Dropsafe

Am I alone in feeling that MITRE ATT&CK is essentially D&D roleplay for pentesters who can’t get the Devops team to implement ISO27001 and have just got bored?

2023/12/28 00:17:13 GMT

Sarah: Alright, team, the Russian Bear is hitting us with spear-phishing. We need to fortify our email gateways. Ideas? John: Maybe implement multi-factor authentication across the board? DM: Roll for success of your MFA implementation. John rolls. DM: Great job! The Russian Bear is baffled by your strengthened defenses. Now, prepare for the Chinese Dragon.
(more…)

attandck mitre
Am still bemused that when Apple undocumented hardware gets misused by the NSA people are all like “…it must be for testing” yet when I *personally* wrote one cookie-handling goof/bug on Facebook it spawned (1) conspiracy theories (2) academic white papers (3) newspaper headlines and (4) EU-wide lawsuits by Belgian privacy activists

2023/12/28 00:02:19 GMT

The latter: https://securehomes.esat.kuleuven.be/~gacar/fb_tracking/ — I was not aware that I was supposed to add a new endpoint to a blocklist; as part of “lessons learned” the entire codebase was revised to use an allowlist for various forms of cookie-manipulation, instead.
(more…)

apple bugs facebook paranoia regulation
…OR YOU COULD REPLACE YOUR CHILDREN WITH BLUE CARDBOARD STANDEE CUTOUTS

2023/12/27 20:37:07 GMT

(more…)

parenting privacy super privacy activist
Meet Joe Biden’s Favorite Hacker – The Messenger | …nice little biography of Dark Tangent

2023/12/27 20:23:55 GMT

Also: quelle surprise: Moss no longer serves on the Homeland Security Advisory Council after failing “the political vetting that the Trump administration introduced,” he said, but two years ago, he joined the Cybersecurity and Infrastructure Security Agency (CISA)’s Cybersecurity Advisory Committee, where he leads a group that delivers policy advice from independent researchers, cyber threat
(more…)

jeff moss regulation
Operation Triangulation: The last (hardware) mystery | …if this turns out to be an NSA-enabling backdoor, Apple’s security reputation will be toast

2023/12/27 19:55:44 GMT

Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or that it was included by mistake. Because this feature is not used by the firmware, we have no idea how attackers would know how to use it. https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
(more…)

apple backdoors
iPhone Triangulation attack abused undocumented hardware feature | iPhones are “secure” except for the magic keys which are left underneath an undocumented doormat

2023/12/27 14:46:08 GMT

Exploiting the flaw allows an attacker to bypass hardware protection on Apple chips that prevent attackers from obtaining complete control over the device when they gain read and write access to the kernel memory, which was achieved using the separate CVE-2023-32434 flaw. https://www.bleepingcomputer.com/news/security/iphone-triangulation-attack-abused-undocumented-hardware-feature/
(more…)

apple this is a total surprise who could possibly have expected this
It’s the winter perineum so I get time to read books because of extra toddler help; this year I’m reading several books on “the future of the internet” dating from 1998-2008, and doing so reminds me of USENET…

2023/12/27 14:34:44 GMT

…as there used to be a joke about USENET where topical groups were disparaged: sci.physics: physics as understood by computer science majors soc.politics: politics as understood by computer science majors Etc; then, as now, this was not a fair characterisation but it had some truth. Equally now, these books I’m reading can and should be
(more…)

digital rights essay parenting politics regulation
Thousands of private camera footages from bedrooms hacked, sold online

2023/12/27 08:17:52 GMT

“Let’s put an online webcam into our bedroom, what’s the worst that could happen?” Untold hours of private camera footage from bedrooms, changing rooms, toilets and massage parlors in Vietnam have been hacked and put on sale online. https://e.vnexpress.net/news/crime/thousands-of-private-camera-footages-from-bedrooms-hacked-sold-online-4688865.html
(more…)

diy ncii internet of things
Hacking my “smart” toothbrush | …absolutely fascinating breakdown of DRM coming to electric toothbrushes

2023/12/26 07:30:02 GMT

Also, don’t buy Philips Sonicare electric toothbrushes: https://kuenzi.dev/toothbrush/
(more…)

electric toothbrush hacking philips
How to amuse your small geeks over Christmas | Matt Blaze: The Cryptography of Orphan Annie and Captain Midnight

2023/12/26 07:29:29 GMT

The Orphan Annie and Captain Midnight decoders were based on a combination of two basic cryptographic techniques – the Caesar cipher and the fully permuted monoalphabetic substitution cipher. https://www.mattblaze.org/blog/badges/
(more…)

encryption
The discreet charm of the perfect martini | BFI | …on martinis

2023/12/26 07:02:21 GMT

make sure the ice is about twenty degrees below zero (centigrade). Don’t take anything out until your friends arrive; then pour a few drops of Noilly Prat and half a demitasse spoon of Angostura bitters over the ice. Stir it, then pour it out, keeping only the ice, which retains a faint taste of both.
(more…)

gin martini
The Fight Over Apple’s iMessage and Those Green Bubbles | between eIDAS & blue/green bubbles, regulators apparently want to declare war on “Tech” expressing self-opinion about privacy & security

2023/12/25 22:19:01 GMT

Seriously, if regulators start dipping into forcing companies to paint a bubble green or blue, or to put a dubious certificate in someone’s face, this is squarely an attack upon technical expression of user trust. https://www.wsj.com/tech/personal-tech/the-fight-over-apples-imessage-and-those-green-bubbles-0ad95088 Archived at: https://archive.is/2023.12.22-164023/https://www.wsj.com/tech/personal-tech/the-fight-over-apples-imessage-and-those-green-bubbles-0ad95088
(more…)

eidas imessage privacy