"We have been incredibly naïve in entrusting our democratic space to […] social networks, whose interests are not at all the survival or proper functioning of our democracies."
Emmanuel Macron, President of France

#leaveX

In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: https://blog.rice.is/post/doom-over-dns/

repo: https://github.com/resumex/doom-over-dns

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns

#PSA: posting photos and videos of your kids online ensures they'll never be able to meaningfully opt out of privacy invasion.

80% of children have an online presence by age two, with parents sharing an average of 1,500 images before their fifth birthday. —2017, Northumbria University

By the age of 13, children have had an average of 1,300 photos and videos of themselves posted to social media by their parents. —2018, UK Children's Commissioner

#Privacy #DataPrivacy

Seeing a lot of “how to prepare” type posts for ICE at airports, which is great… but almost every post I’m seeing has said to turn off biometrics (great) and turn your phone off completely while going through security.

As someone who has been given an insanely difficult time at airports the past 3 years, please don’t rely on turning your phone off alone. It might work for some people, but I’m not allowed past security without showing all of my electronics turn on, and they have to remain on until I get through.

I have quite a few posts detailing my experiences. If it’s helpful I can try to dig them up and reshare. I know it won’t be the same for everyone, but what I go through is pretty intense and maybe getting an idea of some of the things they do will help.

Actions 4 ⚙️

Now with 180+ useful actions to elevate the Shortcuts app

Completely free

https://sindresorhus.com/actions

What do you think the largest bundle of game assets in the world costs?

$30 million?
$500,000?
7 kidneys?
$30,000,000 again?

How about $19.95! 🤑

https://kenney.itch.io/kenney-game-assets

When I first watched War Games (1983) I thought "wow, so weird, not only they had terrible password management, but their test 'AI' system was directly linked to the prod".

Ha-ha. 

Have you used any services/tools to remove your presence from data brokers? If so, which?

https://lemmy.dbzer0.com/post/65666705

Sometimes you end up typing gail.com (typo) instead of gmail.com and you get this nice little website. Hah!

URL: https://gail.com/