phurd

@phurd@infosec.exchange

I am a professional penetration tester. For professional correspondence & deranged nonsense. This account is "hated" by my employer

This profile is from a federated server and may be incomplete. Browse more on the original instance.

lcamtuf, to random

deleted_by_author

    •
    phurd,

    @lcamtuf how did you create this graph? I think "unprecedented" would be funny

    phurd,

    @lcamtuf Thanks! Seems like 1910 was the least unprecedented (most precedented?) and 2003 was the most unprecedented

    briankrebs, to random

    Virustotal can be so frustrating if you just have a normal user account. Just know that a clean bill of health from VT is by no means an indicator that a piece of software is safe.

    E.g., this file is known bad, from a deceptive download. But it comes out clean when scanned by dozens of antivirus and security tools.

    https://www.virustotal.com/gui/file/5ac959e5dee9884512f4a34623bbad2c08be427669015b917a750f7cbfbb0a75/detection

    However, the community notes that I can see all convict this thing as doing bad things that trip multiple triggers for malware. e.g.:

    https://www.filescan.io/reports/5ac959e5dee9884512f4a34623bbad2c08be427669015b917a750f7cbfbb0a75/d3103e51-6d2c-4d62-a5fa-906ea549bd7f/overview

    image/png

    phurd,

    @briankrebs @jhaar That doesn't make the file malicious though. The linked file is a legitimate Rainmeter installer, regardless of where it was acquired from

    phurd,

    @briankrebs Feel free to Edit the original toot so everyone who interacted can be notified of the correction

    SecureOwl, to random

    Without a Cadillac converter, it just goes back to being a Toyota

    phurd,

    @SecureOwl man I hope his heart is ok. I wouldn't want to be without a cardiac converter

    WPalant, to random

    German law is making security research a risky business.

    Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a software that produced way too many log messages. And he discovered that this software was making a MySQL connection to the vendor’s database server.

    When he checked that MySQL connection, he realized that the database contained data belonging to not merely his client but all of the vendor’s customers. So he immediately informed the vendor – and while they fixed this vulnerability they also pressed charges.

    There was apparently considerable discussion as to whether hardcoding database credentials in the application (visible as plain text, not even decompiling required) is sufficient protection to justify hacking charges. But the court ruling says: yes, there was a password, so there is a protection mechanism which was circumvented, and that’s hacking.

    I very much hope that there will be a next instance ruling overturning this decision again. But it’s exactly as people feared: no matter how flawed the supposed “protection,” its mere existence turns security research into criminal hacking under the German law. This has a chilling effect on legitimate research, allowing companies to get away with inadequate security and in the end endangering users.

    Source: https://www.heise.de/news/Warum-ein-Sicherheitsforscher-im-Fall-Modern-Solution-verurteilt-wurde-9601392.html

    phurd,

    @WPalant A protection mechanism isn't circumvented when used as intended. The vendor supplied credentials to their customers with the specific intent for them to be used. German judges are morons

    troed, to llm
    @troed@ioc.exchange avatar

    "AI being trained on copyrighted material is THEFT!!!1"

    Dude. You should see what happens in schools.

    #LLM #AI

    phurd,

    @troed I've heard that NA (natural intelligence) is also trained on copyrighted material. crazy

    SwiftOnSecurity, to random

    There is a massive disconnect between the kind of attacks security professionals imagine by resourced attackers just like them, and what dipshit teenagers with more time to waste than God in an empty universe actually try for weeks.

    phurd,

    @SwiftOnSecurity Teenage attackers:

    • get to choose targets they’re interested in
    • get to choose targets who aren’t prepared
    • unlimited dev time
    • unlimited time off
    • don’t have an SOW or ROE
    • don’t have meetings
    • don’t write a report
    • don’t have job-adjacent things like MBOs or sales calls

    Honestly a pretty sweet gig

    jerry, (edited ) to random

    Which Linux shell should i be using and why?

    phurd,

    @jerry xonsh is the best

    jerry, to random

    To those leaving due to my “heavy handed”, “ethically questionable,” and “morally bankrupt” decision to let people decide whether to interact with Threads: I am sorry it didn’t work out.

    To people on instances who will soon block me/us because I did not block Threads, thanks for being there, I wish you all well.

    💕

    phurd,

    @jerry Did you not block Threads?

    jerry, to random

    Geez. 13 months later and people are still coming at me about the CISA account And how gravely dangerous it is to the Fediverse

    phurd,

    @jerry nonsense springs eternal

    jerry, to random

    It’s almost thanksgiving here in the US and today I am thankful for all the turkeys I’ve met here in the fediverse

    phurd,

    @jerry on the internet, nobody knows you’re a turkey

    gbhnews, (edited ) to fediverse
    @gbhnews@mastodon.social avatar

    🎃 Good morning ! This is GBH bringing you the world from . It's 43F at Logan Airport and visibility is 10 miles.

    The Hunt Justice Project is working to clear the names of all accused, arrested or indicted for witchcraft in the state.

    Boston has begun clearing the homeless encampment near after new ordinance passes.

    The MFA is surrendering two looted bronzes for repatriation to .

    phurd,

    @gbhnews love the juxtaposition of witch hunt and homeless clearing

    augieray, to random
    @augieray@mastodon.social avatar

    Fun #COVID19 fact: There is more COVID transmission today in the US than there's been in over half of the pandemic. Early signs are showing our holiday surge has begun.

    I get that we can't eliminate all risk from our lives, but that doesn't mean we can't do simple things to reduce risk. A friend's spouse is entering her third month of COVID symptoms. Millions will join her before the end of January. Do what you can to ensure that doesn't include you or your family.

    http://pmc19.com/data/

    phurd,

    @augieray Is this your website? It uses a self-signed certificate for TLS meaning I can't trust the security of the connection. Getting a certificate from LetsEncrypt is fairly simple and well-documented

    mattblaze, to random
    @mattblaze@federate.social avatar

    I had a meeting today in which it was brought home to me that there are senior security people who don't remember the Morris worm because they were like eight years old when it happened.

    You can get off my lawn now.

    phurd,

    @mattblaze I fit that description, and the Morris worm was like 10 years before I was born

    phurd, to random

    Unfortunately, 144 fathoms of wampum doesn't buy you shit nowaday's

    bagder, to random
    @bagder@mastodon.social avatar

    We disclosed this #hackerone report against #curl when someone asked Bard to find a vulnerability, and it hallucinated together something:

    https://hackerone.com/reports/2199174

    phurd,

    @bagder I suspect the reporter's last comment in that thread was also written by an LLM

    ZachWeinersmith, (edited ) to random
    @ZachWeinersmith@mastodon.social avatar

    Does the word "cyborg" imply in particular a human-machine combination?

    phurd,

    @ZachWeinersmith the robots from I, Robot are not cyborgs

    0xabad1dea, to random

    either Dunkin’ Donuts doesn’t know how to configure windows professional or they’re running windows home on a point of sales terminal

    (honestly I assumed they were android until I saw this)

    phurd,

    @0xabad1dea My local Dunkin doesn't seem to have bubble tea. What's Dunkin Donuts' slogan in other countries? In the USA it's "America Runs On Dunkin"

    bulbagarden, to pokemon
    @bulbagarden@mastodon.social avatar

    TV Tokyo releases trailer for upcoming Pokémon-themed live action drama series Pack Your Pocket With Adventure, first episode goes to air in two weeks https://forums.bulbagarden.net/index.php?threads%2Ftv-tokyo-releases-trailer-for-upcoming-pokemon-themed-live-action-drama-series-pack-your-pocket-with-adventure-first-episode-goes-to-air-in-two-weeks.298911%2F&utm_source=dlvr.it&utm_medium=mastodon #pokémon

    phurd,

    @bulbagarden is there a trailer on YouTube you could link to instead of the bird site?

    phurd,

    @bulbagarden ah ok thanks

    fsf, to guix
    @fsf@hostux.social avatar

    Have you heard... of the Hurd? Read more about GNU Hurd in this post from 2020 on the GNU Guix blog: https://u.fsf.org/40p "Hello Hurd" and happy hacking!

    A GIF animation with a command line prompt that says, "This is the GNU Hurd. Welcome." Various commands are input over the course of the animation.

    phurd,

    @fsf sure have

    haveibeenpwned, to random

    New spam list: SMS spam operation "ApexSMS" had 80M records with 23M unique email addresses left exposed via an unprotected MongoDB in 2019. Data also included included name, IP, gender, geolocation and phone. 97% were already in @haveibeenpwned. Read more: https://techcrunch.com/2019/05/09/sms-spammers-doxxed/?guccounter=1

    phurd,

    @haveibeenpwned Cowards at TechCrunch won't name the spam admins. Privacy of 80M people has been violated, yet these assholes get a free ride

    kevinrothrock, to random

    Zelensky’s proposal to overrule UNSC vetoes if “a global qualified majority” of nations supports a resolution is an interesting idea I can’t imagine any veto-wielding superstate ever endorsing. The whole concept is also fundamentally undemocratic, despite appearances. (India and China are just two states but contain more than a third of humanity.)

    phurd,

    @kevinrothrock The idea of a veto at all is undemocratic. One country decides what the entire United Nations shall agree on or not agree on, by force of veto

    phurd,

    @kevinrothrock You pronounced this nonsense. Not me

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • cubers
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • tacticalgear
  • osvaldo12
  • normalnudes
  • tester
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • anitta
  • Leos
  • provamag3
  • modclub
  • lostlight
  • All magazines
    •