Joined Jul 2017
New open source project, a kubectl plugin to deploy intercepting proxies for Kubernetes Services:
https://github.com/soluble-ai/kubetap
If you use #kubernetes and ArgoCD, my latest research revealed five CVEs. Manual mitigations required if you're not using SSO: https://www.soluble.ai/blog/argo-cves-2020
It bothers me that Deborah Birx dresses exactly like space-lady UN Secretary Chrisjen Avasarala in The Expanse.
eriner
boosted
Anyone for #jitsi? #itslikeaparty
My latest security research is out:
https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day
For those who want to ping me when there are issues (outside of NAS), my Twitter is: https://twitter.com/theeriner
@adam https://en.m.wikipedia.org/wiki/Stagefright_(bug)
"...sends specially crafted MMS messages to the victim device and in most cases requires no end-user actions upon message reception to succeed—the user doesn't have to do anything to 'accept' exploits using the bug; it happens in the background."
@adam just wanted to comment that counter to what John mentioned on the last show, it is certainly possible to execute code (on Android) by sending an MP4 without requiring any user interaction. This type of attack exploits the Android media framework. A big, well-known prior attack (StageFright vulnerability) demonstrates this.
Had some research I worked on disclosed today: https://know.bishopfox.com/advisories/connectwise-control
Reddit thread: https://www.reddit.com/r/msp/comments/esc2p1/bishop_fox_discloses_vulnerability_findings_in/
eriner
boosted
Upcoming changes to the mastodon server:
* Moving static content to S3
* Investigating potential move to Pleroma
* Implement CloudFlare Argo tunnel
* Move from current kubernetes cluster to new cluster
* Add new service to NAS
See thread for details.
Anyone know what the status of the Mastodon to Pleroma migration script?
I set up three syncthing.net relays on behalf of noagendasocial.com, value for value.
eriner
boosted
here we see @eriner @ServerStatus configurin our Server
eriner
boosted
The AllStar and EchoLink nodes are up! See K5ACC.com #noagendahams
Would any NA producers be willing to help me run NAS? As in, run an image I provide on a spare RPI/old PC and leave it plugged in.
I'd like to distribute NAS across hardware and physical sites. I can accommodate any bandwidth/storage limitations.
I'll be documenting everything in a nice writeup and will open-source everything, but for now I'm just trying to gauge who/how many people would want to contribute by providing hardware/boxes.
If anyone is weird like me and needs Sun Tzu quotes SMS'd to you each day, here's an hour of my work shoved into a 5MB Docker container:
Joined Jul 2017
