Rachel Rawlings

@linuxandyarn@infosec.exchange
119 Followers
237 Following
39 Posts

Linux sysadmin pro, infosec amateur
Blue teamer with a red hot temper

If you have no public posts I will not accept your follow request. Don't take it personally, just engage.

General purpose, humor, politics, gaming account: @LinuxAndYarn -- if you're reading this because I posted the Orange County, Florida, censored books list, follow me there instead of here.

Alt text:
- Profile picture: My @EFF membership card from 1990, embossed with my name and member # 164
- Banner: a rainy dusk/nighttime streetscape from the game Dreamfall Chapters

Rachel Rawlings2d ago
Sam Bowne 2d ago
Exclusive: US CDC vaccine presentation cites study that does not exist, author says https://archive.is/K3t9o
Rachel RawlingsMay 30
2600 MagazineMay 29
An important message from 2600 & @hopeconf - https://www.2600.com/content/hope-conference-addresses-travel-concerns
HOPE CONFERENCE ADDRESSES TRAVEL CONCERNS | 2600

Rachel RawlingsApr 7

I'm having trouble figuring out what kind of botnet has been hammering our web servers over the past week. Requests come in from tens of thousands of addresses, just once or twice each (and not getting blocked by fail2ban), with different browser strings (Chrome versions ranging from 24.0.1292.0 - 108.0.5163.147) and ridiculous cobbled-together paths like /about-us/1-2-3-to-the-zoo/the-tiny-seed/10-little-rubber-ducks/1-2-3-to-the-zoo/the-tiny-seed/the-nonsense-show/slowly-slowly-slowly-said-the-sloth/the-boastful-fisherman/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/brown-bear-brown-bear-what-do-you-see/pancakes-pancakes/pancakes-pancakes/the-tiny-seed/pancakes-pancakes/pancakes-pancakes/slowly-slowly-slowly-said-the-sloth/the-tiny-seed

(I just put together a bunch of Eric Carle titles as an example. The actual paths are pasted together from valid paths on our server but in invalid order, with as many as 32 subdirectories.)

Has anyone else been seeing this and do you have an idea what's behind it?

#botnet #ddos #webscraping #infosec

Rachel RawlingsJul 19, 2024
If you're impacted by the #Crowdstrike debacle, here's the latest tech alert with a workaround:
Rachel RawlingsFeb 2, 2024

Okta originally said only one percent of customers were affected, now says the 99% were too.

https://www.bloomberg.com/news/articles/2023-11-29/okta-says-hackers-stole-data-for-all-customer-support-users

Okta Says Hackers Stole Data for All Customer Support Users

Okta Inc. has discovered that hackers who breached its network two months ago stole information on all users of its customer support system — a scope far greater than the 1% of customers the company had previously said were affected.

Bloomberg
Rachel RawlingsNov 16, 2023

I got a newsletter from #Fastly that I didn't remember subscribing to, possibly as a result of them being attached to a #SANS talk. (The first one appeared in my mailbox on October 26, so even I might remember something that recent.)

When I clicked the Unsubscribe link in the mail, the web page said "Fill out the form and we'll send you a link to edit your preferences."

So I went back to my email and reported them as #spam and blocked them.

"Don't be that guy," but for corporations.

Rachel RawlingsSep 14, 2023

The #WebP buffer overflow bug that caused all the major browsers to issue patches earlier this week (e.g. #Firefox 117.0.1) also affects applications built with Electron. #1Password issued an update today for their Mac build.

The CVE affects the underlying webp library, not just web browsers, so this will be an ongoing issue.

#CVE20234863

"Who uses #libwebp?
"There are a lot of applications that use libwebp to render WebP images, I already mentioned a few of them, but some of the others that I know include: #Affinity (the design software), #Gimp, Inkscape [not according to Martin Owens, see comment below], #LibreOffice, #Telegram, #Thunderbird (now patched), #ffmpeg, and many, many #Android applications as well as cross-platform apps built with #Flutter."

https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/

Critical WebP bug: many apps, not just browsers, under threat

A significant vulnerability in the WebP Codec has been unearthed, prompting major browser vendors, including Google and Mozilla, to expedite the release

Stack Diary
Rachel RawlingsAug 30, 2023
No matter how good your encryption might be, a bad UI is a security hole.
Rachel RawlingsAug 24, 2023
When you get an email from your organization warning that
* another new #phishing awareness campaign is coming,
* people who fall for phishing sims will be reported to their managers and be signed up for mandatory training, and
* the email is in HTML with four links that say "Click here" for more information:
Rachel RawlingsAug 7, 2023

Another damned good reason to use #jitsi: #zoom will now use your calls to train their #ml

https://stackdiary.com/zoom-terms-now-allow-training-ai-on-user-content-with-no-opt-out/

Zoom's updated Terms of Service permit training AI on user content without Opt-Out

Zoom Video Communications, Inc. recently updated its Terms of Service to encompass what some critics are calling a significant invasion of user privacy.

Stack Diary