For quite some time I'm getting weird emails on a catchall address on one of my domains. There were registration confirmations from PSP, Facebook, etc. But this time it was even creepier. No registration or something on this address prior to this email. No sings of compromise on the server which hosting this domain. No other domains on the same server getting emails like this. Any idea, fediverse?

Hmm, can't seem to find how to enable and enforce 2fa in Jira. Looks like it doesn't support it out of the box. Or I'm missing something.

I've a catchall email on my domain and since yesterday started to get messages to different addresses like d7769fa77@doman.tld. The weirdest thing is that those are all registration confirmations from Facebook and some other social networks. Wtf?

Have been using it for some time now, and the main observation is this thing is for geeks. I'm not sure if an average user will want or will be even able to setup it

Hmm, No results found for "Google Citadel C2-PVT"

However protecting user data by automatically wiping the device with locked bootloader if debug cable is connected sounds like a good idea

Hmm, nope actually it seems I messed up it myself

Connected debug console to my Pixel 3 and it wiped out the device completely, so it doesn't even boot saying no valid os found.

Google Citadel, huh

Tweet from Hector Martin (@marcan42), at Jan 3, 19:53

Anyway, if you rely on BitLocker in TPM mode (boot without PIN), you should know that anyone can steal your computer, sniff 32 bytes off of the LPC bus, stick them into libbde, and decrypt your disk. Yes, it's that easy. Solder 7 wires to $favorite_fpga_board, decrypt drive.

twitter.com/marcan42/status/10

Finally managed to install to the desktop (Ryzen / Radeon RX550) as well. Using inst.vnc option. It appears that the kernel 4.13 used in installation iso doesn't support the rx550 video card properly.

@Shamar

That browser issue you've been talking about. It's now exploited in the wild by Russian authorities rkn.gov.ru. This script is loading on the main page rkn.gov.ru/5a71c95863f38b1dcfc and scans open ports on 127.0.0.1

Can't wait to try hardened malloc in my own AOSP build

Neat!

Tweet from DanielMicay (@DanielMicay), at Dec 22, 02:53

I've published sample releases of AOSP 9 with the next generation hardened malloc implementation and some other changes at t.co/5oNUPIDhDN. It's at the domain I registered for the Updater app for the time being since I don't have a name for the OS hardening project yet.

twitter.com/DanielMicay/status

The new toy has finally arrived. This is a OnlyKey, a pin protected GPG, SSH, TOTP, U2F and password manager hardware dongle with some other interesting features. Also compatible with yubikey OTP.

How is it different than any other tokens? The firmware is

Friendly reminder: don't use the same password for everything.

Botnet brute forcing login on one of the projects I manage. A lot of breaches happened recently and tons of login/password pairs leaked, and crooks trying to find the ones that will work somewhere else.

Interestingly telegram nginx version banner is 1.12.2 everywhere which is an outdated and vulnerable version. Probably to misguide attackers. But the common practice is to hide the version completely.

shodan.io/search?query=Locatio

Ordered new laptop specially for Qubes that I will use as my daily driver and of course it was a Thinkpad. However Lenovo quality is really disappointing these days. First laptop got bricked because of famous thunderbolt firmware bug. Second one despite that it was sealed and supposed to be completely new, looked like a used one. Finally I got one which looks and works ok.

Is it possible with coreboot and seabios to have boot password? It seems grub instead of seabios is needed or I'm missing something

Show more
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!

We adhere to an adapted version of the TootCat Code of Conduct and follow the Toot Café list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators.

Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!