Max Maass 

@hacksilon@infosec.exchange
426 Followers
122 Following
1.1K Posts

Sr. Security Specialist at iteratec // @seemoo alumni // Member of CCC // Crypto means cryptography.

tfr.

Bloghttps://blog.maass.xyz
GitHubhttps://github.com/malexmave
Pixelfedhttps://pixel.infosec.exchange/@hacksilon
Pronounshe/him
I received a response, documented here: https://infosec.exchange/@hacksilon/114782534325988895
Max Maass :donor: (@hacksilon@infosec.exchange)

Update: I heard back from the people running the system. Apparently it isn’t a geoblock, but the specific IPs my requests were coming from were blocked because of abuse from that CDN (bunny.net). The error has been fixed. (Now I wonder if Fraenk hosts their stuff on Bunny.net, or if it’s the DNS resolver I am using 🤔) Anyway, in the future, access to the warnings should be possible. Also, they saw this toot and referenced it in their reply 😅. https://infosec.exchange/@hacksilon/114765561556000011

Infosec Exchange

Update: I heard back from the people running the system. Apparently it isn’t a geoblock, but the specific IPs my requests were coming from were blocked because of abuse from that CDN (bunny.net). The error has been fixed. (Now I wonder if Fraenk hosts their stuff on Bunny.net, or if it’s the DNS resolver I am using 🤔)

Anyway, in the future, access to the warnings should be possible.

Also, they saw this toot and referenced it in their reply 😅.
https://infosec.exchange/@hacksilon/114765561556000011

Max Maass :donor: (@hacksilon@infosec.exchange)

Attached: 1 image Today in #ITSecurity gone wrong: I am in Austria as a German. I just received a notification via cell broadcast about a fire in the area. The broadcast contains a URL - but this URL is only accessible from an Austrian IP address. My LTE roaming IP isn’t allowed. So… I guess I just suffocate because I have the wrong IP address, then? 😅

Infosec Exchange
Great article. And has this gem as a closing statement: „Somewhere, a protocol is being used exactly as intended. This is deeply suspicious.“
https://darmstadt.social/@claudius/114766051184046904
Claudius (@claudius@darmstadt.social)

This blog entry about #MCP[1] is very true, and we've seen almost the same thing in the early 2000s ("Web 2.0", no not the "social media" thing that everybody associates with it now) Web 2.0 was all about APIs. For a brief moment, everything had a relatively open API. Twitter - that's where all the clients came from. Flickr. Delicious. Maps. YouTube. They all were relatively open. And people built the coolest stuff with it. [1]: https://worksonmymachine.substack.com/p/mcp-an-accidentally-universal-plugin

darmstadt.social

This blog entry about #MCP[1] is very true, and we've seen almost the same thing in the early 2000s ("Web 2.0", no not the "social media" thing that everybody associates with it now)

Web 2.0 was all about APIs. For a brief moment, everything had a relatively open API. Twitter - that's where all the clients came from. Flickr. Delicious. Maps. YouTube. They all were relatively open.

And people built the coolest stuff with it.

[1]: https://worksonmymachine.substack.com/p/mcp-an-accidentally-universal-plugin

MCP: An (Accidentally) Universal Plugin System

Or: The Day My Toaster Started Taking Phone Calls

Works on My Machine
Sent them an email requesting to have my IP range allowlisted and questioning the general assumption such a service should be limited to in-country IP ranges. Let’s see what happens.
Today in #ITSecurity gone wrong: I am in Austria as a German. I just received a notification via cell broadcast about a fire in the area. The broadcast contains a URL - but this URL is only accessible from an Austrian IP address. My LTE roaming IP isn’t allowed. So… I guess I just suffocate because I have the wrong IP address, then? 😅

Back in the day, Twitter used to be really good if I set up a thread to connect freelancers with clients. Let's see if Mastodon can do it.

Clients: if you're looking for freelancers/contractors, get in the comments

Freelancers/contractors: get in the comments

Everyone else: boosts appreciated.

The market is *dead* for freelancers and a big part of that (in my opinion) is fragmentation. Let's get that network effect *back*.

#FediHire

Ultra spicy post claiming to be from UK retailer employee (M&S or Co-op) about their experience with TCS on their security incident. https://www.reddit.com/r/cybersecurity/comments/1ll1l6c/scattered_spider_tcs_blame_avoidance/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
Looking forward to being at #KeyConf25 and meeting all the interesting people there! My colleague Tim and I will be presenting our #Keycloak config auditor tool, #kcwarden, that helps you keep your server configuration secure. https://github.com/iteratec/kcwarden
https://fosstodon.org/@ahus1/114753988086598591
GitHub - iteratec/kcwarden: Keycloak Configuration Auditor

Keycloak Configuration Auditor. Contribute to iteratec/kcwarden development by creating an account on GitHub.

GitHub
I assume that when you stare in to THIS void, there's audio description.