JRT

@jrt@infosec.exchange
761 Followers
1.5K Following
2.1K Posts

Average nmap enjoyer, destroyer of IoT worlds and embedded universes.
Chief #Passkey Advocate

"Experte für Nischenthemen" - unnamed

he/him

Working in #InfoSec by day. Doing some things at @AsteroidOS and @spline by night.

ALT: @jrt

#InfoSec #Security #linux #foss #CCC #spline #berlin #ArchLinux #fedora #AsteroidOS #VR #CyberpunkIsNow

Websitehttps://jrtberlin.de
LanguagesEnglish, German
Signaljrt.42
Threemahttps://threema.id/FMESVF5Y
Matrix@jrt:kde.org
JRT17h ago
Manuel 'HonkHase' Atug18h ago

Während in Deutschland alte weiße Männer den Verbrennermotor und fossile Energien mit Inbrunst und Machtmissbrauch weiter führen und die ehem-Gaskonzern-jetzt-Energieministerin fossiles russisches Gas propagiert, sagen die Chinesen mal kurz die Zukunft an. 🔥🔥🔥

China: Forscher brechen die Temperaturgrenzen von Wärmepumpen
https://winfuture.de/news,155658.html

China: Forscher brechen die Temperaturgrenzen von Wärmepumpen

Chinesische Forscher haben eine technologische Hürde überwunden, die die industrielle Nutzung von Wärme seit mehr als hundert Jahren begrenzt hat. Eine neue Wärmepumpen-Architektur soll theoretisch in der Lage sein, sogar einige Erze zu schmelzen.

WinFuture.de
JRT1d ago

I got the The Archer archetype!

https://infosec.exchange/@jrt/wrapstodon/2025/5d828f008aae0b9a

#Wrapstodon2025

Wrapstodon 2025 for JRT

See how JRT used Mastodon this year!

Infosec Exchange
JRT1d ago
Teri Radichel1d ago

Microsoft will finally kill obsolete cipher that has wreaked decades of havoc - RC4 which is susceptible to Kerberoasting.

https://arstechnica.com/security/2025/12/microsoft-will-finally-kill-obsolete-cipher-that-has-wreaked-decades-of-havoc/

Microsoft will finally kill obsolete cipher that has wreaked decades of havoc

The weak RC4 for administrative authentication has been a hacker holy grail for decades.

Ars Technica
JRT1d ago
Eva Wolfangel2d ago

Neuer Trend in staatlicher Spionage: anstatt teure Zeroday-Lücken zu kaufen, wird der physische Zugriff auf Geräte ausgenutzt, um Spyware zu installieren. Aktueller Fall aus Belarus: der dortige Geheimdienst nutzte die Schadsoftware seit vier Jahren. Dank Reporter Ohne Grenzen ist der Angriff endlich enttarnt worden. Hier mein aktueller Artikel dazu - für euch als Freebie. Danke @besendorf für deine Arbeit und das gute Interview!

https://www.zeit.de/digital/2025-12/belarus-spionagesoftware-handy-app-opposition?freebie=54d93229

Belarus: Belarussischer Geheimdienst spionierte Handys aus

Der belarussische Geheimdienst setzte wohl jahrelang eine Spionage-App gegen Oppositionelle ein. Darüber konnte er Smartphones vollständig überwachen – und sogar löschen.

DIE ZEIT
JRT1d ago
Janik Besendorf2d ago

We are very excited that our publication on previously unknown #spyware in Belarus is published today!
https://rsf.org/en/exclusive-rsf-uncovers-new-spyware-belarus

This is joint research by the Digital Security Lab from Reporters Without Borders and RESIDENT.NGO

Exclusive: RSF uncovers new spyware from Belarus

Reporters Without Borders (RSF)’s Digital Security Lab (DSL), working with the Eastern European organisation RESIDENT.NGO, has uncovered a previously unknown spyware tool used by the State Security Committee (KGB) of Belarus to target, among others, journalists and media workers. RSF assesses that this exposure is a serious setback for the KGB’s operations, not least because the software appears to have been in use for several years.

JRT1d ago
ploum2d ago

Mozilla has a new CEO who:

- Has been at Mozilla for less than a year
- Has no prior open source experience (but well in "fintech" and "real estate")
- Has a MBA (aka "brainworm diploma")
- Is all-in on AI

That’s exactly the kind of bingo profile the whole community has been waiting for.

JRT2d ago
Harry Sintonen2d ago

A privilege escalation in Dropbear (CVE-2025-14282) allows any authenticated user to run arbitrary commands as root. The vulnerability affects versions 2024.84 to 2025.88. Dropbear release 2025.89 fixes the vulnerability.

A mitigation is to run dropbear without unix socket forwarding by adding the -j option.

https://www.openwall.com/lists/oss-security/2025/12/16/2

#CVE_2025_14282 #infosec #cybersecurity

oss-security - Dropbear 2025.89 fixes privilege escalation, CVE-2025-14282

JRT2d ago
Ricky Mondello2d ago

“I think I know how to use passwords securely, so passkeys are annoying and nobody should use them.” is tech-speak for, “I don’t care about the online account security of other people.”, or more succinctly, “I don’t care about other people.”

People overestimate their competence and underestimate the cost of phishing and credential stuffing. Individuals having to learn to use password management software and be vigilant against phishing is an industry failure, not a personal success.

Show threadJRT2d ago
@g0rb @cR0w @brahms @waken said the company who got verbaly spanked by the CSRB report on cybersecurity at Microsoft.
Show threadJRT2d ago
@cR0w @brahms @g0rb @waken lmao so stupid. There is a spec for secure passkey syncing w/o that crap.