For quite some time I'm getting weird emails on a catchall address on one of my domains. There were registration confirmations from PSP, Facebook, etc. But this time it was even creepier. No registration or something on this address prior to this email. No sings of compromise on the server which hosting this domain. No other domains on the same server getting emails like this. Any idea, fediverse?
Tweet from Hector Martin (@marcan42), at Jan 3, 19:53
Anyway, if you rely on BitLocker in TPM mode (boot without PIN), you should know that anyone can steal your computer, sniff 32 bytes off of the LPC bus, stick them into libbde, and decrypt your disk. Yes, it's that easy. Solder 7 wires to $favorite_fpga_board, decrypt drive.
Finally managed to install #qubes to the desktop (Ryzen / Radeon RX550) as well. Using inst.vnc option. It appears that the kernel 4.13 used in installation iso doesn't support the rx550 video card properly.
Tweet from DanielMicay (@DanielMicay), at Dec 22, 02:53
I've published sample releases of AOSP 9 with the next generation hardened malloc implementation and some other changes at https://t.co/5oNUPIDhDN. It's at the domain I registered for the Updater app for the time being since I don't have a name for the OS hardening project yet.
The new toy has finally arrived. This is a OnlyKey, a pin protected GPG, SSH, TOTP, U2F and password manager hardware dongle with some other interesting features. Also compatible with yubikey OTP.
How is it different than any other tokens? The firmware is #opensource
Interestingly telegram nginx version banner is 1.12.2 everywhere which is an outdated and vulnerable version. Probably to misguide attackers. But the common practice is to hide the version completely.
Hack the Gibson
Ships infected with ransomware, USB malware, worms | ZDNet
Ordered new laptop specially for Qubes that I will use as my daily driver and of course it was a Thinkpad. However Lenovo quality is really disappointing these days. First laptop got bricked because of famous thunderbolt firmware bug. Second one despite that it was sealed and supposed to be completely new, looked like a used one. Finally I got one which looks and works ok.
ops, dev. Interested in (in)security
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!
We adhere to an adapted version of the TootCat Code of Conduct and follow the Toot Café list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators.
Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!