Feb 3, 2023
Twitter is ending free API access.
-
PuTTY on my Win98 VM crashes OpenSSH and I'm somewhat hesitant to report it because I feel like they're going to keep the bug in out of spite because "why are you using ancient OS lmao"
grawity: "PuTTY on my Win98 VM crashes OpenSSH and I'm some…" - Treehouse Mastodon
PuTTY on my Win98 VM crashes OpenSSH and I'm somewhat hesitant to report it because I feel like they're going to keep the bug in out of spite because "why are you using ancient OS lmao"
From the release notes for OpenSSH 9.2
* [sshd(8)](https://man.openbsd.org/sshd.8) : fix a pre-authentication double-free memory fault introduced in OpenSSH 9.1. This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms.
-
-
-
https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-pleads-guilty-to-trying-to-extort-his-employer/Let's do a quick #OopSec postmortem on this dickwizard Nikolas Sharp, who tried to ransom his employer Ubiquiti for 50 BTC (~$1.5MM at the time) after pilfering internal files.
* Operated from his home address and home internet connection. Thus, when his VPN failed, his system touched Ubiquiti servers using his home IP, which obviously implicated him.
Lesson: Never operate from your home, and if you must, don't use your own internet connection.
Lesson: Configure your VPN connection to fail safe.
* Used a commercial VPN paid with his own PayPal account with his name on it. (Even if his VPN hadn't failed, they probably could have gotten him on this anyway.)
Lesson: Use an onion router like Tor or pay for a VPN with cash or crypto
* Lied to the FBI. This is almost certainly netting him extra prison time.
Lesson: Don't talk to cops. Shut the fuck up!
And finally, this last one really defies reason:
* After the FBI *raided his house* , he went out and leaked a bunch of information to the press, whose reporting resulted in the Ubiquiti stock price taking a dive. As if LEO and the company weren't already incentivized to crucify this straw-brained sackcloth and flannel mockery of a human being, he went out and gave them even more reason and urgency to throw him in a cage.
Lesson: Once again, shut the fuck up!
Don't do crimes, kids, but if you are compelled by fortune or circumstance, maybe come up with a plan that doesn't unravel the moment everything doesn't go perfectly for you.
The BleepingComputer writeup on the story, and the link to a PDF of the indictment docs here:
serious business :donor:: "Let's do a quick #OopSec postmortem on this dickw…" - Infosec Exchange
Let's do a quick #OopSec postmortem on this dickwizard Nikolas Sharp, who tried to ransom his employer Ubiquiti for 50 BTC (~$1.5MM at the time) after pilfering internal files.
* Operated from his home address and home internet connection. Thus, when his VPN failed, his system touched Ubiquiti servers using his home IP, which obviously implicated him.
Lesson: Never operate from your home, and if you must, don't use your own internet connection.
Lesson: Configure your VPN connection to fail safe.
* Used a commercial VPN paid with his own PayPal account with his name on it. (Even if his VPN hadn't failed, they probably could have gotten him on this anyway.)
Lesson: Use an onion router like Tor or pay for a VPN with cash or crypto
* Lied to the FBI. This is almost certainly netting him extra prison time.
Lesson: Don't talk to cops. Shut the fuck up!
And finally, this last one really defies reason:
* After the FBI raided his house , he went out and leaked a bunch of information to the press, whose reporting resulted in the Ubiquiti stock price taking a dive. As if LEO and the company weren't already incentivized to crucify this straw-brained sackcloth and flannel mockery of a human being, he went out and gave them even more reason and urgency to throw him in a cage.
Lesson: Once again, shut the fuck up!
Don't do crimes, kids, but if you are compelled by fortune or circumstance, maybe come up with a plan that doesn't unravel the moment everything doesn't go perfectly for you.
The BleepingComputer writeup on the story, and the link to a PDF of the indictment docs here: https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-pleads-guilty-to-trying-to-extort-his-employer/
#insiderthreat #opsec #cybersecurity #infosec #ubiquiti
-
A Novel PayPal Scam
A Novel PayPal Scam | anderegg.ca
This morning I received an interesting scam email. It might not be a new scam, but it was the first time I’d seen it.
-
Chinese spy balloon flying over U.S. ‘right now,’ Pentagon says
https://www.washingtonpost.com/national-security/2023/02/02/chinese-spy-balloon-pentagon/
-
Weird things I learned while writing an x86 emulator
Weird things I learned while writing an x86 emulator // TimDbg
If you’ve read my first post about assembly language, you might expect that this is another post on how to understand assembly language. I will write more about that at some point, but this post is not that. Instead, this post is going to talk about some of the weird things and random trivia I learned while writing an x86 and amd64 emulator. The emulator I wrote was for Time Travel Debugging.
-
