Simon Springall (he/him). #FBPE

@[email protected]
164 Followers
278 Following
223 Posts
American, Brit, European. In Ireland. ๐Ÿ‡บ๐Ÿ‡ฒ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡ฎ๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ๐ŸŒ
Software Engineer, Cloud Solutions Architect, Cybersecurity.
Still sore about Brexit. #wokerati
Simon Springall (he/him). #FBPEDec 5, 2024
Looks interesting.. or scary https://www.tomshardware.com/tech-industry/cyber-security/o-mg-usb-c-cable-ct-scan-reveals-sinister-active-electronics-contains-a-hidden-antenna-and-another-die-embedded-in-the-microcontroller
USB-C cable CT scan reveals sinister active electronics โ€” O.MG pen testing cable contains a hidden antenna and another die embedded in the microcontroller

A small package with a huge malicious potential.

Tom's Hardware
Simon Springall (he/him). #FBPENov 16, 2024
@ap.brid.gy @bobegan.bsky.social
Simon Springall (he/him). #FBPENov 16, 2024
@app.brid.gy @oleander0.bsky.social
Simon Springall (he/him). #FBPENov 16, 2024
shellsharksNov 16, 2024

Hey #infosec folks, if you've bridged your account to #Bluesky using BridgyFed (https://fed.brid.gy/) let me know so I can add that bridged account to a starter pack there. ๐Ÿ‘

Would be great to highlight the infosec people who are here, over there.

Boost around so I can nab everyone! ๐Ÿš€

Bridgy Fed

Bridgy Fed is a bridge between decentralized social networks like the fediverse, Bluesky, and web sites and blogs.

Simon Springall (he/him). #FBPENov 16, 2024
Ray [REDACTED]Nov 16, 2024

This is a gentle but important video reminder for anyone who has cheered on the videos of my teenage son, especially those of you who got out of bed at 3AM to do so.

(btw, the video contains a little surprise at the end!)

Simon Springall (he/him). #FBPENov 16, 2024
@bsky.brid.gy @noelzia.bsky.social
Simon Springall (he/him). #FBPENov 16, 2024
@bsky.brid.gy https://bsky.app/profile/cgallia.bsky.social
Charles Galllia (@cgallia.bsky.social)

Bluesky Social
Simon Springall (he/him). #FBPENov 29, 2023
Jake WilliamsNov 26, 2023
This should be getting a lot more attention. NXP chips are in a lot of products. It's likely the TA knows of specific flaws reported to NXP that can be leveraged to exploit devices the chips are embedded in, and that's assuming they didn't implement backdoors themselves. Over 2.5 years (at least), that's not unrealistic.
https://www.tomshardware.com/news/chinese-hackers-steal-chip-designs-from-major-dutch-semiconductor-company
Chinese hackers steal chip designs from major Dutch semiconductor company โ€” perps lurked for over two years to steal NXP's chipmaking IP: Report

The full extent of the security breach is unknown.

Tom's Hardware
Simon Springall (he/him). #FBPEJul 22, 2023
raptor Jul 22, 2023

In light of the recent #Qualys #advisory, I recommend reading this old #vulnerability report by @taviso thatโ€™s also cited by Qualys in their writeup.

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

https://seclists.org/fulldisclosure/2010/Oct/344

Full Disclosure: The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

Simon Springall (he/him). #FBPEMar 10, 2023
More on the #LastPassBreach . I had no idea the threat actor used a vulnerability in #plex in the supply chain attack. It still seems a little incredulous that a security company gets exposed like this. https://www.itpro.co.uk/security/information-security-infosec/370210/lastpass-breach-last-chance #cybersecurity #devops
LastPass breach: Does LastPass really deserve a last chance?

After several disastrous hacks at LastPass and a communications breakdown, itโ€™s time to leave LastPass for pastures new

IT Pro