The leak of Samsung Android platform signing keys seems like a pretty big deal.

What's interesting is there seems to be evidence of it being abused years ago as well.l, but that remains to be seen and fully investigated.

Play detects the malicious signed keys but those people that side load apps, hopefully this pushes v3 signing for platforms

Shout out to Spotify and their sweet fake music festival posters everyone is posting on social media.

My team just used them to password guess people based on their headlined bands + year born.

👀
#redteam #redteamtips #OSINT #passwords

Today the world lost a true technomancer. My father, Robert Linares, just passed away unexpectedly.

He was one of the smartest people I have ever met.

He was an old school hardware hacker, he introduced me to programming at 6 and gave me my first computer that he dumpster dived out of Burr Brown and fixed.

He was one of us, infosec, before we even had a word to describe it, he was doing it.

He was an avionics technician for years, matter of fact, he has found hundreds of flaws in aircraft avionics to the point that he made a job out of it at several private aircraft companies.

He helped me do work on finding flaws in aircraft and technically he shares a CVE that affected commercial aircraft.

He is the person that taught me how to look at the world differently and it's how I work in cybersecurity.

I cannot emphasize how much of him is in everything I do.

Fyi heads up if you use the Android mastodon app and attempt to post on pixelfed dot social using their app, it will randomly not get distributed to other instances.

If you use the web client and use the UI there it will.