@dubbel@mstdn.io avatar

dubbel

@dubbel@mstdn.io

infosec dev based in Copenhagen, sea rescue volunteer at night

This profile is from a federated server and may be incomplete. Browse more on the original instance.

dubbel, to python
@dubbel@mstdn.io avatar

Reported 5 malicious packages to : numberpy, tqmmd, pandans, openpyexl, reqwestss all by the same user leemay1782.

All with the same "functionality", getting commands via a socket from dzgi0h7on1jhzdg0vknw9pp9309rxjl8.oastify[.]com and executing it.
I don't think I saw the setup.py entry_points being used as a trigger mechanism before?

dubbel, to python
@dubbel@mstdn.io avatar

Reported 15 malicious #PyPI packages: asyncioo, asyyncio, asyincio, aasyncio, etc...

On install they decrypt Fernet encrypted code, which loads further code from https://funcaptcha[.]ru/paste2?package=asyncioo (replace the parameter with the package name).

I was blocked from accessing that code (am on mobile right now, so I don't have the means to investigate for real, Fernet decryption was already fun :abloblamp: ).

Anyone else able to access it?

#IOC #threatIntel #python

dubbel,
@dubbel@mstdn.io avatar

@benjaoming I wrote a little telegram bot that tells me about sus sounding new packages ruby gems and python packages. Hard to say for me right now if it's only the 15 asycio impersonators, as the actor uses different accounts for each package. I'd have to get back to my laptop to make some queries.

I also wrote a timeline of package dependency compromises, which also features your project btw :D https://www.haukeluebbers.de/blog/2020-01-timeline-of-package-dependency-compromises/#september-17th-2017-pytosquatting-is-a-thing-now

dubbel,
@dubbel@mstdn.io avatar

Aaand the packages were removed by the PyPI team 🙌 💚

dubbel, to random
@dubbel@mstdn.io avatar

@birb https://www.haukeluebbers.de/blog/

dubbel, to random
@dubbel@mstdn.io avatar

Everyone knows about the 500 hours of videos uploaded every minute on YouTube.
But nobody talks about the 240 minutes of podcasts that appear in my podcatcher every day (averaged over the last 7 days). :blobcatfearful: I need hjælp!

To be fair, this includes the > 6h hardcore history chonker on Vikings. :blobbongocat:

jomo, to random
@jomo@mstdn.io avatar

@admin it's quite unfortunate that all external statuses are deleted after just a few days, even the ones that have been reposted, favorited, or bookmarked. The deletion also includes statuses that are replies to users of this instance. In a thread, I can't even see what my original post was after replying to an external user, let alone see anything else of the conversation.

dubbel,
@dubbel@mstdn.io avatar

@jomo @admin oooh, i thought it was the other users apparently auto-deleting all the posts I bookmarked!

jerry, to random

Container question: once I get past infosec.exchange, I want to work on consolidating the other services onto a larger, single system running in containers - services like akkoma, peertube, bookyrm, etc. I don’t know what I’m in for, as an example, for trying to collocate lemmy and matrix. Does it just work, or are my eyes about to bleed?

dubbel,
@dubbel@mstdn.io avatar

@jerry @milan runs a bunch of different services on tchncs.de and maybe knows more? (I have no idea how they are hosted)

lovelylovely, to random
@lovelylovely@masto.ai avatar

👇

dubbel,
@dubbel@mstdn.io avatar

@girander @lovelylovely Hamas was democratically elected, but in 2006. But looking back doesn't really help too much here.

The thing is: the Israelis can, should, and probably will get rid of Netanjahu at the next elections.

How can we free Gazans from Hamas? Hamas are regularly killing inner-Palestinian opposition as "Israeli spies".

kravietz, to Palestine
@kravietz@agora.echelon.pl avatar

> "Our decision is to remain in our land," Ismail Haniyeh added in a televised speech, while addressing Egypt in that part of his address.

https://www.msn.com/en-us/news/world/hamas-...

Haniyeh, leader and spokesman for lives in Quatar just as most of the senior leaders of Hamas from . He's a millionaire, who built his fortune on 20% "tax" charged on every goods smuggled through the Gaza tunnels.

> Residence(s)Doha, Qatar

https://en.wikipedia.org/wiki/Ismail_Haniyeh

dubbel,
@dubbel@mstdn.io avatar

@kravietz "most senior leaders of Palestine" or "most senior leaders of Hamas"? I was under the impression that Fatah is mostly still residing in the west bank (but might be wrong)?

erin, to random
@erin@coolmathgam.es avatar

cursed thought: what if i uploaded my DNA on github

dubbel,
@dubbel@mstdn.io avatar

@erin it gets auto-removed because "it has a 98% similarity to spam" :(

benjaoming, to random
@benjaoming@social.data.coop avatar

Western leaders should have taken a timeout to think before sending all their auto-responses in support of Israeli aggression:

Israel doesn't have the right to indiscriminately bomb civilians.

The bombings of Gaza are collective punishment, and it's spelled out directly by Netanyahu. To him, all 2.3 million people in Gaza are enemies that "will pay an unprecedented price".

Everything about this is horrifying.

dubbel,
@dubbel@mstdn.io avatar

@benjaoming The "auto-responses" were sent as a reaction to Hamas' unprecedented terror attack and I can't understand how you speak about "aggression" from the Israeli side on a day like this.
I agree that there won't be a military solution of the conflict, but if the ones responsible for this are not brought to justice it will just strengthen Hamas, as a big propaganda win. This in turn will weaken the people on both sides that are interested in progress through negotiations.

dubbel,
@dubbel@mstdn.io avatar

@benjaoming No comments about the reports that (imho convincingly) indicate that a PIJ missile was the cause of the explosion at the hospital?
Sadly, at this point it might not even matter anymore, as long as public perception in neighboring countries sees it as an Israeli attack. The initial (mis?)information alone might already cause Hezbollah to join the war.

I agree btw that water+electricity should be reenabled at least in the south of Gaza and hum. aid be let in.

dubbel,
@dubbel@mstdn.io avatar

@benjaoming Understood, that's sad, but I can see that.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

deleted_by_author

    •
    dubbel, (edited )
    @dubbel@mstdn.io avatar

    @GossiTheDog for a second there I thought ransomware groups are so rich that they buy legitimate companies now. :blobfacepalm:

    benjaoming, to random
    @benjaoming@social.data.coop avatar

    I really believe that there are WAY TOO FEW local conferences. My focus is on tech conferences, but I'm sure it applies to other areas, too.

    So I've written a blog post about small and local events:

    https://overtag.dk/v2/blog/local-conferences-big-potential/

    Please give comments and suggestions about your ideas on this topic! I wouldn't mind doing a rewrite after your inputs 🙏

    dubbel,
    @dubbel@mstdn.io avatar

    @benjaoming nice post, it makes sense to me!

    Thinking back, meetup[.]com was probably one of the first platform where I noticed what is now known as enshittification with a breathtaking pace. Small local conferences are bigger than most meetups I guess, but might also fill a similar role that many people are longing for every since meetups went downhill.

    noelreports, to random Dutch
    @noelreports@mstdn.social avatar

    Honest question. How alive is Mastodon?

    dubbel,
    @dubbel@mstdn.io avatar

    @noelreports I say Masto you say party - Masto Masto...

    benjaoming, to random
    @benjaoming@social.data.coop avatar

    How do you solve the Ansible paradox?

    When should the Ansible code be committed and pushed to Git?

    • Before it gets deployed?
    • After it's deployed?
    dubbel,
    @dubbel@mstdn.io avatar

    @benjaoming hm. What are the arguments in favour of deploy before commit?

    "Normal code" gets deployed by CI/CD after merging, and you would avoid accidentally overriding a previous change that a colleague merged?
    I'm more familiar with Terraform tbh, maybe overlooking something?

    bsi, to random German
    @bsi@social.bund.de avatar

    Haut mal raus: Welche Hardware- oder Software-Abkürzungen kriegen wir noch in Songtiteln unter? 👀

    #DeutschlandDigitalSicherBSI

    dubbel,
    @dubbel@mstdn.io avatar

    @bsi Ein absoluter Klassiker ist natürlich Nirvanas "Shells Like Teen Spirit". 🤘

    dubbel, to infosec
    @dubbel@mstdn.io avatar

    If you are writing a job-search toot it would be great if you could add the country you are in. Yes, it also matters for fully remote positions.

    I spend so much time trying to piece together various clues about job searchers locations in their profile. 🥲

    That would be awesome, thank you, and good luck! 🙌

    Manager standing next to cubicle saying "That would be great". A meme from the movie "office space".

    SwiftOnSecurity, to random

    We can surmise from excavations and translations that the ancient American Empire had life-extension, perhaps even eternal life. There were places called “Forever 21” in most metro areas. Their popular culture also reflected this obsession, with Taylor Fast’s song “Feeling 22.”

    dubbel,
    @dubbel@mstdn.io avatar

    @SwiftOnSecurity The impact of the queens of that period, like Taylor the Fast or Ariana the Great, are truly fascinating.

    benjaoming, to random
    @benjaoming@social.data.coop avatar

    The Danish word for "who" is "hvem". I don't get how translating "hvem" should result in WHO in Swedish, do you? 🤷

    dubbel,
    @dubbel@mstdn.io avatar

    @benjaoming deepl.com seems to be able to handle it :)

    dubbel, to programming
    @dubbel@mstdn.io avatar

    "PyPI new user and new project registrations temporarily suspended" due to high levels of malicious package uploads.
    Absolutely the right decision by the PyPI administrators, take all the time you need 🤗
    https://status.python.org/incidents/qy2t9mjjcc7g

    dubbel, to programming
    @dubbel@mstdn.io avatar

    Reported malicious python package "colors5", downloading an executable on setup from
    https://resetname.peanutgamerdot.repl[.]co/Built.exe

    It's the best documented malicious package I've seen, with helpful comments like

    write the malware to a file

    attempt to add a windows defender exclusion if the person runs our batch as admin

    the malware

    The only attempt at evasion is the screen-full of newlines before this code. :blob_confused:

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • thenastyranch
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • ngwrru68w68
  • provamag3
  • magazineikmin
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • anitta
  • Leos
  • tester
  • JUstTest
  • All magazines
    •