Mastodawn

MattT ✅Jul 24, 2023

stux⚡️Jul 23, 2023

That's an awesome swing! This bear mus be heavy. Write a positive review: "This swing was tested by bears”

MattT ✅Jul 2, 2023

nixCraft 🐧Jul 2, 2023

IT folks be like 👇😂

MattT ✅Jul 2, 2023

Mastodon Users Jul 1, 2023

12,916,975 accounts
+4,614 in the last hour
+34,484 in the last day
+108,119 in the last week

MattT ✅Jun 13, 2023

Dan Goodin Jun 13, 2023

Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.

The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader—or of an attached peripheral device—to pull a 256-bit ECDSA key off a government-approved smartcard. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset.

https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/

Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away

Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.

Ars Technica

MattT ✅Jun 9, 2023

kotik's pic storage May 29, 2023

MattT ✅May 9, 2023

Pwnallthethings May 9, 2023

Justice Department Announces Court-Authorized Disruption of the Snake #Malware Network Controlled by #Russia's Federal Security Service

https://www.justice.gov/usao-edny/pr/justice-department-announces-court-authorized-disruption-snake-malware-network

Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service

“Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes. Meeting the challenge of cyberespionage requires creativity and a willingness to use all lawful means to protect our nation and our allies,” stated United States Attorney Peace. “The court-authorized remote search and remediation announced today demonstrates my Office and our partners’ commitment to using all of the tools at our disposal to protect the American people.”

MattT ✅May 6, 2023

Mathew J. Schwartz May 5, 2023

No jail: Former Uber CSO Joe Sullivan has been sentenced to serve 3 years' probation and a pay a $50,000 fine. Prosecutors had sought a 15 month jail sentence.
https://www.govinfosecurity.com/ex-uber-cso-joe-sullivan-avoids-federal-prison-a-21984

Ex-Uber CSO Joe Sullivan Avoids Federal Prison

Joe Sullivan, the former chief security officer of Uber, will not spend time in prison for his role in impeding an investigation into the ride-hailing company's

MattT ✅Apr 30, 2023

Lily Hay Newman Apr 28, 2023

DOJ actually detected the SolarWinds hack in its network back in May 2020 and Microsoft, Mandiant, SolarWinds all looked at it at the time, but didn't grasp what they were seeing. Six months later Mandiant publicly exposed the campaign. @kimzetter back in WIRED! https://www.wired.com/story/solarwinds-hack-public-disclosure/

DOJ Detected SolarWinds Breach Months Before Public Disclosure

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

WIRED

MattT ✅Apr 22, 2023