Sorites Paradox as applied to Infosec 

One port open on a host - perfectly fine.
50 ports open on a host - something is messed up.
But how many ports need to be open for it to be considered a problem?

Sufficiently insanely configured infrastructure is indistinguishable from a honeypot

Infosec folks: "Don't do everything as root!"

Also infosec folks: "I use Kali linux for everything, and run everything as root"

Infosec ethics/drama 

HackerOne is running a bug bounty program for FlexiSpy, who specialise in spying on spouses

Their justification: it's "just fixing vulns"

I don't buy this at all. By providing security testing services to a shady company, you lend legitimacy to them and their brand. I agree with Casey on this one

Liamosaurs patented decision tree for whether you need to buy a $BIG_MONEY magical 0day protection service from $BIG_VENDOR...

Q: Can you put your hand on your heart and say "no technology stack my company uses contains publically known vulnerabilities"?

If the answer is "no", you should just work harder on patching your shit instead

If the answer is "yes", you should work on better understanding the software you use, because you're a liar

My very-obviously-a-sketchy-domain (that doesn't comply with an RFC) registration is still pending after 4 days.

I'd prefer to think that it's because of some security consideration, but I'm hoping that it's just the registrar being shit

Some "OSINT" (if you will) observations on the last few months of going through arXiv papers:

1) there is a huge focus in China on malware taxonomies and ML-based analysis. I've started filtering papers based on names I now recognise in the field because literally everyone is working on this,

2) there is gently smouldering return in interest on honeypots. The odd paper resurfaces and discusses old techniques again.

3) tracking people & users is big in the Western world. This is not surprising

Friends don't let friends skip:
1. Leg day
2. UDP port scanning

Here's my current quick "go-to" (5.5mins). How about you?
# nmap -A -Pn -n -sU --open --top-ports 50 <targetIP>


ah yes the parseltongue family of regular expressions

The older I get, the more reliant I am on UrbanDictionary and KnowYourMeme for figuring out what the hell the kids are talking about

Update on the the Linux UDP RCE. From what I've seen from ppl that do kernel exploiting... they can't really see a way to turn it into a useful exploit.

It looks like a vulnerability with the right scary characteristics, but practically not a major concern.

It is not (likely to be) a "one shot remote ring 0" exploit.

I'm learning Irish, and was a bit confused by the Genetive Case (where the suffix of a noun is changed if it's a possessive).

Reading up on it, I was fascinated to find that Old English used to have the same thing with an "es" suffix. eg. "king" would become "kinges" in say "the kinges army".

Over time, the "e" was replaced by an apostrophe, which is why English possessives end in " 's ". The apostrophe replaces a vowel that has not been used in half a millennia

RCE in Linux (inc Android) via UDP. CVSS 10.0. I'm a little confused as to why a bigger fuss isn't being made of this
Is it that the vuln doesn't have a cool brand name and logo and website?
I was pleasantly surprised to find out that my nexus phone was patched for this last week. Other androids are probably going to be fucked

Unpopular opinion puffin 

Constantly referring to twitter as "birdsite" is neither funny or clever. In fact it sounds fucking dumb

ICYMI The OWASP Top 10 2017 Release Candidates are available at
TL;DR they're merging two, ditching "Unvalidated redirects" and adding "Insufficient Attack Protection" & "Underprotected APIs"

I like the content, but dislike the name "Insufficient Attack Protection". It's about detection, response and remediation times, which is 👌, but from the title sounds like it's "you haven't bought enough vendor bullshit to protect your website"

Fun fact: verbosity options for SSH are ssh -v and ssh -vvv. Nobody has ever used ssh -vv

By default, Cloudflare proxies 11 ephemeral ports in addition to 80 and 443

Obviously, this is only a security vulnerability if the high ports on the origin hosts are open to Cloudflare when they're not supposed to be, but in 2017 where nearly everything is closed-by-default, this surprises me. You can't disable this behaviour unless you're on a higher-tier service plan.

The one company that gets IoT security right is the one you'd least expect: Ikea

Show older

The original server operated by the Mastodon gGmbH non-profit