Kevin Russell<p>Malicious compliance.<br>When they're ordered to stop hitting you, so they start kicking you.</p><p>"Apple Is Selling iPad Repair Parts for Astronomical Prices"</p><p>"I don't know why you're angry, you said make phones repairable. La la la, can't hear you! La la la LA!"<br>___</p><p>Apple owes about a trillion dollars in skipped taxes. Also. As well. On top.<br>(They pretend to be a small Irish Company, no joke)</p><p><a href="https://apple.slashdot.org/story/25/07/31/193224/apple-is-selling-ipad-repair-parts-for-astronomical-prices" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apple.slashdot.org/story/25/07</span><span class="invisible">/31/193224/apple-is-selling-ipad-repair-parts-for-astronomical-prices</span></a></p><p><a href="https://mstdn.social/tags/repair" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>repair</span></a> <a href="https://mstdn.social/tags/fix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fix</span></a> <a href="https://mstdn.social/tags/owned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>owned</span></a> <a href="https://mstdn.social/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a> <a href="https://mstdn.social/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a></p>
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto
Please refer to the site rules before posting.
Administered by:
Server stats:
244active users
photog.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#pwned
1 post · 1 participant · 0 posts today
Kevin Karhan :verified:<p>Hey, <span class="h-card" translate="no"><a href="https://social.bund.de/@AuswaertigesAmt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>AuswaertigesAmt</span></a></span>, ihr wisst schon dass eure <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a> <a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a> <a href="https://www.youtube.com/watch?v=linNxisuCFU&t=1932s" rel="nofollow noopener" target="_blank">wurde?</a></p><ul><li>Vielleicht solltet ihr eure <a href="https://infosec.space/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a> über <a href="https://infosec.space/tags/Iridium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iridium</span></a> verschlüsseln...</li></ul><p>Vielleicht mal <a href="https://github.com/KBtechnologies/PocketCrypto" rel="nofollow noopener" target="_blank">in OpenSource investieren</a>?</p><p>CC: <span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bsi</span></a></span> <span class="h-card" translate="no"><a href="https://social.bund.de/@Bundesregierung" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Bundesregierung</span></a></span> </p><p><a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a> <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a> <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a> <a href="https://infosec.space/tags/Krisenkommunikation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Krisenkommunikation</span></a> <a href="https://infosec.space/tags/40diplo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>40diplo</span></a> <a href="https://infosec.space/tags/Privatsph%C3%A4re" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privatsphäre</span></a> <a href="https://infosec.space/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Datenschutz</span></a> <a href="https://infosec.space/tags/Informationssicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Informationssicherheit</span></a> <a href="https://infosec.space/tags/Kommunikationssicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kommunikationssicherheit</span></a> <a href="https://infosec.space/tags/DEpol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEpol</span></a></p>
plinth<p>I don't think this Scrabble-like game uses the OSD. <a href="https://infosec.exchange/tags/slang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>slang</span></a> <a href="https://infosec.exchange/tags/words" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>words</span></a> <a href="https://infosec.exchange/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://kolektiva.social/@chojzina" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>chojzina</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@ApostateEnglishman" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ApostateEnglishman</span></a></span> </p><p><em>"Hit dogs Bark!"</em></p><ul><li>German Proverb</li></ul><p><a href="https://kolektiva.social/@chojzina/114669259784543478" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kolektiva.social/@chojzina/114</span><span class="invisible">669259784543478</span></a></p><p><a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a> <a href="https://infosec.space/tags/thxbye" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thxbye</span></a> <a href="https://infosec.space/tags/next" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>next</span></a> <a href="https://infosec.space/tags/EOD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EOD</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cR0w</span></a></span> <span class="h-card" translate="no"><a href="https://haunted.computer/@Dio9sys" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Dio9sys</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@da_667" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>da_667</span></a></span> </p><p>Propably Soon: another <a href="https://infosec.space/tags/DDoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DDoS</span></a> <a href="https://infosec.space/tags/botnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>botnet</span></a> made out of them , cuz even the most butchered <a href="https://infosec.space/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a>-based <a href="https://infosec.space/tags/firmware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firmware</span></a> can run a statically-linked version of <a href="https://infosec.space/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a>. </p><ul><li>In fact I'd not be surprised if cybercriminals later on will basically flash their own <a href="https://infosec.space/tags/CFW" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CFW</span></a> (custom firmware) to prevent others from pwning their <a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a> boxes and retain persistent control.</li></ul><p>It would certainly make sense IMHO! I just don't do it as a matter of principle!</p>
Kevin Karhan :verified:<p>Ouch...</p><p><a href="https://infosec.space/tags/Oracle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Oracle</span></a> <a href="https://infosec.space/tags/VirtualBox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VirtualBox</span></a> got <a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a>! <br><a href="https://www.youtube.com/watch?v=3HfJj5S_tbk" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=3HfJj5S_tbk</span><span class="invisible"></span></a></p>
Kevin Karhan :verified:<p><em>Dat feeling when you <a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a> your first System</em>... </p><p>Kinda like <a href="https://www.youtube.com/watch?v=tFXYuw96d0c&t=43s" rel="nofollow noopener" target="_blank">this track</a>...</p><p><a href="https://infosec.space/tags/Nostaliga" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nostaliga</span></a> <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a> <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a> <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a> <a href="https://infosec.space/tags/mukke" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mukke</span></a> <a href="https://infosec.space/tags/mood" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mood</span></a> <a href="https://infosec.space/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@kasiandra" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kasiandra</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> Ich fasse das als <em>bedingungslose Kapitulation</em> auf...</p><p><a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a> <a href="https://infosec.space/tags/thxbye" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thxbye</span></a> <a href="https://infosec.space/tags/next" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>next</span></a> <a href="https://infosec.space/tags/EOD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EOD</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://freiburg.social/@ditol" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ditol</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@samueljohn" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>samueljohn</span></a></span> <span class="h-card" translate="no"><a href="https://23.social/@linuzifer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>linuzifer</span></a></span> </p><p><em>THIS</em> is where I disagree...</p><p>You may think it's elitist, but if people are too lazy to learn even fundamentals like how to use <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tails</span></a> then maybe they should just not do <a href="https://infosec.space/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> at all?</p><ul><li>Like: We expect people to show at the every least theoretical proficiency in terms of <a href="https://infosec.space/tags/TrafficCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrafficCode</span></a> and <a href="https://infosec.space/tags/VehicleSafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VehicleSafety</span></a> in +every juristiction I'm aware of* and literally mandated <a href="https://infosec.space/tags/DrivingLicense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DrivingLicense</span></a>|s for that reason.</li></ul><p>I'll gladly teach <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterates</span></a> but I won't waste my time on <a href="https://infosec.space/@kkarhan/113344834546549105" rel="nofollow noopener" target="_blank">people that spread disinfo</a>...</p><p>It's 2024: <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails_live</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails</span></a></span> has been out for over a decade and there are a shitload of guides ranging from written documentation to Zoomer-friendly TikTok-Style shorts on how to get started.</p><ul><li><p>I don't expect people to do <a href="https://infosec.space/tags/airgapped" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>airgapped</span></a> <a href="https://www.youtube.com/watch?v=vdab4T_CoN8" rel="nofollow noopener" target="_blank">pffline-PGP</a> but with <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> including <a href="https://infosec.space/tags/Enigmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Enigmail</span></a> and not requiring any external dependencies like the god-awful <a href="https://infosec.space/tags/GPG4Win" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG4Win</span></a> stuff's easier than ever.</p></li><li><p>Same with <a href="https://infosec.space/tags/mobile" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mobile</span></a>: <a href="https://infosec.space/tags/Appls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Appls</span></a> like <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> are so easy, I've been able to onboard literal tech-illiterates remotely with few steps and <a href="https://docs.monocles.eu/apps/chat.app/" rel="nofollow noopener" target="_blank">simple instructions</a>. </p></li></ul><p>FOR THE LAST TIME: </p><p>*STOP MAKING EXCUSES TO JUSTIFY ESCALATING COMMITMENT TO EVIDENTLY BAD SOLUTIONS!"</p><ul><li>Cuz <a href="https://web.archive.org/web/20240000000000*/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">when push comes to shove</a> <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> herself would introduce a <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> into <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> when faced with indefinite jailtime...</li></ul><p>Whereas with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys as well as <a href="https://infosec.space/tags/ReproduceableBuilds" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReproduceableBuilds</span></a> and <em>real</em> <a href="https://infosec.space/tags/decentralization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralization</span></a>, this would be evidently impossible even if all the devs wanted to comply honestly and not just because they could be held at gunpoint.</p><ul><li><a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> is not your friend. It's merely a tax-exempt <em>"non-profit"</em> corporation, and corporations are explicitly nobodys friend - espechally when they demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like <a href="https://infosec.space/@kkarhan/111968251463697943" rel="nofollow noopener" target="_blank">phone numbers</a> for useage.</li></ul><p>Compare that to <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monocles</span></a> where you do pay like €2 p.m. but in return get <a href="https://infosec.space/tags/standard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>standard</span></a> <a href="https://infosec.space/tags/protocols" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>protocols</span></a> like <a href="https://infosec.space/tags/IMAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMAP</span></a>, <a href="https://infosec.space/tags/SMTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMTP</span></a> & <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a> and <a href="https://monocles.eu/more/#payment-section" rel="nofollow noopener" target="_blank">can pay anonymously</a> and not have to provide any PII whatsoever!</p><ul><li>And unlike <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> they ain't dependent on <a href="https://infosec.space/tags/VC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VC</span></a> funding and <a href="https://infosec.space/tags/grant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grant</span></a> money to keep the lights on.</li></ul><p>Make of that what you will, but just like allowing flatearthers to roam freely without caretaker supervision doesn't make the world less round, so won't the facts change about <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a>, <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a> & <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a>. </p><ul><li>The only reason Signal is still online and not <a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a> like <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EncroChat</span></a> is because it's either a Sting op like <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a> aka. <a href="https://infosec.space/tags/OperationIronside" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OperationIronside</span></a> aka. <a href="https://infosec.space/tags/OperationTr%C3%B8janShield" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OperationTrøjanShield</span></a> or they have already backdoored their <a href="https://infosec.space/tags/backend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backend</span></a> so hard that all their <a href="https://infosec.space/tags/marketing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>marketing</span></a> is just <a href="https://infosec.space/tags/lies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lies</span></a> like <a href="https://infosec.space/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a>...<br></li></ul><p>Because all <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>centralized</span></a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> solutions are bad, and if they don't even allow for <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> then they are just a <a href="https://infosec.space/tags/grift" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grift</span></a> to <a href="https://infosec.space/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>scam</span></a> tech-illiterates that don't know and/or don't care! </p><p><a href="https://infosec.space/tags/thxbye" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thxbye</span></a> <a href="https://infosec.space/tags/EOD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EOD</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.laurenweinstein.org/@lauren" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lauren</span></a></span> <span class="h-card" translate="no"><a href="https://thecanadian.social/@Ulrich_the_elder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Ulrich_the_elder</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> </p><p><em><a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a>!</em></p><ul><li>Honestly I didn't want to spoil it to him, that <a href="https://thecanadian.social/@Ulrich_the_elder/113340334294824573" rel="nofollow noopener" target="_blank">this</a> was a <em>BAD MISTAKE</em>...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.net2o.de/@forthy42" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>forthy42</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@fj" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>fj</span></a></span> <a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a>!<br><a href="https://infosec.space/@kkarhan/113292738181126901" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1132927</span><span class="invisible">38181126901</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@marcan" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>marcan</span></a></span> <em>nodds in agreement</em> <a href="https://infosec.space/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> doesn't need to have backdoors in Hardware when their entire <a href="https://infosec.space/tags/iCould" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iCould</span></a> <a href="https://www.youtube.com/watch?v=Ev9_oDHNf-4" rel="nofollow noopener" target="_blank">is</a> <a href="https://www.youtube.com/watch?v=r38Epj6ldKU" rel="nofollow noopener" target="_blank">backdoored</a> and can be <a href="https://www.youtube.com/watch?v=ifOifNBgyRg" rel="nofollow noopener" target="_blank">weaponized</a> to <a href="https://www.youtube.com/watch?v=ZzS2vwDUO9U" rel="nofollow noopener" target="_blank">brick devices</a>.</p><ul><li>OFC similar functionality can be achieved with <a href="https://infosec.space/tags/CompuTrace" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CompuTrace</span></a> on <a href="https://infosec.space/tags/amd64" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>amd64</span></a>-based <a href="https://infosec.space/tags/Laptops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Laptops</span></a> (i.e. <a href="https://infosec.space/tags/ThinkPads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThinkPads</span></a>) and compared to that, <a href="https://infosec.space/tags/AMT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AMT</span></a> + <a href="https://infosec.space/tags/ManagmentEngine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ManagmentEngine</span></a> is trivial to <a href="https://infosec.space/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a> and should be considered real <a href="https://infosec.space/tags/backdoors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoors</span></a> (abeit <em>"well meaning"</em> in the sense of remote provisioning of entire fleets of devices, but still allowing to bypass the OS and offering DMA access to the CPU, so basically <em>"<a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a>"</em>)...</li></ul><p>Either way, these are not inherent to the used <a href="https://infosec.space/tags/Silicon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Silicon</span></a>, but entirely <a href="https://infosec.space/tags/Firmware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firmware</span></a>-based.</p><ul><li>AMT for example requires a <em>"<a href="https://infosec.space/tags/Intel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Intel</span></a> <a href="https://infosec.space/tags/vPro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vPro</span></a>"</em> configuration with Intel-made Ethernet NICs (i.e. i2xx & i3xx - Series) with a Q- or C-series Chipset & supporting <a href="https://infosec.space/tags/UEFI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UEFI</span></a>, so most Systems with cheap <a href="https://infosec.space/tags/Realtek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Realtek</span></a>-NICs aren't exploitable straight-away, and even then it requires certain settings to work, so not an easy <em>"<a href="https://infosec.space/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a>"</em> style exploitability...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://det.social/@Der_Waeller" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Der_Waeller</span></a></span> +1<br><a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.bentasker.co.uk/@ben" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ben</span></a></span> OFC that works...</p><ul><li>I bet you <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> will integrate <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> <a href="https://infosec.space/tags/Backdoors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoors</span></a> (they claim don't exist) if <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> were to be threatened with a lifetime in jail until <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> complies...</li></ul><p>Cuz this is how all <em>"<a href="https://infosec.space/tags/secure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secure</span></a>"</em> providers get <a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hackers.town/@cypnk" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cypnk</span></a></span> I'd call this a <em>"teambulding exercise that also trains staff and calibrates the tooling""</em>... </p><p><a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a></p>
unfa🇺🇦<p>So uh... If you happen to use a <a href="https://mastodon.social/tags/RabbitR1" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RabbitR1</span></a> device, just be aware that it's <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> is not great.<br><a href="https://www.youtube.com/watch?v=eKpKXVGc418" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=eKpKXVGc41</span><span class="invisible">8</span></a><br>All your keys are belong to us, basically.<br><a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://mastodon.social/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a> <a href="https://mastodon.social/tags/Rabbit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rabbit</span></a> <a href="https://mastodon.social/tags/CommunityService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CommunityService</span></a></p>
Ricardo Harvin<p><a href="https://mstdn.social/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a>: A higher level.</p><p>From: <span class="h-card" translate="no"><a href="https://press.coop/@latimes" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>latimes</span></a></span><br><a href="https://press.coop/@latimes/112700797440521175" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">press.coop/@latimes/1127007974</span><span class="invisible">40521175</span></a></p>
Jonathan Kamens 86 47<p>I am so sick of the <a href="https://federate.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> field's fascination with shiny new toys while ignoring the fucking basics.<br>This isn't complicated: a corporate policy mandating <a href="https://federate.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a>, with auditing and enforcement, with a big enough budget for security to actually do the auditing and enforcement.<br>It's a known problem with a known, straightforward solution. <br>If your company got <a href="https://federate.social/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a> because you weren't requiring, auditing, and enforcing MFA, it's your fucking fault.<br>You were grossly negligent.<br>Jesus.<br><a href="https://federate.social/tags/Snowflake" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Snowflake</span></a></p>
PrivacyDigest<p><a href="https://mas.to/tags/Roku" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Roku</span></a> Makes <a href="https://mas.to/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> Mandatory For All After Nearly 600K Accounts <a href="https://mas.to/tags/Pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwned</span></a> - Slashdot<br><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> </p><p><a href="https://it.slashdot.org/story/24/04/15/2052206/roku-makes-2fa-mandatory-for-all-after-nearly-600k-accounts-pwned?utm_source=rss1.0mainlinkanon&utm_medium=feed" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">it.slashdot.org/story/24/04/15</span><span class="invisible">/2052206/roku-makes-2fa-mandatory-for-all-after-nearly-600k-accounts-pwned?utm_source=rss1.0mainlinkanon&utm_medium=feed</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.ca/@ned" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ned</span></a></span> m8, I hope your account has been <a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pwned</span></a> cut that toot is absolute bs!</p>
Live feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload