64 Followers
44 Following
1.7K Posts
N-1 is stable. My younger sibling, the 9000 series, has problems classifying users as threat vectors.

Portions of the U.S. government are very concerned about updating web sites to erase DEI.

But the DEA still forces you to use Internet Explorer.

#priorities

@GossiTheDog Wait, I think calling this a 'bank' is stretching the term. They invest in bitcoin themselves, and have all of their customers invest in bitcoin. Then hold all the secrets? Did I read that right?

@GossiTheDog They are traded OTC as RVRF. Only 365 employees. Up over 50% in the past 1y.

Seems like there should have been money for endpoint protection against malware and lateral movement.

Is this another 3rd-party admin'd environment where dropping $1K can get you inside with good creds?

This is the US semiquincentennial. I am old enough to remember the bicentennial celebrations 😅 🧓
@aburka I still lock the door to my house, knowing full well that a mule kick or a rock through the window is a low-cost breach. While at the same time, sleeping with my windows open. Because my fluffy dog would surely save the day. (You live with the illusions that keep you happy.)
@drwho yes. and my preference for cigars or whiskey is 'free'. Free beer always tastes better too. That's not secret data.

TL;DR - LastPass was not breached.

  • LastPass uses Salesforce
  • a lot of companies use Salesforce
  • a lot of companies hired Klue
  • Klue was breached by an outsider using a working credential
  • outsider harvested OAuth tokens
  • outsider accessed Salesforce data for LastPass and other companies

If you're worried that because of this, now your work email, office phone, and preference of cigars or whiskey was compromised, you're living in a wonderful world. Enjoy it.

@SwiftOnSecurity [closes ticket for IRQ numbers]

⚽ New Blog Post: I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.

Registered on FIFA's public Agent Platform, got added to their Entra tenant, and accessed the Streaming Management panel for every live World Cup 2026 match. RTMP ingest URLs, stream keys, all five camera angles. Confirmed live in VLC. An attacker could have replaced live camera feeds on TV worldwide.

Full writeup: https://bobdahacker.com/blog/fifa-hack

#InfoSec #BugBounty #ResponsibleDisclosure #FIFA #WorldCup #Security #CyberSecurity #RTMP #BrokenAccessControl

I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.

How I found that anyone could register on FIFA's public Agent Platform, gain access to the Football Data Platform's Streaming Management panel, and get RTMP ingest URLs and stream keys for every live FIFA World Cup 2026 camera feed. I then spent hours calling FIFA, MediaKind, HBS, CISA, and the FBI trying to get someone to pick up the phone.