Mastodawn

I’m having some fun with VStarcam firmware, so why shouldn’t you? After downloading hundreds of their firmware updates I decided to document all these numerous proprietary formats. This even included figuring out a proprietary compression algorithm (not the one I asked about here a few days ago, that one is still a mystery).

https://palant.info/2025/12/15/unpacking-vstarcam-firmware-for-fun-and-profit/

#vstarcam #firmware #iot #IoTSecurity

Unpacking VStarcam firmware for fun and profit

VStarcam firmware comes in lots of varieties and occasional proprietary formats that binwalk cannot handle. This article documents the formats and unpacking methods.

Almost Secure

_Drag0s_Dec 18

Joseph Cox Dec 17

This is a wild hack. a16z gave a million dollars to startup called Doublespeed. They use a phone farm to flood social media with AI generated influencers and ads. A hacker remotely broke into the phone farm, unmasking the AI influencers/fake accounts, gave us the data https://www.404media.co/hack-reveals-the-a16z-backed-phone-farm-flooding-tiktok-with-ai-influencers/

Hack Reveals the a16z-Backed Phone Farm Flooding TikTok With AI Influencers

A hacker gained control of a 1,100 mobile phone farm powering covert, AI-generated ads on TikTok.

404 Media

_Drag0s_Jan 16, 2025

tante Jan 15, 2025

Cool project: "Nepenthes" is a tarpit to catch (AI) web crawlers.

"It works by generating an endless sequences of pages, each of which with dozens of links, that simply go back into a the tarpit. Pages are randomly generated, but in a deterministic way, causing them to appear to be flat files that never change. Intentional delay is added to prevent crawlers from bogging down your server, in addition to wasting their time. Lastly, optional Markov-babble can be added to the pages, to give the crawlers something to scrape up and train their LLMs on, hopefully accelerating model collapse."

https://zadzmo.org/code/nepenthes/

Nepenthes - ZADZMO.org

Making web crawlers eat shit since 2023

_Drag0s_Jan 16, 2025

Chris Trottier Jan 8, 2025

Confirmed. ChatGPT is actively indexing the Fediverse, even small servers like mine who have not explicitly consented to their indexing.

So while people on Mastodon got angry about Mastodon having built-in discovery features, ChatGPT just went ahead and slurped up all your posts.

Show thread

_Drag0s_Mar 9, 2024

@weddige @bagder would be great if you can find and share it. There is a lot of snake oil hype happening around this subject atm. Thanks!

_Drag0s_Dec 7, 2023

ouinne Nov 23, 2023

It’s very unclear to me how selling deep fryers for turkeys to Americans is not on the face of it urban terrorism.

_Drag0s_Nov 8, 2023

scriptjunkie Nov 8, 2023

Honda, Toyota, Volkswagen and General Motors win ruling they did not violate laws when their "vehicles began downloading and storing a copy of all text messages on smartphones when they were connected to the system... software makes it impossible for vehicle owners to access their communications and call logs but does provide law enforcement with access...

Many car manufacturers are selling car owners’ data to advertisers as a revenue boosting tactic"

https://therecord.media/class-action-lawsuit-cars-text-messages-privacy

Court rules automakers can record and intercept owner text messages

A Seattle-based appellate judge ruled that the practice does not meet the threshold for an illegal privacy violation under state law, handing a big win to automakers Honda, Toyota, Volkswagen and General Motors.

_Drag0s_Nov 8, 2023

Frederik Braun �Nov 8, 2023

STOP COUNTING CVEs

* BUGS WERE NOT SUPPOSED TO BE PLENTIFUL!
* Years of comparing relases by CVE numbers and yet no real-world use found.
* Want to use secure software? We had a tool for that: It was called updating.
* "Yes, please give me the software with the least CVEs". Statements dreamed up by the utterly deranged!

Look at what "security analysts" have been demanding your respect for all this time: low median CVSS score!? least CVEs?

They have played us for absolute fools.

_Drag0s_Mar 28, 2023

antoniozekic Mar 27, 2023

Apple updated the security contents of iOS 15.5 crediting us for the use after free issue in AppleAVD.

This is my 10th kernel issue on Apple platforms that got assigned a CVE since October 25th, 2021.

_Drag0s_Jan 25, 2023

@lcamtuf, as odd it might sound, is there any way to ask you some questions about the skipfish tool you contributed back in the days?

Or are there other ways to get some answers?

Cheers!