The Dustin Childs
- 241 Followers
- 102 Following
- 289 Posts
Just a simple information security gnome trying to make his way through the universe. Part-time patch wrangler. When I’m not thinking about security, I’m probably thinking about baseball, guitars, and mandolins. Toots are just my opinions and such.
TrendAI Zero Day Initiative
Zack WhittakerI asked Plex a bunch of questions about its data breach of user account information, but the company wouldn't say why it hasn't force-reset its users' passwords and is instead asking users to do it, or said how and to what degree it scrambled those passwords.
https://techcrunch.com/2025/09/09/plex-urges-users-to-change-passwords-after-data-breach/
The WolfBox E40 EV charger is a target in the upcoming #Pwn2Own Automotive. @infosecdj tears one down in his latest blog to find what attack surfaces exist in the device. He also details extracting the firmware. https://www.zerodayinitiative.com/blog/2024/12/2/detailing-the-attack-surfaces-of-the-wolfbox-e40-ev-charger
Zero Day Initiative — Detailing the Attack Surfaces of the WolfBox E40 EV Charger
The WolfBox E40 is a Level 2 electric vehicle charge station designed for residential home use. Its hardware has a minimal user interface, providing a Bluetooth Low Energy (BLE) interface for configuration and an NFC reader for user authentication. Typical for this class of devices, the appliance em
In his second blog post covering the #Kenwood DMX958XR IVI, ZDI researcher Connor Ford examines the device's attack surface and lists all the open-source software used, including a 2011 version of OpenSSL. Awkward.
https://www.zerodayinitiative.com/blog/2024/11/20/looking-at-the-attack-surfaces-of-the-kenwood-dmx958xr-ivi
https://www.zerodayinitiative.com/blog/2024/11/20/looking-at-the-attack-surfaces-of-the-kenwood-dmx958xr-ivi
Thinking of participating in #Pwn2Own Automotive? ZDI's Connor Ford provides a detailed look at the internals of the #Kenwood DMX958XR. This is the first in a series detailing the attack surface of the IVI. Read all the details (and gander at the pics) at https://www.zerodayinitiative.com/blog/2024/11/18/looking-at-the-internals-of-the-kenwood-dmx958xr-ivi
Biden Asked Microsoft to “Raise the Bar on Cybersecurity.” He May Have Helped Create an Illegal Monopoly. https://www.propublica.org/article/microsoft-white-house-offer-cybersecurity-biden-nadella
Microsoft’s “Free” Plan to Upgrade Government Cybersecurity Was Designed to Box Out Competitors and Drive Profits, Insiders Say
When the White House welcomed Microsoft’s offer of $150 million in tech services, it helped the world’s largest software provider tighten its grip on federal business and freeze out competitors.
Prefer a video wrap of the Patch Tuesday release over the blog? We got you. @TheDustinChilds covers the #Adobe and #Microsoft patches and points out which ones are a bit more than they seem.
The Patch Report for November 2024
It's the penultimate Patch Tuesday of 2024, and there are two active attacks plus 3 (5?) other public bugs to cover. @TheDustinChilds breaks down the latest fixes from #Adobe and #Microsoft in his latest patch blog.
https://www.zerodayinitiative.com/blog/2024/11/12/the-november-2024-security-update-review
Zero Day Initiative — The November 2024 Security Update Review
It’s not quite the holiday season, despite what some early decorators will have you believe. It is the second Tuesday of the month, and that means Adobe and Microsoft have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of th
89 new CVEs from Microsoft and 45 from Adobe. 2 Microsoft bugs are under attack. I'll have my full thoughts about the release - and the real number of public bugs - out soon.