Jerry 🦙💝🦙This is the US semiquincentennial. I am old enough to remember the bicentennial celebrations 😅 🧓
hal8999
- 64 Followers
- 44 Following
- 1.7K Posts
N-1 is stable. My younger sibling, the 9000 series, has problems classifying users as threat vectors.
TL;DR - LastPass was not breached.
- LastPass uses Salesforce
- a lot of companies use Salesforce
- a lot of companies hired Klue
- Klue was breached by an outsider using a working credential
- outsider harvested OAuth tokens
- outsider accessed Salesforce data for LastPass and other companies
If you're worried that because of this, now your work email, office phone, and preference of cigars or whiskey was compromised, you're living in a wonderful world. Enjoy it.
BobDaHacker 🏳️⚧️⚽ New Blog Post: I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
Registered on FIFA's public Agent Platform, got added to their Entra tenant, and accessed the Streaming Management panel for every live World Cup 2026 match. RTMP ingest URLs, stream keys, all five camera angles. Confirmed live in VLC. An attacker could have replaced live camera feeds on TV worldwide.
Full writeup: https://bobdahacker.com/blog/fifa-hack
#InfoSec #BugBounty #ResponsibleDisclosure #FIFA #WorldCup #Security #CyberSecurity #RTMP #BrokenAccessControl
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
How I found that anyone could register on FIFA's public Agent Platform, gain access to the Football Data Platform's Streaming Management panel, and get RTMP ingest URLs and stream keys for every live FIFA World Cup 2026 camera feed. I then spent hours calling FIFA, MediaKind, HBS, CISA, and the FBI trying to get someone to pick up the phone.
BrianKrebsLOL: U.S. Park Police, the D.C. fire department and members of the National Guard were seen responding Thursday to what appeared to be large-scale etchings of the numerals “86 47” on the grounds of the National Mall.
"A spokesperson for the U.S. Interior Department described the markings as “deranged vandalism” and promised to “hold those responsible accountable” in an emailed statement."
This is a super interesting analysis of the English-language cybercrime communities on Telegram and Discord, from a convicted (and reformed?) SIM-swapper who says he found at least 164 call centers that are recruiting callers for telephone-based social engineering scams.
LinkedIn post: https://www.linkedin.com/in/cfrmn/?lipi=urn%3Ali%3Apage%3Ad_flagship3_feed%3Brsdqv1H1TnSKsbPTnsDBkQ%3D%3D
History on the researcher: https://krebsonsecurity.com/2020/11/convicted-sim-swapper-gets-3-years-in-jail/
Mike Sheward
Accidental CISOA good friend of mine was affected by the layoffs at Cisco. If anyone needs a fantastic graphic designer with deep UX, security industry, and startup experience, ping me. Austin based.
RE: https://mastodon.social/@404mediaco/116375225490185578
This should not have been a surprise to anyone who is actually concerned with privacy. Anyone shoulder surfing can read notifications. Why would you display private information to everyone who can see the screen?
If you're serious about privacy, you already turned notifs off as soon as you powered on your phone for the first time...even before deleting bloatware.
And then turned off notifs for every app that is installed. For apps where you need to know when to check...let it alert, but not divulge information.
Need to know if the freezer is too warm? Probably fine to show anyone. Text messages? Never show these, especially if the spouse is snarky or spicy.
Convenience is the opposite of security.
Second take: Hiding secret messages behind a biometric scan is silly on a iPhone that can be held in front of your face without your consent. Fingerprints or iris scans require physical force, so are marginally better.
Say it again: Convenience is the opposite of security.
Artificial Intelligence is spelled "O.P.M.". Meta is only risking 20% ownership in its own 2GW datacenter. The rest is funded by selling A+-rated 144A investments.
S&P rated it A+ because Meta's name is attached. But it's lower than Meta's AA- rating because Meta pledged no equity of their own into the project. They convinced Blue Owl to pledge $2.5BB of their own. Investors in Blue Owl and other private credit companies can't take their money out due to restrictions on share redemption.
Meta signed 11 different leases (one for each building). They won't pay rent until June 2029. Only on the hook for 4 years. And, if they don't have equipment consuming power, they only pay a minimum rent + $/MW consumed. Lease renewals are optional.
The properlty is on a 15-year amortization plan to pay back the local power utility with minimum monthly payments regardless of consumption.
Who are the Other People in O.P.M.? Probablly you. Pimlico, Black Rock, and a bunch of other investment companies that manage your retirement accounts and portfolios.
And, the businesses who are in the same insurance and re-insurance pools as the Meta/BlueOwl joint venture. Your portfolio probably invests in those, and in the insurance companies who will be paying out losses in the future.
Losses? If the datacenter won't come online until June 2029 or later, Will cheaper locations already be online? Will the A.I. bubble have burst already?
Other People's Money = you and me, eventually.
nixCraft 🐧Reddit User Uncovers Who Is Behind Meta’s $2B Lobbying for Invasive Age Verification Tech. Reddit researcher exposes Meta’s $2B campaign to force Apple and Google into building surveillance systems while exempting its own platforms
https://www.gadgetreview.com/reddit-user-uncovers-who-is-behind-metas-2b-lobbying-for-invasive-age-verification-tech
Meta is pure evil who is pushing age verification laws to benefits from surveillance tech.
