threatactor.club

👀

http://tiny.cc/37c3voucher

#ccc #37c3 #vouchers

Some things never change

OH: Intellektuelle Massephase

I smell quite some FUD about the alleged Signal 0day.

The recommendation is to turn off link previews, however link previews are generated on the sender side. Just tested, with link previews turned off you’ll still receive them from a device that sends those.

I think this would mean either:

• Turning off link previews isn’t a sufficient mitigation

or

• The vuln is triggering on the sender side that means someone needs to convince you to create a message containing a malicious link

or

• The whole thing is fake and just a nice troll

So hier zieht euch mal rein wie LiveOverflow da einen “Hacker” demontiert:

https://youtu.be/3FeAAQlUSJ4?feature=shared

I’ll play some music at #Geraffel Village tonight starting at about midnight :D #cccamp23

someone hacked @eventphone

:D

derp

Muhahahah brilliant

https://youtu.be/duLJUpptSik

Wissen ja die wenigsten:

Considering giving a talk titled: „I made my hobby my profession so I needed a new hobby. Now I’m cuddling grown men in pyjamas trying to choke them out or break their limbs - for fun“

Against earlier statements it looks like I'll be at the CCC Camp with my family. See you all there!

Last Christmas I popped a shell¹ on http://hg.mozilla.org

Here's the fix:
https://hg.mozilla.org/hgcustom/version-control-tools/rev/0b02dd442661b4ada84e4c6dea58ab62cb8fbaca

Can you explain the bug?

FAQ:

• This is an authenticated vuln
• I'll post a writeup in the next days
• Yes, RTFM helps ... as usual

¹) actually it was two shells

What could possibly go wrong?

Unpopular take: .zip domains were a marketing gag targeting security people.

It’s that time of the year again

good old 19:15 double espresso

Stuff one finds buried in a shelf when moving ….

#irootshells

OR: Hot Single Sign Ons in your Collision Domain!