Security researcher, pentester, bounty hunter, broadcast engineer, train ticket nerd
🏳️⚧️
feel free to follow request, but have at least something on your profile
| Website | https://anze.dev |
| Pronouns | she/they |
Now that it's fixed, I can finally publish this: Slovenian C-ITS Road Side Units were asking for IPs on the mesh network. Why? We don't know. But there is some suspicion someone just enabled DHCP on all interfaces on them 
. If anyone else is starting to look into these, pay attention to funny packets, it might get you a bug bounty :)
That's it, I officially hate this timeline.
You would expect that someone dealing with official FOI requests would at least try to understand what someone is requesting, when dealing with a request. Instead, it appears Iarnród Éireann has decided to have a fucking AI write the reasoning for not giving away public keys they use to sign tickets. The reasoning just reads like the worst AI slop I have read. The need to revoke keys is not relevant in the context of an FOI request. The organizational metadata and user identities are FOIable just as the key is and what the actual fuck is the last one. The key is only used in their ticket issuing system, not to create TLS sessions multiple 100 times per second.
This all gets better, because Ireland imposes fees for requesting an internal and ICO review, meaning I now have to pay to have someone review this (30 EUR for internal review and then 50 EUR for ICO). And as far as I can tell, I don't get that money back even if I am granted the complaint. (please correct me if I am wrong, this is my first Irish FOI case)
Continuing the trend of @q on train posters, introducing Slovenian Railways.
Translation in alt text
📷 by @maya
