Thomas B. Rücker @tbr@society.oftrolls.com
I love open source. I work on Icecast in my free time.
When we launched #SaveCodeShare last year, we were sure that a few months later the decision makers would know it's important to #SaveYourInternet. We were wrong.
So make yourself heard today by signing https://savecodeshare.eu, https://saveyourinternet.eu and contacting your MEP!
Kitchen Nightmares but it's about IT infrastructure & security, hosted by some rockstar sysadmin.
"Customer credit cards on the same server as the WordPress blog?! I am shutting this place down. Shut it down. SHUT. IT. DOWN." *trips circuit breaker*
https://twitter.com/marcan42/status/1012435070555074560
(click for full thread, it's hilarious!)
"And that, my friends, is how the B-52 can end the world as we know it."
http://www.thedrive.com/the-war-zone/21814/we-heard-what-it-sounds-like-just-before-a-b-52-begins-the-end-of-the-world-last-night
Oh, What a Fragile Web We Weave: Third-party Service Dependencies In Modern Webservices and Implications https://arxiv.org/pdf/1806.08420.pdf
If you know anyone working on an ActivityPub project and they need any advice/feedback/help or want to spread the word, tell them to DM me! I am more than willing to help or spread awareness! #activitypub #fediverse
Sometimes I feel like not enough people appreciate what it means if I'm willing to put on pants for them
The Norwegian Consumer Protection Agency has just released an analysis of "dark patterns" used by Google, Facebook and Microsoft to trick users into giving up their privacy – in spite of #GDPR. You can download the 44 pages PDF here:
https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf
Oh good #WordPress proves itself to be Swiss cheese once again
https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
What's worse is that they've been informed 7 months(!) ago and still don't have a patch. And don't seem to have any concrete plans to provide a patch
Encrypted remote backups using SSHFS and LUKS: https://ruderich.org/simon/notes/encrypted-remote-backups
I've been using this technique for years and can confirm it's robust and reliable.
@tbr what you did is good and you should feel good.
Any of my #polish #infosec followers have any specific hints about current best practices in following this up?
I haven't dealt with such stuff in Poland for years and a lot has changed since I moved away.
cc @rysiek
PS: Despite the appearance (Name, etc.) I'm actually Polish and sent the email to the MPK contacts in Polish. Can obviously follow up rest of process in Polish too.
You're drinking your morning espresso. Check emails that arrived during the night, discard spam. Then one weirdly catches your eye.
The spam URL is obviously hosted on the domain of the public transport company of a polish city. 🤔 ("mpk.$cityname.pl" is a dead giveaway) #Poland 🇵🇱
So if you run a CMS from 2009 #TWOTHOUSANDNINE that wasn't ever updated and even if would have been EoL for 5+ years… 🤦 #infosec #ThatswhyIdrink
Mailed the listed contacts on the webpage. Next is hosting company.
Intel: find bugs and we'll pay you
Researchers: okay
Intel: NOT IN HYPERTHREADING!!!! WE NEED THAT
Achievement unlocked:
- de-populate broken eMMC from set-top-box circuit board using hot air rework
- add necessary boot loader #blackmagic to existing SD card to make it boot directly
The latter worked on first try 😲 and I'm still puzzled at who now owns my soul for this.🤔
I'm working on an ActivityPub guide website for coders & non-coders! It's something I wish existed before I started pixelfed.
This looks bad: https://www.blackhat.com/us-18/briefings/schedule/#tlbleed-when-protecting-your-cpu-caches-is-not-enough-10149
Worst case scenario seems pretty bad for anything cloud-hosted. Anybody has more info?
Tooot Toooooot!
"Choo choo mother***"
The CPU vulnerability train keeps running
#TLBleed #infosec
https://www.blackhat.com/us-18/briefings/schedule/#tlbleed-when-protecting-your-cpu-caches-is-not-enough-10149
h/t to: @Isotopp @oliof
