Notices by kajer (kajer@infosec.exchange)

@tk @doskel

The system, is down.

@kevie @beersofmastodon

It was a wonderful time! I'd go back in a heartbeat. The Tow driver got us in touch that night. Funny thing was, that exact rock was a known hazard that the tow driver has rescued plenty of people prior to my run-in. The tow driver was petitioning the council to remove it. That was 2015.

@kevie @beersofmastodon

I loved Stornoway when I was on the outer islands. Until i clipped a rock near the Isle of Harris gun club and had to be towed back to Stornoway, on a sunday with 2 flat tires.

Cheers to the owner of Stornoway Spares at 8 Bells Rd. for getting me fixed up on a Sunday evening so I could get back to Tarbert to make the morning ferry.

Also, I happened to be there the weekend they converted the airport to a drag strip. So much fun that night!

@ryanc 3des is where it's at

@ryanc it's forced read receipts

cool, cool, the ISP for the transmitter site gave us a /29 net block. But..... 3 of the addresses in "our" block are in use by other customers,.. Windows IIS default page... Sophos VPN portals...

seems like "our" /29 is not ours. FUN!!!

@ryanc @darfplatypus @cR0w @legacv

@darfplatypus @cR0w @legacv During the first few years of OpenCTF at Defcon ~16ish we ran an open http server on our network full of linux ISOs. Stuff like Ubuntu Live images, KALI, etc, including the matching .MD% and .SHA256 files

but these ISOs were all root kitted with open SSH servers and pre-populated root credentials. We ran a server that these ISO images did reverse SSH tunnels to, so we had root on nearly every other teams laptops because they all booted off the live ISO we had provided them.

no points for this, just a lot of full screen shock images.

Holy fucking shit Broadcom:

As no new order(s) for subscription licenses and support services has been executed between the parties, Support
Services are no longer available for the perpetual Software listed in the Order(s) and such Software licenses deployed
in your environment are running unsupported.
VMware, therefore, immediately demands that all use of Support Services associated with VMware Software, including
Maintenance Releases/Updates, Minor Releases, Major Releases/Upgrades extensions, enhancements, patches, bug
fixes or security patches (with the exception of zero-day security patches for vSphere 7.x and 8.x, CVSS score greater
than or equal to 9.0, so long as those are generally provided by VMware at no cost) be ceased.
The implementation of any of the aforementioned (excluding select zero-day patches as defined above) past the
Expiration Date must be immediately removed/deinstalled. Any such use of Support past the Expiration Date constitutes
a material breach of the Agreement with VMware and an infringement of VMware’s intellectual property rights,
potentially resulting in claims for enhanced damages and attorneys’ fees.
Additionally, Customer must comply with any post-expiration reporting requirements related to the Order(s) and
governing license agreement. Failure to comply with such requirements may result in a breach of the Agreement by
Customer and VMware may exercise its right to audit Customer as well as any other available contractual or legal
remedy.

@ryanc @Viss https://old.reddit.com/r/itrunsdoom/ is another place of weird doom ports.

I personally liked the Cisco CDP hack to then get a java applet running on a 8841 phone.

@ryanc I used a ATS02= command prior to connection, your hax wont work here!

ATH0

@ryanc there may be a bonus update today...

This camera was OEM branded a few other places too, but the best I can find is this is originally a VHD-V50U camera.

Finding firmware images from 15 years ago is not as easy as I was hoping for. SO MANY MANUALS though... :(

I went down the rabbit hole of "free stuff is not free" and here I am.

If anyone here has a PTZoptics 20X Generation1 camera, I would like a word please. I need some firmware that the vendor claims they don't have.

The firmware can be extracted and stored as a backup using their archaic update tool that isn't shady looking at all.

Getting desperate - found someone from the OEM on linked in that was offering firmware files via DM/email for various VHD-based camera models. I sent and email asking for VHD-V50U usb/fpga bin files. Let's see if this pans out.

get it, pans, as in PTZ camera?
thatsthejoke.jpg

Sadly due to CSS and JS fuckery back in 2017, the wayback machine doesn't have the page or links to the old firmware files published by ptzoptics. The firmware page uses onclick to show things, and wayback can't handle that, at least not back in 2017 archives.

I really hate javascript.

Lol, the one youtube video showing how to update firmware for that camera mode is from the same support person telling me they don't have firmware files for that camera.

🤦♂️

Final PTZ camera update:

It's e-waste. Nobody anywhere, even the OEM, has the USB/FPGA firmware bin files needed to unbrick the camera.

The SoC works, and I can interact with the webapp, but the camera functions and PTZ controls are cooked. We can even flash an older firmware image which is the USB firmware+JFFS2 filesystem, but no FPGA code anywhere.

:(