Notices by Jernej Simončič � (jernej__s@infosec.exchange)

@whitequark @natkr Reminds me of buying codesigning certificates from Globalsign and Comodo. Both ignored the government-issued ids (including a certificate issued by the state CA), and instead required me to provide a bank statement and some bills in my name (for Comodo I even had to have them notarised); as all of my statements and bills have been digital for close to two decades (and digital bills were not considered trustworthy, despite having a digital signature), I simply printed them on a colour laser printer, then photocopied them and notarised the copy.

@thomasfuchs That's supposed to be implemented in the future.

@thomasfuchs It works the other way around, too – click quote, find the post you want to reply to and click Reply.

@thomasfuchs Are you trying to create a loop?

@thomasfuchs I never used classic MacOS, was this a built-in function?

@thomasfuchs @foone Given the capital K, I'd say it's 77950 bytes.

@SwiftOnSecurity

@pq1r @ryanc This. And recent laptops usually don't mind if you replace the WiFi card any more (for a while you'd need BIOS hacks to allow booting after replacing WiFi card).

@GossiTheDog A client of mine (that I first notified on September 25th) finally patched after they were nudged by their upstream. Funnily enough, their firewall contractor is still running firmware from 2023 according to your scan :)

@thomasfuchs Paywall bypass: https://archive.is/8Hyt8

@djsumdog @flacs TB3 only uses USB-C port, but with TB4 things are more complicated – while USB4 doesn't need to support everything TB4 does, supposedly Microsoft said they wouldn't certify USB4 drivers that didn't support all transport modes, making USB4 and TB4 effectively equivalent.

OTOH, in the previous post I was just counting all the different types of USB ports, and since TB3 and up use USB-C ports, they probably should count up there (as would USB-C ports that support DP-Alt mode).

Also, Apple wasn't the only one with MiniDP TB2 ports – at least some HP laptops also had them.

@titusDeGroan @ryanc This isn't using OpenSSH, it's based on russh.

@ryanc Nope, no change.

@ryanc Here's PuTTY's log if it helps any:

2025-10-05 14:41:42 Running with restricted process ACL
2025-10-05 14:41:42 Sharing this connection at \.\pipe\putty-connshare.ender.d59e74791f6cef4ee3164aaabcf128f331479a64f5c6a39f972c76635dac2aed
2025-10-05 14:41:42 Looking up host "ansi.rya.nc" for SSH connection
2025-10-05 14:41:42 Connecting to 139.162.221.130 port 22
2025-10-05 14:41:42 We claim version: SSH-2.0-PuTTY_Snapshot_2025_05_29.91ad3af
2025-10-05 14:41:42 Connected to 139.162.221.130 (from 172.16.255.5:14658)
2025-10-05 14:41:42 Remote version: SSH-2.0-hoopsnake russh
2025-10-05 14:41:42 Using SSH protocol version 2
2025-10-05 14:41:43 No GSSAPI security context available
2025-10-05 14:41:43 Doing ECDH key exchange with curve Curve25519, using hash SHA-256 (SHA-NI accelerated)
2025-10-05 14:41:43 Server also has ecdsa-sha2-nistp256 host key, but we don't know it
2025-10-05 14:41:43 Host key fingerprint is:
2025-10-05 14:41:43 ssh-ed25519 255 SHA256:YfIrPxt2WKAJjm43+3iVQf5ERksHC3s9g8VYuKF+208
2025-10-05 14:41:43 Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
2025-10-05 14:41:43 Initialised HMAC-SHA-256 (SHA-NI accelerated) outbound MAC algorithm (in ETM mode)
2025-10-05 14:41:43 Will enable zlib (RFC1950) compression after user authentication
2025-10-05 14:41:43 Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
2025-10-05 14:41:43 Initialised HMAC-SHA-256 (SHA-NI accelerated) inbound MAC algorithm (in ETM mode)
2025-10-05 14:41:43 Will enable zlib (RFC1950) decompression after user authentication
2025-10-05 14:41:43 Pageant is running. Requesting keys.
2025-10-05 14:41:43 Pageant has 4 SSH-2 keys
2025-10-05 14:41:43 Trying Pageant key #0
2025-10-05 14:41:43 Server refused our key
2025-10-05 14:41:43 Trying Pageant key #1
2025-10-05 14:41:43 Server refused our key
2025-10-05 14:41:43 Trying Pageant key #2
2025-10-05 14:41:43 Remote side unexpectedly closed network connection

@ryanc Connection closes unless I disable agent authentication :)

@flacs This made me wonder – how many actually different kinds of USB ports are there?

These are what I came up with:

1. USB-A 1.1
2. USB-A 2.0
3. USB-A 3.0/3.1gen1/3.2gen1x1 (5Gbps)
4. USB-A 3.1gen2/3.2gen2x1 (10Gbps)
5. USB-C 2.0
6. USB-C 3.0/3.1gen1/3.2gen1x1 (5Gbps)
7. USB-C 3.1gen2/3.2gen2x1 (10Gbps)
8. USB-C 3.2gen1x2 (10Gbps)
9. USB-C 3.2gen2x2 (20Gbps)
10. USB-C 4.0 (40Gbps)
11. USB-C 4 version 2 (80Gbps, not sure if commercially available yet)

Do Thunderbolt3 and 4 count as USB? What about USB-C ports that support DP-Alt mode? And I didn't even touch all the possible power delivery options…

Very universal indeed.

@jpm @whitequark Right, I've got this implemented, too.

permit_mynetworks, sleep 2, permit_sasl_authenticated, sleep 2, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031, permit

@thomasfuchs What about the late 90's breakout dongles?

@ryanc The missile conspiracy.

@thomasfuchs Your new avatar makes me think I'm reading @skeletor every time :)