer when not reading technical manuals) and then when I got out of the ring I checked my phone and saw I got off the waiting list for my local BSides. I'll be going to my first ever infosec/hacking conference in a few weeks! I'm excited to meet people locally.
Last night I was playing bar trivia (presented on the bar's TVs via PowerPoint) with some friends and realized the trivia company's website had some hidden directories and in them were images that they used on their slides when revealing answers for that day, which gave me the answers to all the questions. I looked at the first 3 and when I realized what they were I stopped. Didn't want to ruin the fun. Your welcome, trivia company.
So generally, all you have to do to get someone's current GPS data from a telco is 1: find the telco's law enforcement outreach number, which is not difficult 2: create a fake Web site that looks like you belong to a legitimate law enforcement entity 3: call and tell the telco representative that the matter is urgent and could lead to the immediate death of someone if the info is not handed over. -- It has worked over and over again, and these are only the cases they caught.
Then there's this story out of Colorado, where another guy posing as law enforcement fooled a number of telephone giants into giving him a victim's current GPS location:
Over the past week there have been a few stories about telcos royally fucking up and giving out current GPS data to people posing as law enforcement. Take this article for example, where a woman was stalked by a guy who used the con on T-Mobile
If only more cities did this. I'm sure we could find some volunteers. "NYC has hired hackers to hit back at stalkerware -- A New York City government pilot program is bringing technologists and domestic abuse victims together for good."
Hey all, just thought I'd share - Python programming bundle available from No Starch Press, check it out. For $8 I got ten books. I'm going to use Python to decode ciphers! I'm a fan of No Starch and it seems like a good deal #infosec #python
So, apparently users of that *one white nationalist Web site that's been in the news* moved to a P2P service and some users deicided not to use Tor or a VPN and this became a news story for Kevin Poulsen. Although I'm not really sure if the results are that interesting, tbh.
While hacker summer camp happens there's a bomb shell report on US election security
"Exclusive: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials"
"Who Owns Your Wireless Service? Crooks Do.
"Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary. A noticeable uptick in SIM-swapping attacks that lead to multi-million dollar cyberheists."
The only local infosec event near me (a bsides) is doing "registration" via Eventbrite and tickets are already gone within an hour. You know, it may have been helpful to at least have announced when the tickets would become available on their official website, so I would have known to try to register at that specific time. Instead, they opted to announce that important detail via Twitter, and I don't really use Twitter all that much. Frustrating.
Preventing Ransomware Infections – Part 1
Looking at Finland's fight against misinformation. https://www.cnn.com/interactive/2019/05/europe/finland-fake-news-intl/
If you’re not in my particular niche communities, you might not know about the community that exists around old ThinkPad laptops. But I’m going to tell you about it, because I think it’s awesome!
ThinkPad laptops from years ago are enduringly popular, because they have great support from free software, and they’re extremely repairable.
Not only are new or used parts extremely easy to come by, people are even designing new parts for these old machines, so you can upgrade rather than replace!
Ex-investigative journalist, current infosec student, lifetime learner. Lock picking, Linux, OSINT, ham radio and much more. I also like whiskey and tequila.
A Mastodon instance for info/cyber security-minded people.