Notices by darf 😈 (darfplatypus@infosec.exchange)

HIPAA doesn't say who has to hold the encryption keys.

@legacv @cR0w I can only imagine that sharing notifications was a bolted on capability and their auth flow doesnt account for that properly. So theres no sense of RBAC for the shared with user and when they click it just lets them in like a fully auth'd user.

but thats me spitballing with literally zero research.

@cR0w @legacv Legacv if you ever get super bored and need an AppSec project, start downloading SOHO router firmware, then binwalk the filesystem out of it, then do security review of their web panels. I'm willing to bet within 10 you look at, you'll find something horribly wrong.

@cR0w @legacv friend of mine and I won a contest at DefCon for backdooring a malicious update into a samsung IOT camera. literally just take firmware off the internet, slam a netcat shell in the init system as root, put it on a web share and DNS AITM to feed it a bad update.

@cR0w @Viss im currently waiting for the local place I love to open their brick and mortar after closing their ghost kitchen.

@cR0w @Viss theyre the only place ive found around here to do birria. and im pretty sure between me and a friend of mine, we're putting one of their kids through college 😂

@Viss Strategically Transport Equipment to Alternative Locations. 😅

@cR0w @grey shhhhh let me be a trash racoon in peace.

@kims as someone who likes dogs considerably more than people, i fully support this!

I'm looking for some stickers to throw on a pelican case along the lines of "sensitive electronics" "danger" "fragile contents" etc if anyone has suggestions on what else I should throw on there and where I can buy them 1 at a time rather than the 500x bulk options on amazon.