Notices by da_667 (da_667@infosec.exchange)

I'm interviewing 3 candidates back to back to back for an internship role. We gave them a screening quiz to test their knowledge.

I have a sneaking suspicion they all used AI to answer the questions given to them. The mistakes are overall the same. The wording is ever so slightly different.

I'm kind of insulted.

@gsuberland @xssfox wanna know the best part of this? one of the candidates claims to be a CMU grad.

question for you all. plumber is trying to sell me on a whole house water filtration system to go with some other kinda required plumbing work around the house. Would it be worth it? I'm kinda leaning towards no, because Michigan's water quality in general (not counting northern michigan, because its all well water up there), is generally okay, but I'm looking for opinions.

@cR0w @badsamurai you know what I love the most? knowbe4 re-uses their SSL certs. its just one gigantic SSL cert for a bunch of domains. Congrats, you just doxxed your phishing infra because I can fuckin' read.

@GossiTheDog @NosirrahSec I can't fathom anyone replacing seasoned DFIR staff with a fucking AI. Even with force multiplier gains, it needs to be babysat consistently.

@GossiTheDog Imagine taking that big of a bonus after single handedly causing billions in damages over a single day due to gross negligence.

https://fortune.com/2024/08/03/crowdstrike-outage-fortune-500-companies-5-4-billion-damages-uninsured-losses/

But sure, fire the people saddled with fixing the incompetence. Let's see how that goes.

I might just settle in on one of the 30-odd inch curved monitors, see what I think and if I can deal with it, replace the 27in. 1080p monitor that refuses to die.

it's irritating that if you opt to go for a monitor above 27", that the fuckers are all curved. I feel like the curved monitors are a fucking gimmick.

One blog post from akamai is turning into multiple rules to cover vulns in IOT devices that I didn't have coverage for.

https://www.akamai.com/blog/security-research/2025/may/active-exploitation-mirai-geovision-iot-botnet

My thanks to akamai for a wonderful data source to pivot off of.

I wrote a thing. Its political. This is your only warning.

"Be the heretic that orange nazi gasbag believes you can be"

https://www.totes-legit-notmalware.site/home/be-the-heretic-that-orange-nazi-gasbag-believes-you-can-be

This did numbers while I was out today. Thank you for reading. I... didn't originally have a goal when I set out to write this.

But then the more I thought about it, the more I'm realizing there's no cavalry coming. All we have is each other, and that even the tiniest positive actions towards one another and our community as a whole accumulates.

But even if you don't have spoons, energy, attention span, or money to do anything, that's fine. those positive actions apply to you as well. Self-care is important. You are your own biggest advocate in that regard.

I also just wanted to remind everyone, these people in charge unapologizingly, remorselessly fucking awful skinwalkers, and that you have no obligation to make nice with supporters of this administration in any way. If they want a sympathetic ear, tell them to fuck off to any one of the multitudes of conservative hugboxes out there.

@Viss see also: anyone associated with organizing RSAC. I just don't fucking understand how or why you would want the concentration camp enjoyer to keynote your event, when literally anyone in charge of the CVE program, or from CISA themselves would've been an absolute fucking banger instead.

@Viss Literally could have had Jen Easterly come up on stage say "I don't have a job now, good luck" and mic drop.

a time-themed bar called the inifinite stratum, and nobody but NTP nerds will get it

you should've done it yourself

I've watched videos on how to do it. and I managed to somewhat successfully sharpen one knife without killing myself. It took me a whole afternoon.

This dude was done inside of an hour. I've no doubt he was using automatic tools

knife sharpening service was worth it. got 19 knives done for 78 bucks. Used one of my knives to butterfly chicken for chicken + riced cauliflower for lunch, and it was effortless.

They really needed the maintenance.

I can't stop fucking laughing.

https://www.varonis.com/blog/malicious-firewall-rules-in-azure-sql

TL;DR: if you have access to modify azure firewall rules, you can craft DELETE requests, and depending on the number of ../ in your request, can delete servers, resource groups, etc.

with thanks to @pjsliney for the heads up.

Also cc @Viss

Go to the cloud they said, it'll be fine they said

@r000t can't say that I have

today I've learned that ethtool doesn't work to check link or duplex speed on virtio devices because the VM and the host are aware its a virtual machine, and just yeets frames between VMs, or out the hypervisor's interface (if bridged) at link speed.

@GossiTheDog didn't even consider this. Hope your employer has strict MDM. But even then, who knows what happens.