ITM. For those graciously offering value-for-value for NAS:
While I have not accepted donations in the past, I will begin accepting donations (via PayPal) once I have all of the paperwork and bookkeeping in order. I anticipate this will take a few weeks. Between now and then I will establish crypto addresses for BTC, ETH, XMR, and SC.
I'll link a donation page when one is available.
Thank you all for your patience this weekend. I am humbled by your support.
Red book prediction: the US public discovers how many FTDs are floating in ex-clearing and DTCC, and that the SEC has failed in the duties provided by Congress to ensure "The prompt and accurate clearance and settlement of securities transactions". Closing delay is the only thing keeping this whole boat afloat. The revolving under-desk fellating will be brought to light, and the American people will pay the price. Again.
Oh yeah, there's no inflation by the way.
*this is not investment advice.
ITM. For those graciously offering value-for-value for NAS:
While I have not accepted donations in the past, I will begin accepting donations (via PayPal) once I have all of the paperwork and bookkeeping in order. I anticipate this will take a few weeks. Between now and then I will establish crypto addresses for BTC, ETH, XMR, and SC.
I'll link a donation page when one is available.
Thank you all for your patience this weekend. I am humbled by your support.
If you run Red Hat's Keycloak, update to the latest version. I found a bug that can DoS Keycloak installations with a cellular connection. https://www.soluble.ai/blog/keycloak-cve-2020-10758
New open source project, a kubectl plugin to deploy intercepting proxies for Kubernetes Services:
https://github.com/soluble-ai/kubetap
If you use #kubernetes and ArgoCD, my latest research revealed five CVEs. Manual mitigations required if you're not using SSO: https://www.soluble.ai/blog/argo-cves-2020
My latest security research is out:
https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day
@adam https://en.m.wikipedia.org/wiki/Stagefright_(bug)
"...sends specially crafted MMS messages to the victim device and in most cases requires no end-user actions upon message reception to succeed—the user doesn't have to do anything to 'accept' exploits using the bug; it happens in the background."
@adam just wanted to comment that counter to what John mentioned on the last show, it is certainly possible to execute code (on Android) by sending an MP4 without requiring any user interaction. This type of attack exploits the Android media framework. A big, well-known prior attack (StageFright vulnerability) demonstrates this.
It's a real shame mastodon.social has blocked/silenced NAS. I'd love to be able to contact @Gargron to report a security issue rather than being forced to disclose it publicly on the issue tracker.
And yes, I've created an account there and sent him a direct message, however he's likely to ignore a message from a brand new account, writing it off as spam, which is not at all unreasonable.
Damn shame.
I'm a rural autodidact. Host of noagendasocial.com, consulting penetration tester, k8s specialist, devops engineer. Previously @Soluble, @BishopFox.
Self-taught: hacker, developer, plumber, electrician, woodworker, and all-around maker.
Alignment: Chaotic good.