alecm

@alecm@alecmuffett.com

7,980 posts

302 followers

Blog: alecmuffett.com
Profile: alecmuffett.com
Homepage: alecmuffett.com

Am I alone in feeling that MITRE ATT&CK is essentially D&D roleplay for pentesters who can’t get the Devops team to implement ISO27001 and have just got bored?

Sarah: Alright, team, the Russian Bear is hitting us with spear-phishing. We need to fortify our email gateways. Ideas? John: Maybe implement multi-factor authentication across the board? DM: Roll for success of your MFA implementation. John rolls. DM: Great job! The Russian Bear is baffled by your strengthened defenses. Now, prepare for the Chinese Dragon.…
Am still bemused that when Apple undocumented hardware gets misused by the NSA people are all like “…it must be for testing” yet when I *personally* wrote one cookie-handling goof/bug on Facebook it spawned (1) conspiracy theories (2) academic white papers (3) newspaper headlines and (4) EU-wide lawsuits by Belgian privacy activists

The latter: https://securehomes.esat.kuleuven.be/~gacar/fb_tracking/ — I was not aware that I was supposed to add a new endpoint to a blocklist; as part of “lessons learned” the entire codebase was revised to use an allowlist for various forms of cookie-manipulation, instead.
…OR YOU COULD REPLACE YOUR CHILDREN WITH BLUE CARDBOARD STANDEE CUTOUTS
Meet Joe Biden’s Favorite Hacker – The Messenger | …nice little biography of Dark Tangent

Also: quelle surprise: Moss no longer serves on the Homeland Security Advisory Council after failing “the political vetting that the Trump administration introduced,” he said, but two years ago, he joined the Cybersecurity and Infrastructure Security Agency (CISA)’s Cybersecurity Advisory Committee, where he leads a group that delivers policy advice from independent researchers, cyber threat…
Operation Triangulation: The last (hardware) mystery | …if this turns out to be an NSA-enabling backdoor, Apple’s security reputation will be toast

Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or that it was included by mistake. Because this feature is not used by the firmware, we have no idea how attackers would know how to use it. https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
iPhone Triangulation attack abused undocumented hardware feature | iPhones are “secure” except for the magic keys which are left underneath an undocumented doormat

Exploiting the flaw allows an attacker to bypass hardware protection on Apple chips that prevent attackers from obtaining complete control over the device when they gain read and write access to the kernel memory, which was achieved using the separate CVE-2023-32434 flaw. https://www.bleepingcomputer.com/news/security/iphone-triangulation-attack-abused-undocumented-hardware-feature/
It’s the winter perineum so I get time to read books because of extra toddler help; this year I’m reading several books on “the future of the internet” dating from 1998-2008, and doing so reminds me of USENET…

…as there used to be a joke about USENET where topical groups were disparaged: sci.physics: physics as understood by computer science majors soc.politics: politics as understood by computer science majors Etc; then, as now, this was not a fair characterisation but it had some truth. Equally now, these books I’m reading can and should be…
Thousands of private camera footages from bedrooms hacked, sold online

“Let’s put an online webcam into our bedroom, what’s the worst that could happen?” Untold hours of private camera footage from bedrooms, changing rooms, toilets and massage parlors in Vietnam have been hacked and put on sale online. https://e.vnexpress.net/news/crime/thousands-of-private-camera-footages-from-bedrooms-hacked-sold-online-4688865.html
Hacking my “smart” toothbrush | …absolutely fascinating breakdown of DRM coming to electric toothbrushes

Also, don’t buy Philips Sonicare electric toothbrushes: https://kuenzi.dev/toothbrush/
How to amuse your small geeks over Christmas | Matt Blaze: The Cryptography of Orphan Annie and Captain Midnight

The Orphan Annie and Captain Midnight decoders were based on a combination of two basic cryptographic techniques – the Caesar cipher and the fully permuted monoalphabetic substitution cipher. https://www.mattblaze.org/blog/badges/
The discreet charm of the perfect martini | BFI | …on martinis

make sure the ice is about twenty degrees below zero (centigrade). Don’t take anything out until your friends arrive; then pour a few drops of Noilly Prat and half a demitasse spoon of Angostura bitters over the ice. Stir it, then pour it out, keeping only the ice, which retains a faint taste of both.…
The Fight Over Apple’s iMessage and Those Green Bubbles | between eIDAS & blue/green bubbles, regulators apparently want to declare war on “Tech” expressing self-opinion about privacy & security

Seriously, if regulators start dipping into forcing companies to paint a bubble green or blue, or to put a dubious certificate in someone’s face, this is squarely an attack upon technical expression of user trust. https://www.wsj.com/tech/personal-tech/the-fight-over-apples-imessage-and-those-green-bubbles-0ad95088 Archived at: https://archive.is/2023.12.22-164023/https://www.wsj.com/tech/personal-tech/the-fight-over-apples-imessage-and-those-green-bubbles-0ad95088

Dropsafe

My Profile

Your Profile

Am I alone in feeling that MITRE ATT&CK is essentially D&D roleplay for pentesters who can’t get the Devops team to implement ISO27001 and have just got bored?

…OR YOU COULD REPLACE YOUR CHILDREN WITH BLUE CARDBOARD STANDEE CUTOUTS

Meet Joe Biden’s Favorite Hacker – The Messenger | …nice little biography of Dark Tangent

Operation Triangulation: The last (hardware) mystery | …if this turns out to be an NSA-enabling backdoor, Apple’s security reputation will be toast

iPhone Triangulation attack abused undocumented hardware feature | iPhones are “secure” except for the magic keys which are left underneath an undocumented doormat

It’s the winter perineum so I get time to read books because of extra toddler help; this year I’m reading several books on “the future of the internet” dating from 1998-2008, and doing so reminds me of USENET…

Thousands of private camera footages from bedrooms hacked, sold online

Hacking my “smart” toothbrush | …absolutely fascinating breakdown of DRM coming to electric toothbrushes

How to amuse your small geeks over Christmas | Matt Blaze: The Cryptography of Orphan Annie and Captain Midnight

The discreet charm of the perfect martini | BFI | …on martinis

The Fight Over Apple’s iMessage and Those Green Bubbles | between eIDAS & blue/green bubbles, regulators apparently want to declare war on “Tech” expressing self-opinion about privacy & security