#Hacking

Último #Curso Virtual de #Informática #Forense del año 2023. (Gratis mi Libro Fundamentos de Forense Digital) Domingos 8, 15, 22 y 29 de Octubre. De 9:00 am a 12:00 pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Información https://www.reydes.com/d/?q=Curso_de_Informatica_Forense

Investigating The Fourth Passive Component

When first learning about and building electronic circuits, the first things all of us come across are passive components such as resistors, capacitors, and inductors. These have easily-understandable properties and …read more
#hacking #projects
https://hackaday.com/2023/09/27/investigating-the-fourth-passive-component/

Explore Linux Space Time

If you’ve ever wondered how much memory a process uses, you’ve probably used a form of task manager or system monitor. System monitors can be useful to identify resource hogs, …read more
#hacking #projects
https://hackaday.com/2023/09/27/explore-linux-space-time/

i need help i dont do art no good, and would like ideas to make this pretty. i can replicate code and make other ideas work into html.

#html #bugbounty #hacking #coding

Disponible el video del Webinar Gratuito: "Análisis Forense a Linux". #cybersecurity #hacking #readteam #bugbounty #forensics #osint ⏳ https://www.reydes.com/d/?q=videos_2022#wgafal 💻 https://www.youtube.com/watch?v=uAYAO1NnbX8

🚨Libwebp image library under attack! A new CVE-2023-5129 has emerged, scoring a maximum 10.0 on CVSS.

https://thehackernews.com/2023/09/new-libwebp-vulnerability-under-active.html

#cybersecurity #informationsecurity #hacking

⚠️ Beware of #ZenRAT! This new modular #malware strain targets Windows users through trojanized Bitwarden installers.

https://thehackernews.com/2023/09/new-zenrat-malware-targeting-windows.html

#cybersecurity #hacking

Discovering the Secrets Tactics of #XWorm:

#AnyRun's #malware analysts delve into its mechanics and evasion tactics, covering everything from virtualization detection to persistence.

https://thehackernews.com/2023/09/inside-code-of-new-xworm-variant.html

#cybersecurity #hacking #informationsecurity

🇷🇺 🇺🇦 #Russian hackers are striking #Ukraine more but the attacks aren't as ambitious as they were at start of war, #Ukrainian officials say.

https://www.bloomberg.com/news/newsletters/2023-09-27/russian-hackers-hit-ukraine-more-but-get-less-as-cyberwar-shifts

#russia #hacking #cyberattacks #russiaukrainewar

Testing Oxide Etchants for the Home Semiconductor Fab

Building circuits on a silicon chip is a bit like a game of Tetris — you have to lay down layer after layer of different materials while lining up holes …read more
#hacking #projects
https://hackaday.com/2023/09/27/testing-oxide-etchants-for-the-home-semiconductor-fab/

Watch out! CVE-2023-5129 in libwebp library affects millions applications – Source: securityaffairs.com https://ciso2ciso.com/watch-out-cve-2023-5129-in-libwebp-library-affects-millions-applications-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #SecurityAffairs #SecurityAffairs #CVE-2023-5129 #BreakingNews #SecurityNews #hackingnews #hacking #libwebp

DarkBeam leaks billions of email and password combinations – Source: securityaffairs.com https://ciso2ciso.com/darkbeam-leaks-billions-of-email-and-password-combinations-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #DataBreach #DarkBeam #dataleak #Security #hacking

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 27, 2023 at 02:38PM
.
TITLE:
Indiana Supreme Court revives suit against hospital
.
URL:
https://www.beckershospitalreview.com/cybersecurity/indiana-supreme-court-revives-suit-against-hospital.html

<p>The Indiana Supreme Court has <a href="https://public.courts.in.gov/Decisions/api/Document/Opinion?Id=z1YcQFgDFqwRlSundu0n7WfxAlkmBj6uDYOD4wWy7MUDc47gSbRbI_ilxueVE5iY0" target="_blank" rel="noopener">revived</a> part of a lawsuit against Indianapolis-based Community Health Network, which alleges that the health system disclosed a patient's medical information to a third party, who then posted the information to Facebook.&nbsp;</p>

.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Hackaday Prize 2023: An Anti-Tremor Handle, With No Electronics

Many of us will have seen the various active assistive devices which have appeared over the last few years to help people with a hand tremor. Probably the best known …read more
#hacking #projects
https://hackaday.com/2023/09/27/hackaday-prize-2023-an-anti-tremor-handle-with-no-electronics/

PARTENAIRES DE POLAR 2023: Propulsé par CrowdStrike

La 1ère édition de POLAR Conference ne serait pas possible sans nos partenaires: nous sommes donc heureux d'avoir avec nous CrowdStrike!

CrowdStrike protège les ressources humaines, les processus et les technologies qui soutiennent les entreprises modernes. Avec CrowdStrike, les clients bénéficient d'une protection supérieure, de meilleures performances, d'une complexité réduite et d'un retour sur investissement immédiat.

Pour en savoir plus sur la mission de la compagnie et sur leurs offres de service, visiter leur site web: https://lnkd.in/dWq7e5f

Psssss: VOUS POUVEZ ACHETER VOS BILLETS pour le 12 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://polarcon.ca/

#infosec #ciso #cisolife #cisoadvisor #cisoseries #cybersecurite #cybersecurity #canada #quebec #conference #cybersecuritymanagement #hacking #redteam #blueteam #management #summit #securityindustry #polarconference #polar2023 #polarqc

=====

POLAR 2023 SPONSORS: CrowdStrike

Our 1st edition of Polar Conference would not be possible without our sponsors. And this year, we are happy to have CrowdStrike!

CrowdStrike secures the most critical areas of risk – endpoints and cloud workloads, identity, and data – to keep customers ahead of today’s adversaries and stop breaches. With CrowdStrike, customers benefit from superior protection, better performance, reduced complexity and immediate time-to-value.

If your want to learn more about the company's mission and products, visit their website: https://lnkd.in/dWq7e5f

Psssss: YOU CAN BUY YOUR TICKET for October 12, 2023 at the Lévis Centre des Congrès ;) See our website for more info: https://polarcon.ca/en/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #sponsors

PARTENAIRES DE POLAR 2023: DoorDash

La 1ère édition de POLAR Conference ne serait pas possible sans nos partenaires: nous sommes donc heureux d'avoir avec nous DoorDash!

DoorDash est une entreprise technologique qui met en relation les consommateurs avec leurs entreprises locales préférées dans plus de 25 pays à travers le monde.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://www.doordash.com/

Psssss: VOUS POUVEZ ACHETER VOS BILLETS pour le 12 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://polarcon.ca/

#infosec #ciso #cisolife #cisoadvisor #cisoseries #cybersecurite #cybersecurity #canada #quebec #conference #cybersecuritymanagement #hacking #redteam #blueteam #management #summit #securityindustry #polarconference #polar2023 #polarqc

=====

POLAR 2023 SPONSORS: DoorDash

Our 1st edition of Polar Conference would not be possible without our sponsors. And this year, we are happy to have DoorDash!

DoorDash is a technology company that connects consumers with their favourite local businesses in more than 25 countries across the globe.

If your want to learn more about this company's mission, visit their website https://www.doordash.com/

Psssss: YOU CAN BUY YOUR TICKET for October 12, 2023 at the Lévis Centre des Congrès ;) See our website for more info: https://polarcon.ca/en/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #sponsors

PARTENAIRES DE POLAR 2023: Fortinet

La 1ère édition de POLAR Conference ne serait pas possible sans nos partenaires: nous sommes donc heureux d'avoir avec nous Fortinet !

Fortinet et ses solutions de cybersécurité sont conçues dès le départ dans une optique d’intégration et d’automatisation, permettant des opérations plus efficaces et auto-réparatrices et une réponse rapide aux menaces connues et inconnues.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://www.fortinet.com/

Psssss: VOUS POUVEZ ACHETER VOS BILLETS pour le 12 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://polarcon.ca/

#infosec #ciso #cisolife #cisoadvisor #cisoseries #cybersecurite #cybersecurity #canada #quebec #conference #cybersecuritymanagement #hacking #redteam #blueteam #management #summit #securityindustry #polarconference #polar2023 #polarqc

=====

POLAR 2023 SPONSORS: Fortinet

Our 1st edition of Polar Conference would not be possible without our sponsors. And this year, we are happy to have Fortinet !

Fortinet cybersecurity solutions are built from the ground up with integration and automation in mind, enabling more efficient, self-healing operations and a rapid response to known and unknown threats.

If your want to learn more about this company's mission, visit their website https://www.fortinet.com/

Psssss: YOU CAN BUY YOUR TICKET for October 12, 2023 at the Lévis Centre des Congrès ;) See our website for more info: https://polarcon.ca/en/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #sponsors

PARTENAIRES DE POLAR 2023: HackerOne

La 1ère édition de POLAR Conference ne serait pas possible sans nos partenaires: nous sommes donc heureux d'avoir avec nous HackerOne!

La plateforme de résistance aux attaques de HackerOne combine l’expertise en sécurité des hackers éthiques avec la découverte d’actifs, l’évaluation continue et l’amélioration des processus pour réduire l’exposition aux menaces et permettre aux organisations de transformer leurs activités en toute confiance.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://www.hackerone.com

Psssss: VOUS POUVEZ ACHETER VOS BILLETS pour le 12 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://polarcon.ca/

#infosec #ciso #cisolife #cisoadvisor #cisoseries #cybersecurite #cybersecurity #canada #quebec #conference #cybersecuritymanagement #hacking #redteam #blueteam #management #summit #securityindustry #polarconference #polar2023 #polarqc

=====

POLAR 2023 SPONSORS: HackerOne

Our 1st edition of Polar Conference would not be possible without our sponsors. And this year, we are happy to have HackerOne!

HackerOne’s Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence.

If your want to learn more about this company's mission, visit their website https://www.hackerone.com

Psssss: YOU CAN BUY YOUR TICKET for October 12, 2023 at the Lévis Centre des Congrès ;) See our website for more info: https://polarcon.ca/en/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #sponsors

PARTENAIRES DE POLAR 2023: Kroll

La 1ère édition de POLAR Conference ne serait pas possible sans nos partenaires: nous sommes donc heureux d'avoir avec nous Kroll!

En tant que premier fournisseur indépendant de solutions de conseil en matière de risque et de finance, Kroll s'appuie sur ses connaissances, ses données et sa technologie uniques pour aider ses clients à rester à l'avant-garde des demandes complexes.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://www.kroll.com

Psssss: VOUS POUVEZ ACHETER VOS BILLETS pour le 12 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://polarcon.ca/

#infosec #ciso #cisolife #cisoadvisor #cisoseries #cybersecurite #cybersecurity #canada #quebec #conference #cybersecuritymanagement #hacking #redteam #blueteam #management #summit #securityindustry #polarconference #polar2023 #polarqc

=====

POLAR 2023 SPONSORS: Kroll

Our 1st edition of Polar Conference would not be possible without our sponsors. And this year, we are happy to have Kroll!

As the leading independent provider of risk and financial advisory solutions, Kroll leverages its unique knowledge, data and technology to help clients stay ahead of complex demands.

If your want to learn more about this company's mission, visit their website https://www.kroll.com

Psssss: YOU CAN BUY YOUR TICKET for October 12, 2023 at the Lévis Centre des Congrès ;) See our website for more info: https://polarcon.ca/en/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #sponsors

Answering my web #AppSec interview question from the other day!

Question 47: Name some user account enumeration techniques.

1. Error/success messages on login / registration / forgot password pages.
2. Insecure Direct Object References.
3. Timing Attacks (e.g. login).
4. Excessive data exposure on APIs (e.g. /v1/users).

#InfoSec #Cybersecurity #BugBounty #Hacking

PARTENAIRES DE POLAR 2023: Micro Logic

La 1ère édition de POLAR Conference ne serait pas possible sans nos partenaires: nous sommes donc heureux d'avoir avec nous Micro Logic!

Micro Logic est une entreprise québécoise qui produit Projet Cirrus, un cloud souverain de classe mondiale qui permet de se distinguer par la sécurité et la souveraineté des données, assujetti aux lois et à la règlementation du territoire canadien.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://micrologic.ca/

Psssss: VOUS POUVEZ ACHETER VOS BILLETS pour le 12 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://polarcon.ca/

#infosec #ciso #cisolife #cisoadvisor #cisoseries #cybersecurite #cybersecurity #canada #quebec #conference #cybersecuritymanagement #hacking #redteam #blueteam #management #summit #securityindustry #polarconference #polar2023 #polarqc

=====

POLAR 2023 SPONSORS: Micro Logic

Our 1st edition of Polar Conference would not be possible without our sponsors. And this year, we are happy to have Micro Logic!

Micro Logic is a Quebec company that produces Project Cirrus, a world-class sovereign cloud that distinguishes itself through security and data sovereignty, subject to the laws and regulations of Canadian territory.

If your want to learn more about this company's mission, visit their website https://micrologic.ca/en/

Psssss: YOU CAN BUY YOUR TICKET for October 12, 2023 at the Lévis Centre des Congrès ;) See our website for more info: https://polarcon.ca/en/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #sponsors

PARTENAIRES DE POLAR 2023: Tenable

La 1ère édition de POLAR Conference ne serait pas possible sans nos partenaires: nous sommes donc heureux d'avoir avec nous Tenable!

En tant que créateur de Nessus®, Tenable a étendu son expertise en matière de vulnérabilités pour offrir la première plateforme au monde permettant de voir et de sécuriser n'importe quel actif numérique sur n'importe quelle plateforme informatique.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://www.tenable.com/

Psssss: VOUS POUVEZ ACHETER VOS BILLETS pour le 12 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://polarcon.ca/

#infosec #ciso #cisolife #cisoadvisor #cisoseries #cybersecurite #cybersecurity #canada #quebec #conference #cybersecuritymanagement #hacking #redteam #blueteam #management #summit #securityindustry #polarconference #polar2023 #polarqc

=====

POLAR 2023 SPONSORS: Tenable

Our 1st edition of Polar Conference would not be possible without our sponsors. And this year, we are happy to have Tenable!

As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world's first platform to see and secure any digital asset on any computing platform.

If your want to learn more about this company's mission, visit their website https://www.tenable.com/

Psssss: YOU CAN BUY YOUR TICKET for October 12, 2023 at the Lévis Centre des Congrès ;) See our website for more info: https://polarcon.ca/en/

PARTENAIRES DE POLAR 2023: Tenable

La 1ère édition de POLAR Conference ne serait pas possible sans nos partenaires: nous sommes donc heureux d'avoir avec nous Tenable!

En tant que créateur de Nessus®, Tenable a étendu son expertise en matière de vulnérabilités pour offrir la première plateforme au monde permettant de voir et de sécuriser n'importe quel actif numérique sur n'importe quelle plateforme informatique.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://www.tenable.com/

Psssss: VOUS POUVEZ ACHETER VOS BILLETS pour le 12 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://polarcon.ca/

#infosec #ciso #cisolife #cisoadvisor #cisoseries #cybersecurite #cybersecurity #canada #quebec #conference #cybersecuritymanagement #hacking #redteam #blueteam #management #summit #securityindustry #polarconference #polar2023 #polarqc

=====

POLAR 2023 SPONSORS: Tenable

Our 1st edition of Polar Conference would not be possible without our sponsors. And this year, we are happy to have Tenable!

As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world's first platform to see and secure any digital asset on any computing platform.

If your want to learn more about this company's mission, visit their website https://www.tenable.com/

Psssss: YOU CAN BUY YOUR TICKET for October 12, 2023 at the Lévis Centre des Congrès ;) See our website for more info: https://polarcon.ca/en/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #sponsors

You’ve Got Mail: Faster and Faster We Go

When we last left the post office, they had implemented OCR to read even the sloppiest of handwriting. And to augment today’s 99% accuracy rate, there’s a center full of …read more
#hacking #projects
https://hackaday.com/2023/09/27/youve-got-mail-faster-and-faster-we-go/

EVMs and the Need for Greater Electoral Transparency

Given the critical role of EVMs in India's elections, it is essential to have a transparent process for examining the inner workings of such machines.

https://thewire.in/tech/evms-and-the-need-for-greater-electoral-transparency

#EVMs #ElectronicVotingMachines #elections #transparency #SupremeCourt #ECI #ElectionCommission #security #SecurityAudits #hacking #DEFCON #india

While I know I don't have lots of reach here, I did want to share that during some time off from work I started a project/company called 'common ground."

It is entirely focused on helping support and build the ecosystem of cybersecurity here in Mexico. We've been able to support two different conferences already since June of this year. We also have some really fun and exciting partnerships we will be announcing in the following weeks.

If you want to follow more, I don't have a fancy website yet-- but I am on LinkedIn

https://www.linkedin.com/company/common-ground-security/

#mexico #guadalajara #hacking #infosec #community

PARTENAIRES DU HACKFEST 2023: Palo Alto Networks

La prochaine édition du Hackfest - Back to the Future ne serait pas possible sans nos partenaires. Et cet année, nous sommes heureux d'avoir avec nous Palo Alto Networks!

Le Centre des Opérations Réseau (NOC) se dresse comme une forteresse de haute sécurité, d’une disponibilité inébranlable, opérant dans l’une des arènes les plus exigeantes au monde : l’événement Hackfest. La réalisation de cet exploit remarquable est le fruit d’un effort collectif, combinant l’expertise des spécialistes de la cyberdéfense de Palo Alto Networks, tous placés sous la direction des estimés responsables de l’équipe NOC du Hackfest.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://www.paloaltonetworks.com/

Psssss: VOUS POUVEZ MAINTENANT ACHETER VOS BILLETS pour les 13-14 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://hackfest.ca/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #cybersécurité #sponsors

=====

HACKFEST 2023 SPONSORS: Palo Alto Networks

Our next edition, Hackfest - Back to the Future, would not be possible without our sponsors. And this year, we are happy to have Palo Alto Networks!

The Network Operations Center (NOC) stands as a fortress of high-security, unwavering availability, operating in one of the world’s most demanding arenas: the Hackfest event. Achieving this remarkable feat is a collective effort, combining the expertise of cyber defense specialists of Palo Alto Networks, all under the leadership of Hackfest’s esteemed NOC Team Leads.

If your want to learn more about this company's mission, visit their website https://www.paloaltonetworks.com/

Psssss: YOU CAN BUY YOUR TICKET NOW for October 13-14, 2023 at the Congress Center of Lévis ;) See our website for more info: https://hackfest.ca/en/

PARTENAIRES DU HACKFEST 2023: No Starch Press

La prochaine édition du Hackfest - Back to the Future ne serait pas possible sans nos partenaires. Et cet année, nous sommes heureux d'avoir avec nous No Starch Press!

No Starch Press publie le meilleur du divertissement geek: nous nous concentrons sur la programmation informatique, la sécurité, le piratage, les systèmes d’exploitation alternatifs, les STIM et les LEGO.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://nostarch.com

Psssss: VOUS POUVEZ MAINTENANT ACHETER VOS BILLETS pour les 13-14 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://hackfest.ca/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #cybersécurité #sponsors

=====

HACKFEST 2023 SPONSORS: No Starch Press

Our next edition, Hackfest - Back to the Future, would not be possible without our sponsors. And this year, we are happy to have No Starch Press!

No Starch Press publishes the finest in geek entertainment: we focus on computer programming, security, hacking, alternative operating systems, STEM, and LEGO.

If your want to learn more about this company's mission, visit their website https://nostarch.com

Psssss: YOU CAN BUY YOUR TICKET NOW for October 13-14, 2023 at the Congress Center of Lévis ;) See our website for more info: https://hackfest.ca/en/

PARTENAIRES DU HACKFEST 2023: Amazon Web Services (AWS)

La prochaine édition du Hackfest - Back to the Future ne serait pas possible sans nos partenaires. Et cet année, nous sommes heureux d'avoir avec nous AWS!

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://aws.amazon.com

Psssss: VOUS POUVEZ MAINTENANT ACHETER VOS BILLETS pour les 13-14 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://hackfest.ca/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #cybersécurité #sponsors

=====

HACKFEST 2023 SPONSORS: AWS

Our next edition, Hackfest - Back to the Future, would not be possible without our sponsors. And this year, we are happy to have AWS!

If your want to learn more about this company's mission, visit their website https://aws.amazon.com

Psssss: YOU CAN BUY YOUR TICKET NOW for October 13-14, 2023 at the Congress Center of Lévis ;) See our website for more info: https://hackfest.ca/en/

String Art Build Uses CNC to Make Stringy Art

String art is as old as, well, string and something to hang it from. But, like most things, it gets more enjoyable when you involve a CNC. [Paul MH] went …read more
#hacking #projects
https://hackaday.com/2023/09/27/string-art-build-uses-cnc-to-make-stringy-art/

"VulnCheck's CTO examines CVE-2023-36845, revealing a new path to code execution that doesn't require a file upload and outlining how the vulnerability alone can achieve remote, unauthenticated code execution."

https://vulncheck.com/blog/juniper-cve-2023-36845

#hacking #pentesting #redteam #juniper #cve202336845 #cve_2023_36845

I live in a ground floor condo. My front door is about 20 feet away from a community bench situated in a "park".

It's only 70º and really nice outside so my front door is open.

Right now there is a lady sitting on the bench smoking a cigarette and making hacking sounds like she's about to lose one or both lungs.

#Smoking #Hacking #LungDisease

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 27, 2023 at 11:00AM
.
TITLE:
Email cyberattacks way up at hospitals
.
URL:
https://www.beckershospitalreview.com/cybersecurity/email-cyberattacks-way-up-at-hospitals.html

<p>Cyberattacks through emails are way up at hospitals and health systems in 2023, software company Abnormal Security <a href="https://abnormalsecurity.com/blog/healthcare-organizations-email-attacks-2023" target="_blank" rel="noopener">reported</a>.</p>

.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Kurz informiert: Klage Amazon, Förderprogramm, SAP und Joule, Sony-Hack

Unser werktäglicher News-Überblick fasst die wichtigsten Nachrichten des Tages kurz und knapp zusammen.

https://www.heise.de/news/Kurz-informiert-Klage-Amazon-Foerderprogramm-SAP-und-Joule-Sony-Hack-9318803.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Amazon #FederalTradeCommission #Hacking #kurzinformiert #SAP #Sony #news

Forensics Wiki (Wiki sobre Forense) - https://www.reydes.com/d/?q=Forensics_Wiki_Wiki_sobre_Forense 📌 #cybersecurity #hacking #readteam #bugbounty #forensics #osint

Do Bounties Hurt FOSS?

As with many things in life, motivation is everything. This also applies to the development of software, which is a field that has become immensely important over the past decades. …read more
#hacking #projects
https://hackaday.com/2023/09/27/do-bounties-hurt-foss/

PARTENAIRES DU HACKFEST 2023: HackerOne

La prochaine édition du Hackfest - Back to the Future ne serait pas possible sans nos partenaires. Et cet année, nous sommes heureux d'avoir avec nous HackerOne!

La plateforme de résistance aux attaques de HackerOne combine l’expertise en sécurité des hackers éthiques avec la découverte d’actifs, l’évaluation continue et l’amélioration des processus pour réduire l’exposition aux menaces et permettre aux organisations de transformer leurs activités en toute confiance.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://www.hackerone.com

Psssss: VOUS POUVEZ MAINTENANT ACHETER VOS BILLETS pour les 13-14 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://hackfest.ca/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #cybersécurité #sponsors

=====

HACKFEST 2023 SPONSORS: HackerOne

Our next edition, Hackfest - Back to the Future, would not be possible without our sponsors. And this year, we are happy to have HackerOne!

HackerOne’s Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence.

If your want to learn more about this company's mission, visit their website https://www.hackerone.com

Psssss: YOU CAN BUY YOUR TICKET NOW for October 13-14, 2023 at the Congress Center of Lévis ;) See our website for more info: https://hackfest.ca/en/

The Biggest AI Trends in Cybersecurity. It's not just marketing spin anymore. There's an AI arms race shaping up between the security industry and cybercriminals.
https://www.cnet.com/tech/services-and-software/the-biggest-ai-trends-in-cybersecurity/
#securityaffairs #hacking #cybersecurity

PARTENAIRES DU HACKFEST 2023: Coveo

La prochaine édition du Hackfest - Back to the Future ne serait pas possible sans nos partenaires. Et cet année, nous sommes heureux d'avoir avec nous Coveo!

Coveo est une entreprise québécoise, pionnière de la recherche et des recommandations propulsées par l’intelligence artificielle.

Pour en savoir plus sur la mission de cette compagnie, visiter leur site web: https://www.coveo.com

Psssss: VOUS POUVEZ MAINTENANT ACHETER VOS BILLETS pour les 13-14 Octobre 2023 au Lévis Centre des congrès ;) Plus d'info sur notre site web: https://hackfest.ca/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #cybersécurité #sponsors

=====

HACKFEST 2023 SPONSORS: Coveo

Our next edition, Hackfest - Back to the Future, would not be possible without our sponsors. And this year, we are happy to have Coveo!

Coveo is a Quebec-based company, pioneer in AI-powered search and recommendations.

If your want to learn more about this company's mission, visit their website https://www.coveo.com

Psssss: YOU CAN BUY YOUR TICKET NOW for October 13-14, 2023 at the Congress Center of Lévis ;) See our website for more info: https://hackfest.ca/en/

i have no idea how to use this tool i made anymore. hmmmmm sometimes i regret not doing documentation lol

#hacking #coding #meme

I know it does something but what?

Filmmakers Distribute Fake Movie Leak to Tease Pirates
The Indian media is buzzing over a 'leak' of the comedy movie "Fukrey 3," which is scheduled for an official premiere later this week. While several news outlets are in on the joke, prospective pirates will be disappointed.
https://torrentfreak.com/filmmakers-distribute-fake-movie-leak-to-tease-pirates-230926/
#securityaffairs #hacking

Russia’s Manga Pirates Face Publisher’s Lawsuit & Increasing State Censorship
After failing to take action following complaints from a new manga platform established in Russia by South Korea, manga piracy site ReManga will reportedly face legal action.
https://torrentfreak.com/russias-manga-pirates-face-publishers-lawsuit-increasing-state-censorship-230926/
#securityaffairs #hacking

PARTENAIRES DU HACKFEST 2023: Henri & Wolf

La prochaine édition du Hackfest - Back to the Future ne serait pas possible sans nos partenaires. Et cet année, nous sommes heureux d'avoir avec nous Henri & Wolf!

Henri & Wolf est un cabinet d’avocats spécialisé dans la résolution de problèmes juridiques complexes liés à la technologie, à la sécurité des données et à la gouvernance. Notre réseau multidisciplinaire d’experts qualifiés et expérimentés en droit, en ingénierie de la sécurité, en protection de la vie privée et en sécurité des logiciels offre à nos clients des capacités de résolution de problèmes et des services de gestion des risques juridiques.

Pour en savoir plus sur la mission de cette compagnie, visiter leur page LinkedIn: https://lnkd.in/enNB4H5q

Psssss: VOUS POUVEZ MAINTENANT ACHETER VOS BILLETS pour les 13-14 Octobre 2023 au @Centre des Congrès de Lévis Plus d'info sur notre site web: https://hackfest.ca/

#hacking #infosec #hackfest #hf15 #hf2023 #cybersecurity #cybersécurité #sponsors

=====

HACKFEST 2023 SPONSORS: Henri & Wolf

Our next edition, Hackfest - Back to the Future, would not be possible without our sponsors. And this year, we are happy to have Henri & Wolf!

Henri & Wolf is a boutique law firm dedicated to resolving technology, data security and governance complex legal issues. Our multidisciplinary network of qualified and experienced experts in law, security engineering, privacy, and software security provide our clients with problem-solving capabilities and legal risk management services.

If your want to learn more about this company's mission, visit their LinkedIn page https://lnkd.in/enNB4H5q

Psssss: YOU CAN BUY YOUR TICKET NOW for October 13-14, 2023 at the Congress Center of Lévis See our website for more info: https://hackfest.ca/en/

Lükex 2023: Bundesweite Übung für großangelegten Cyberangriff hat begonnen

Alle paar Jahre testen Bund, Länder und Behörden in großangelegten Übungen ihr Krisenmanagement. Am Mittwoch und Donnerstag geht es jetzt um eine IT-Attacke.

https://www.heise.de/news/Luekex-2023-Bundesweite-Uebung-fuer-grossangelegten-Cyberangriff-hat-begonnen-9319008.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Cybercrime #Cyberwar #Hacking #news

Passive Components Get Better

When you want to talk about cool new components, you are probably thinking about chips or, these days, even modules. Passive components like resistors, capacitors, and inductors are a solved …read more
#hacking #projects
https://hackaday.com/2023/09/27/passive-components-get-better/

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 26, 2023 at 05:38PM
.
TITLE:
Another health system caught in Nuance breach
.
URL:
https://www.beckershospitalreview.com/cybersecurity/another-health-system-caught-in-nuance-breach.html

<p>WVU Medicine <a href="https://wvumedicine.org/news/article/important-information-to-know-nuance-communication-data-breach/" target="_blank" rel="noopener">said</a> data for a limited number of its patients was compromised due to a breach at Nuance Communications, a healthcare artificial intelligence company owned by Microsoft that the health system works with.&nbsp;</p>

.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

🕵🏻 "Cybercrime & White-Hat-Hacking" - https://rechtsbelehrung.com/119-cybercrime-hacking - Wann Hacking erlaubt ist, warum Hacker dennoch immer auf der Hut sein müssen und wie sie sich vor Strafverfolgung schützen können, erklären wir in der @rechtsbelehrung gemeinsam mit Johanna Voget, LL.M., wissenschaftliche Mitarbeiterin und Doktorandin am Institut für Informations-, Telekommunikations- und Medienrecht (ITM) der Uni Münster. 🎧

/w @monoxyd

#podcast #Rechtsbelehrung #cybercrime #hacking #whiteHatHacking

How interesting, #HunterBiden is suing Rudy #Giuliani for #hacking and manipulating #data on his #laptop https://www.axios.com/2023/09/26/hunter-biden-sues-rudy-giuliani-laptop #disinformation #cyber #propaganda @potemkinvillage

Kurz informiert: Sony-Attacke, Mini-AKW für Microsoft, ChatGPT, Reddit

Unser werktäglicher News-Überblick fasst die wichtigsten Nachrichten des Tages kurz und knapp zusammen.

https://www.heise.de/news/Kurz-informiert-Sony-Attacke-Mini-AKW-fuer-Microsoft-ChatGPT-Reddit-9317660.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Atomkraft #ChatGPT #Hacking #kurzinformiert #Microsoft #Reddit #Sony #news

Cybercrime: Sony angeblich von Ransomedvc komplett gehackt

Eine bislang unbekannte Ransomwaregang gibt an, Daten von Sony kopiert zu haben und diese zu verkaufen, wenn kein Lösegeld gezahlt wird.

https://www.heise.de/news/Cyberkriminelle-von-Ransomedvc-behaupten-Sony-komplett-gehackt-zu-haben-9316488.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Hacking #Security #Sony #news

🔥 Si tu LinkedIn pone "Aspirante a desarrollador", lo más probable es que los recruiters no te tomen en cuenta.

Si ya programas, hazte un favor y cámbialo a "Desarrollador Junior".

✅ Mejora tus oportunidades sin minimizar tus habilidades.

#developertips #developers #hacking

I swear, the weakest link in a Filipino's cybersecurity is the Philippine government.

Hackers demand $300,000 from Ph health insurer.

#HealthCare #Insurance #Hacking #Malware #Philippines #Tootsea #PhilHealth #Medusa #MedusaRansomware

https://www.noypigeeks.com/government/hackers-demand-usd300000-philhealth/

Infosec folks!

@qtc has too few followers.

He's a former colleague of mine and doesn't post much, but when he does, it's either the release of one of his groundbreaking tools, cutting-edge research, or both.

This is a definite follow recommendation!

#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking

Got an old Android phone - like, really old, probably a Sony Xperia Z1 - that doesn't has a Recovery yet, got no wifi connection and is locked with a PIN. Interesting.

Might need a Nethunter device to bruteforce into this one (the previous owner is okay with it, found in attic). Although it got one of those physical camera buttons, I could swear there was an exploit to get full access on Android 4 and/or 5... 🤔 #hacking #electronics #android #smartphone #repair #Kali #Sony

Answering my web #AppSec interview question from yesterday!

Question 46: How would you recommend a customer fix an Insecure Deserialization vulnerability?

1. If possible, don't pass serialized data via user inputs at all.
2. Use "safe" serialization methods (e.g. JSON, Protobuf).
3. Digitally sign any serialized data, and verify the signature prior to deserializing it.
4. If applicable, perform type checks against deserialized data prior to using it.

#InfoSec #Cybersecurity #BugBounty #Hacking

I click on links in phishing emails so you don't have to!

Part 1: DHL Delivery 🧵

#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #Phishing #DHL

🚨UPDATE your #Apple products now!

We @citizenlab w/TAG's @maddiestone caught #predator #spyware attacks against a prominent pro-democracy Egyptian politician after he announced presidential ambitions.

Apple rushed a patch.

Attacks used network injection to drop the 3 #zeroday chain on his #iphone

We attribute the tech used for the injection to #sandvine's packetlogic.

#cybersecurity #infosec #hacking #egypt

https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/

Some interesting corroboration of the Conti ransomware leaks and some details of FBI attempts to track down the emotet botnet and malware infrastructure operators.
#hacking #history
https://www.cnn.com/2023/09/22/politics/fbi-cybercrime-hackers-ukraine/index.html

I’ve always been curious about this incident and so filed a number of #FOIA requests with the FBI as they were mentioned in the media as investigating, three or four requests were rejected until I received two documents today.
#hacking #history

Answering my web #AppSec interview question from yesterday!

Question 45: What are some questions you would ask a customer during a web app pentest scoping call?

Many questions would depend on a demo of the application, however here are a few general ones:

1. How much functionality does the app contain (e.g. no. of "pages")?
2. How complex is the functionality (e.g. any learning curves, lengthy processes, etc.)?
3. How many different roles are there / should be tested?
4. Which environment is being tested (e.g. dev, staging, prod)?
5. Do our accounts have access to test/dummy data?
6. Are there any access restrictions (e.g. VPN, IP block)?
7. Are there any custom protocols being used (e.g. proprietary encoding/encryption)?
8. Is there any rate limiting, WAF/IPS in place?
9. Are there any out of scope areas, or vulnerabilities which should not be tested (e.g. Denial of Service)?

#InfoSec #Cybersecurity #BugBounty #Hacking

The introduction to The Hacker’s Handbook, original 1985 edition, by Hugo Cornwall
#hacking #history

The WebP 0day

https://blog.isosceles.com/the-webp-0day

#bugbounty #hacking #infosec

Interested in #hacking, #socialengineering, #pentesting, #malware #development, #training and #helping people, #network #protocols, #ARM, good #food, and new #friends.

Also #retrogaming and #retrocomputing; #coding in #C, #C++, and #Perl, and guess that's about it these days but I can #code in 20+ languages; #TTRPGs as a DM/Storyteller/GM such as #DnD, #OSR, and #VtM ; #cooking; making #art like #painting and #watercolor; servers run #OpenBSD; fan of tinkering with #NetBSD; daily driver is #macOS; #horror and #scifi movies; and likely other things I'm forgetting.

Restarted learning #CommonLisp, too.

Fan of the #GratefulDead, #Phish, and #Goose.

My backlog of #hacking #history books to read has gotten totally out of control.

“Beating The System - Hackers, Phreakers and Electronic Spies” by Owen Bowcott and Sally Hamilton.

Answering my web #AppSec interview question from yesterday!

Question 44: You find XSS in an application, however the customer informs you that users should be able to submit HTML code. What advice would you give them to remain secure?

The easiest solution is likely to use an HTML sanitizer like DOMPurify with an allowlist of "safe" elements and attributes.

Another option is to use a separate "sandbox" domain to host the HTML code, displaying it using an iframe. Any JavaScript code will run in the security context of the sandbox and will not be able to affect the main application.

As an additional measure, a well-configured Content Security Policy can be used to instruct the browser to only run trusted JavaScript code.

#InfoSec #Cybersecurity #BugBounty #Hacking

We just sent out our first round of speaker acceptance emails!! Still have more reviews in the works, but the top ones were pretty unanimous from all our reviewers!! #BSidesChicago #hacking #CyberSecurity

A brief analysis of the #Tibber #Pulse bridge

#iot #hacking

https://blog.wyraz.de/allgemein/a-brief-analysis-of-the-tibber-pulse-bridge/

We're playing Pac-Man on the camera! 🕹📷

#computermuseum #computerhistory #slovenia #ljubljana #softwareheritage #digitalheritage #nostalgia #nostalgie #nostalgi #camera #vintage #vintagecomputer #vintagecomputing #retro #europee #retrocomputing #hack #hacks #hacking #hacker #vgm #pacman #retrogaming #kodak

Plump formuliert:
Wenn du bei der IT-Sicherheit sparst, weil du es als nicht all zu nötig betrachtest, dann wird der Hack teuer. Abgesehen davon kann dies aber auch an der Software mit "Lücken" liegen, die du nutzt.

»Der Cyberangriff hat uns insgesamt weit über 1 Million Franken gekostet«

🕵️ https://www.inside-it.ch/der-cyberangriff-hat-uns-insgesamt-weit-ueber-1-million-franken-gekostet-20230920

--
#it #sicherheit #hack #hacking #kosten #cyberangriff #millionen #itsicherheit

I just finished "A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend them Back" by Bruce Schneier.

He writes about #hacking as a subversion of systemic norms, expectations, and designs.

In the last couple of chapters on AI, he uses the term “countersubversion.”

My own personal label for the concept: #Superversive

However impressive the physical hardware such as the Saturn V rocket, all the modules and all cutting-edge technologies that were invented to make the #Apollo program possible, I still think that some of the most impressive work was done around the #software that ran on the Apollo Guidance Computer (AGC). Some of the highlights:

• RTOS operating system with batch job scheduler with co-operative scheduling.
• Virtual Machine (*1) to expand the primitive assembly of the AGC to enable complex operations such as: double precision trigonometry, vector arithmetic and matrix calculations. This implementation reduced the size of applications since most common operations would be executed as subroutines. Think of this as extending the CPU with microcode implemented opcodes.
• Flexible user interface with relatively easy adoption for common use patterns, while also allowing direct access to all memory and banging the metal if need be (as it turns out was needed during Apollo 14 mission *2).
• All the necessary software to actually needed for operations stored in 36,864 words of ROM.

The reliability requirements guided the design processes which in turn set requirements for the programming and testing techniques, which were then largely developed on the spot. I can only imagine the excitement you must have felt to having been involved in the process of creating these things and then seeing the moon landings take place several years later.

*1) It really isn't a virtualization in the modern sense. An software extended CPU would be more precise description perhaps.

*2) The issue with Apollo 14 was that the Lunar Module AGC would get false readings from a suspected faulty switch, constantly triggering the abort signal. If it would have happened during descent to the moon surface the abort would have triggered an automated return program, eliminating successful moon landing and ruining the mission. The software was indeed hardwired (ROM), so there was no way to disable the abort check. What could be done was to poke RAM in a way that the program thought that the abort process had already been initiated, making it avoid triggering it again. It did require some well-timed inputs from the astronauts however, since some of the poking had to be done within certain time window to avoid b0rking some other programs during the descent. The hack worked, and the LEM landed successfully.

Apollo 11 AGC source code for CSM and LEM: https://github.com/chrislgarry/Apollo-11/
Apollo 15 Manual for CSM and LEM AGC software: https://history.nasa.gov/alsj/a15/A15Delco.pdf

#spaceflight #NASA #hacking

bio #hacking is cool.. ..i've been intermittent #fasting for about 3 months now.. ..i only eat within a 6-8 hour window each day.. ..so far, here is what i've observed:
- i have way more energy throughout the day
- now i don't need/crave naps
- i feel mentally sharper
- i feel like i control food, and food doesn't control me
- i've bought/craved less processed food
- i've lost some weight (even though that was never my goal)

So some of you might remember this post (and the subsequent demonstration on national news) of using a voice cloning tool (AI, Audio Deep Fake) by @racheltobac

Link to post: https://infosec.exchange/@racheltobac/110963070495263373

(If you haven't seen it, go watch it. Rachel is amazing.)

I'd never needed to do a similar attack before, but! I was just tasked yesterday with researching it.

Asked some friends for a turn-key solution to clone voices. Got pointed to a website. Signed up for $1 a month (first month... then it goes to $5 a month thereafter).

Pulled some audio of my target's voice down from a youtube interview (a podcast works great too).

Only needed a minute's worth of audio.

Uploaded it to the website for cloning.

Typed out a quick script for the voice to read.

30 seconds later, I had my cloned audio.

It was so good, that it even included natural voice inflections AND!!! verbal pauses like umm's and uhh's that matched the target's original presentation. I can't tell the difference between the cloned voice and the original person.

Y'all... voice cloning and audio deep fakes are well past the ease of "script-kiddy" level. Anyone can do it.

#infosec #hacking #socialEngineering #scams #deepfake #AI #phishing #vishing

Sofort Updaten: Kritische Lücke in Gitlab

Eine kritische Sicherheitslücke bedroht die Enterprise-Anwender des Repository-Diensts Gitlab. Kunden sollten unverzüglich ein Update einspielen.

https://www.heise.de/news/Sofort-Updaten-Kritische-Luecke-in-Gitlab-9311249.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Git #Hacking #Sicherheitslücken #news

Cyberangriff: Offenbar Attacke auf den Internationalen Strafgerichtshof

Der Internationale Strafgerichtshof hat nach eigenen Angaben "anomale Aktivitäten in seinen IT-Systemen entdeckt". Weitere Informationen dazu gibt es nicht.

https://www.heise.de/news/Cybersecurity-Offenbar-Hackerangriff-auf-den-Internationalen-Strafgerichtshof-9311025.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Cybersecurity #Hacking #Security #news

Casino-Hacker haben neben MGM und Caesars drei weitere Unternehmen angegriffen

Die Cyberkriminellen hinter den Casino-Angriffen haben jüngst auch drei Firmen anderer Branchen attackiert. Hier wurde ebenfalls Social Engineering eingesetzt.

https://www.heise.de/news/Casino-Hacker-haben-neben-MGM-und-Caesars-drei-weitere-Unternehmen-angegriffen-9310513.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Cybercrime #Cybersecurity #Datenklau #Glücksspiel #Hacking #Ransomware #Security #news

Was soll ich dazu noch sagen? Es ist leider so aber meiner Meinung noch zu oft. z.B. meinen viele noch, bei denen die nur Windows Anwendungen bräuchten dabei dringend nur Win-Server nötig sind 🤦‍♂️

»Studie zu Cybersicherheit - KMU unterschätzen die Gefahr von Hackerangriffen:
Viele KMU nehmen die Cyberkriminalität weiterhin zu wenig ernst. Eine neue Studie bestätigt die riskante Sorglosigkeit.«

🔊 https://www.srf.ch/news/wirtschaft/studie-zu-cybersicherheit-kmu-unterschaetzen-die-gefahr-von-hackerangriffen

--
#sicherheit #hacking #schweiz #pc #kmu #cyber #cyberkriminalitat

Mobile Gopher Client Brings Fossil Wrist PDA Online

Like many new technologies, smartwatches needed a few iterations before they became useful enough for the average person. Early examples were too clunky and limited to be of use to …read more
#hacking #projects
https://hackaday.com/2023/09/18/mobile-gopher-client-brings-fossil-wrist-pda-online/

Reunion Mensual de 2600 Madrid

https://eventos.hispagatos.org/events/c4f6d019-3a18-46dd-ba18-c6034239aa38

Just went live on Twitch! Come hack with us!

https://www.twitch.tv/0xtib3rius

#InfoSec #Cybersecurity #Hacking

Answering my web #AppSec interview question from yesterday!

Question 43: Describe some potential CAPTCHA weaknesses.

1. Replay attacks - using a previously confirmed correct answer.
2. Improper input validation - removing or blanking CAPTCHA-related parameters.
3. Leaked answers - the correct answer appears somewhere in the source code (I once found a CAPTCHA which worked by using CSS to distort text 🙄).
4. Low entropy - if the set of possible answers is too small, a brute-force attack may work.
5. Machine learning susceptible - with enough training data, a computer can solve the CAPTCHA.

#InfoSec #Cybersecurity #BugBounty #Hacking

HackMeeting 2023 en Hospitalet de Llobregat.

https://victorhckinthefreeworld.com/2023/09/18/hackmeeting-2023-en-hospitalet-de-llobregat/

by @victorhck #hacking

Pro-Palestine hacktivist group Cyber Aveng3rs claim to have disrupted Israeli train services two days ago.
#hacking #history

Answering my web #AppSec interview question from yesterday!

Question 42: Describe three "403 Forbidden" bypass techniques.

1. Using different HTTP methods (e.g. POST instead of GET), or using "method override" headers / URL parameters (e.g. X-HTTP-Method) if a back-end server supports them.
2. Using "Client Origin" HTTP headers (e.g. X-Forwarded-For) to forge our source IP address, bypassing IP-based blocklists.
3. Manipulating the URL path using directory traversal, case modification, adding characters, or double-URL encoding.

#InfoSec #Cybersecurity #BugBounty #Hacking

#Hacking & #Hackers picks of the day:

(NOTE: this is "hacking" in sense of exploring technology and using it in new ways, not criminal stuff)

➡️ @2600 - US #hacker magazine founded in 1984

➡️ @hacdc - Hacker space in Washington DC

➡️ @rysiek - IT expert, good guy hacker, activist

➡️ @alxd - Hacker, educator, co-author of Solarpunk Prompts podcast

➡️ @milliways - Volunteer group supplying food, drink, infrastructure to hacker camps

➡️ @hackers_gifs - Bot posting stills from film Hackers (1995)

Answering my web #AppSec interview question from yesterday!

Question 41: Describe two output encoding techniques and the context in which they should be used to mitigate Cross-site Scripting.

Here's the three most common:

1. Encoding for HTML contexts involves converting the following characters into HTML entities: & < > " '
2. Encoding for HTML attribute contexts is the same, provided all attribute values are quoted correctly. If not, all non-alphanumeric characters should be converted to HTML entities.
3. Encoding for JavaScript contexts involves converting all non-alphanumeric characters into the Unicode encoding format (e.g. \u0022).

#InfoSec #Cybersecurity #BugBounty #Hacking

Look what arrived today, the original (?) 1985 edition of The Hacker’s Handbook by Hugo Cornwall.
#hacking #hacker #history #histodons

Preserving Floppy Disks

Time is almost up for magnetic storage from the 80s and 90s. Various physical limitations in storage methods from this era are conspiring to slowly degrade the data stored on …read more
#hacking #projects
https://hackaday.com/2023/09/15/preserving-floppy-disks/

How to identify a #hacker, part of an article entitled "#Hacking it" by Ian Robinson, The Leader-Post, 21st January, 1984
#history #histodons

Find That Obscure Function With This Interactive Map Of The Linux Kernel

Linux has become one of the largest operating systems on the servers that run large websites, and hopefully, one day, it will be big in the desktop market too. Some …read more
#hacking #projects
https://hackaday.com/2023/09/14/find-that-obscure-function-with-this-interactive-map-of-the-linux-kernel/

Block ads on your networks now.

The system designed to follow us around the net with ads is now a blinking #nationalsecurity & #humanrights threat.

And the incentives are all wrong. From platforms to publishers & ad networks they've spent every effort to make sure those ads get to our devices.

Now, predictably, the tech is going to dictators & being used to hack us.

#cybersecurity #hacking #spyware #malware #surveillance #advertising
Story: https://www.haaretz.com/israel-news/2023-09-14/ty-article-magazine/.highlight/revealed-israeli-cyber-firms-developed-an-insane-new-spyware-tool-no-defense-exists/0000018a-93cb-de77-a98f-ffdf2fb60000

In the words of Marcel DuChamp "To art is to do", and you, hackers, have been doing a lot.

#unix_surrealism #technomage #hacker #hackers #hacking #foss #linux #fediart #mastoart @rms

I got a new RF toy keychain. It can passively tell if it’s a 125KHz RFID or 13.56 MHz NFC reader. It’s a dumb device otherwise just for easy identification and even troubleshooting
#hacking #radio #rfid #nfc #infosec #cybersecurity #electronics

Looks like @mpgn is dropping from the CrackMapExec project.

I wish him and his family well. Amazing work was done and hope his future is bright, restful, and fulfilling!

Cheers, mpgn!

#infosec #hacking #crackMapExec

https://www.crackmapexec.wiki/news/good-bye-everyone

A #hacking song recounted by the author of the "The New #hackers Handbook" (1986) Huge Cornwall in an article in the Sydney Morning Herald in October of 1989.
#history #histodons

Passwortmanager: LastPass-Hacker scheinen Kennworttresore zu knacken

Cyberkriminelle haben vergangenes Jahr LastPass-Kennworttresore kopiert. Nun scheinen sie diese zu knacken und Krypto-Wallets leerzuräumen.

https://www.heise.de/news/Passwortmanager-LastPass-Hacker-scheinen-Kennworttresore-zu-knacken-9300583.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Hacking #Passwörter #news

This is how #hacking really works, BTW...

Because I didn’t want to write my presentation, that I’m still behind schedule developing, I decided to take apart my folding exercise bike to see if I can make a pedal generator from it.

Initial peeks lead to a yes, I’m just waiting on a crank puller so I can finish taking it apart without destroying it.

#making #hacking #ProductiveProcrastination

APPLE PRODUCT OWNERS READ IMMEDIATELY

A serious zero-click vulnerability was discovered in all Apple products (iPhone, iPad, MacOS, etc) that is being actively exploited in the wild. It does not require any user action to compromise a device!

Apple has now published patches for all devices. Go get them RIGHT NOW.

Details of vulnerability: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Fixed OS versions:

iOS 16.6.1
iPadOS 16.6.1
watchOS 9.6.2
macOS Ventura 13.5.2

#Apple #infosec #security #safety #hacking #Mac #iPhone #iPad #software #malware

Cerabyte: One Terabyte Per Square Centimeter

Most of us will at one point have run out of storage and either had to buy a larger driver or delete some of those precious files. This problem can …read more
#hacking #projects
https://hackaday.com/2023/09/08/cerabyte-one-terabyte-per-square-centimeter/

Trickbot-Malware: USA und Großbritannien verhängen Sanktionen gegen mehr Russen

Die USA und Großbritannien ziehen mehr mutmaßliche Cyberkriminelle aus der Anonymität. Gegen mehrere Russen wurden Sanktionen verhängt und Anklagen eingereicht.

https://www.heise.de/news/Trickbot-Malware-USA-und-Grossbritannien-verhaengen-Sanktionen-gegen-mehr-Russen-9298641.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Cybercrime #Malware #Ransomware #Hacking #Sanktionen #news

Answering my web #AppSec interview question from yesterday!

Question 40: In what ways could an open redirect be exploited?

1. A victim could be redirected to a malicious copy of the site and not notice, since the original URL was for the legitimate site.
2. If chained with an SSRF, it could be used to bypass URL validation and reach otherwise prohibited targets.
3. If chained with a misconfigured OAuth setup, it could be used to steal access tokens.
4. If the redirect uses the Location response header, we may be able to perform CRLF injection.

#InfoSec #Cybersecurity #BugBounty #Hacking

BREAKING: #Poland's Senate investigation into #Pegasus hacking released.

Found "gross violations of constitutional standards"

Says 2019 elections where #Pegasus was used against opposition leadership were not fair.

Says procurement & use of Pegasus was illegal under Polish law & asks prosecutor to investigate current and former ministers.

#polska #pis #spyware #cybersecurity #hacking

(Pics: Machine translated) Report:
https://www.senat.gov.pl/aktualnoscilista/art,15764,komisja-nadzwyczajna-ds-inwigilacji-przyjela-raport-ze-swoich-prac.html

Android has a worrying security flaw, so users need to update now

'The latest monthly Android security update has addressed a zero-day vulnerability allegedly being abused in the wild.'

#technology #tech #security #privacy #hacking #malware #Android

https://www.techradar.com/pro/security/android-has-a-worrying-security-flaw-so-users-need-to-update-now