Notices by hrbrmstr 🇺🇦 🇬🇱 🇨🇦 (hrbrmstr@mastodon.social)

a great many brave souls were injured or died many years ago to fight the forces that have found a way to be in leadership or of great influence in present-day western democracies.

we should all feel pretty ashamed of that as we strive to appreciate their now nigh futile sacrifices. that "nigh" is doing a ton of heavy lifting, and only exists in that sentence thanks to some modern brave souls who are working daily to turn the tide.

The brazenness of this one IP from Amarutu's ASN is just staggering.

No ISP shld be allowing transit from any IP from Amarutu.

This ASN has been a bane for almost as long as I've had the mini-fleet up. And the most recent activity isn't even the worst that it has slung.

Someone must really want as many nodes as possible for some upcoming DDoS parties.

My janky sensor fleet caught these IPs slinging what looks to be the same "nuclear" Mirai-variant we saw for the telnet/cPanel campaign last week. This time over React2Shell payloads.

87.120.191.93
45.205.1.16
80.75.212.14

2026-03-21 to 2026-04-18

Gosh this was a (recent) first-hand lived experience.

I'm dismayed it's more prevalent than I hoped.

https://nooneshappy.com/article/appearing-productive-in-the-workplace/

Bonus Drop #115 (2026-05-03): Terminal Velocity

The latest (and, hopefully final only- Bonus Drop) showcases a cadre of terminal emulators, highlighting their unique features and technologies. It covers OpenWarp, Macterm, rootshell, Rio, and Foot, each with distinct attributes related to performance, design, and underlying technology. The author discusses usability for different systems, emphasizing safety and configurations while noting trends toward AI integration…

http://dailydrop.hrbrmstr.dev/2026/05/03/bonus-drop-115-2026-05-03-terminal-velocity/

one thing my telnet charts didn't show yesterday is that my tiny, janky little fleet got hit with over 3 million telnet sessions (remember: 5 node fleet with only 4 with telnet traps), w/~1.2M of them on the 30th.

Cannot wait til Copy Fail gets fully weaponized in Mirai.

The root cause chain is damning. No file type restrictions on inbound support chat attachments. No automated EDR coverage reconciliation against the identity provider. Okta FastPass let the compromised device satisfy MFA on its own. The initialization codes — functionally equivalent to the certificates themselves — were visible in every proxied support session because the support portal was never threat-modeled as an attack surface. "Privileged access" stopped at the HSM boundary. (3/5)

DigiCert — a certificate authority, the entity you're trusting to anchor your entire chain of trust — got compromised because a support analyst opened a .scr file from a chat session. In 2026. CrowdStrike was misconfigured on one endpoint and completely absent on another. Nobody noticed the second compromise for 10 days. The attacker grabbed EV code signing initialization codes and walked out with 60 certificates. Zhong Stealer, signed and shipped. (2/5)

Cow-orker @mle shared this ~2-week-old DigCert incident report today (i blame my Q1 $WORK chaos for me missing it): https://bugzilla.mozilla.org/show_bug.cgi?id=2033170… (1/5)

Doing Free Comic Book day and hitting some bookstores in Portland (the good Portland in Maine) and had a @spaf sighting!

It did not take the community long at all to kill Warp's surveillance and business model: https://openwarp.zerx.dev/

FWIW future me is so glad previous me did the Brewfile b/c it made setting up the new work laptop SO MUCH FASTER/EASIER

#macOS folks!!

Today is a *great* day to:

```bash
brew update && brew upgrade && brew cleanup && brew doctor
```

then:

```bash
brew bundle dump --file=~/Brewfile --describe --force
```

to create a `Brewfile` you can use to "quickly" restore the Homebrew bits that you rely on.

The EGO snow blower has been the best outdoor "tool" I've ever purchased and used. The EGO push mower is second on the list.

The former made quick work of the ~5" that dropped overnight.

It should be a criminal offense that 7-zip did not register itself at all the TLDs.

This never should have happened.

https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes

@mttaggart @Dio9sys @cR0w @iagox86 @raptor M I C H A E L

@cR0w it's auth, tho, so can't be 10

TMW the wind destroyed time https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/ACADD3NKOG2QRWZ56OSNNG7UIEKKTZXL/

MS is nothing but full of a greedy bunch of sociopathic SOBs.