Notices by da_667 (da_667@infosec.exchange), page 4

There are many that think no 2FA is better than SMS 2FA. I'll keep this brief and say

No. you're fucking wrong. At least TOTP/keys are still an option.

this is quite possibly the dumbest fucking vuln I've ever seen.

https://www.tenable.com/cve/CVE-2022-24990

Hey folks, I've been hearing a lot of ruminations about a potential wave of ransomware/wiper malware wiping ESXi servers using CVE 2021-21974 - OpenSLP.

I managed to put together a signature for it, and I'm really fucking proud of how it all came together so fast. The rule will be out with tonight's ETOPEN rule release -- that means the rule will be available for snort 2.9.x, Suri4, and Suri5+

any of ya'll just shave your entire beard out of disgust and frustration after about a month? No? Just me? Alright, carry on, then.

@silverwizard it frustrates me to no fucking end, that DoH was opt-in by default on all new installs of Chrome and firefox, completely bypassing any filtering the user may have had set up. Hope you have ublock origin installed.

I want you to consider that nowhere in the RFC is privacy mentioned as a primary design goal of DoH. The only two goals are first-hop integrity, and bringing DNS resolution to the application.

So you have some measure of privacy/integrity to the DoH server, but no idea whether whether or not, or to whom they're giving your DNS queries to.

On top of that, bringing DNS resolution into the web application is going to have implications with regards to ad blocking.

With the sunsetting of manifest V2, and supposedly limiting the effectiveness of ad blockers, they're coming for your browsing data, and are here to make you watch ads. You know, those same ads from ad delivery networks that are serving you malware currently.

I mean, any DNS provider can provide you with platitudes promising to not log your IP address or DNS queries, but you'll never actually know if they are or they aren't unless you see the server configs yourself. So there's that.

Cloudflare claims that they don't log PII, but then immediately say that the may hold on to personally identifiable query data for up to 25 hours.
https://www.cloudflare.com/privacypolicy/

They claim to do a lot of redaction in their dns-specific policies, but there is a lot of deliberate word usage. They don't story anything in non-volatile memory. The only capture ".05% of all traffic sent to Cloudflare’s network infrastructure" (but don't specifically mention their DNS infrastructure).

What I'm getting at is that if you didn't learn about how much companies value your privacy by the cascade of breaches over the past decade or the intelligence community leaks, then you weren't paying attention.

Also, several malware authors, and a number of new and aspiring frameworks use DoH as a C2 method. There's no clear communication from major DoH providers on how they plan on handling abuse of infrastructure. I brought concerns to cloudflare executives of known malware campaigns using their DoH infra, and they didn't give a shit.

Your periodic reminder that DNS over HTTPS does nothing for your privacy.

the realtek logo is a crab with its arms in the air preparing to rave, and I will die on this hill.

Am I losing my fucking mind or are potato products that aren't mashed potatoes, or whole russetts really fucking hard to buy these days?

Its nearly in-fucking-possible to get hashbrown patties or fries these days unless you have exceptional timing.

@dnsprincess
"Thats a problem for future me"
>some time passes
"The fuck is this? Past me is an asshole."

well, I said I wouldn't go to be at 1:30 in the morning again. and technically its not 1:30 in the morning.

@jerry @Viss I understand the value of pentesting, but this is neither a pentest, nor are you running a bug bounty. that's kinda, technically illegal for them to be doing that.

This is your circus, but if anyone was dumb enough to actually admit to doing that to shit that I'm running for a massive community, they get the ban hammer.

@Koyn @0xamit @apiratemoo @accidentalciso @alyssam_infosec @dnsprincess @Blenster @chrissanders88 @cirriustech @ChristinaStokes @dave_cochran @pdp7 @Em0nM4stodon @eric_capuano @Ellopunk @frankmcg @gossithedog @hacks4pancakes @hexadecim8 @Heidi @InfoSecSherpa @internetofshit @jerry @jackrhysider @JaysonEStreet @joshbressers @k8em0 @kurtseifried @malwaretech @mattblaze @malwareunicorn @siliconshecky @nightmareJS @Pwnallthethings @paulasadoorian @racheltobac @r0wdy_ @TheL0singEdge @stux @SwiftOnSecurity @Sysengineer @spacerog @shortstack @SheHacksPurple @SteveD3 @tinker @triciakickssaas @threatresearch @vi @bsideschicago @bsidesorlando @BSidesNYC @BSidesLV @bsideskc @bsidesmelbourne @CircleCityCon @CypherCon @pancakescon @thotcon

image spam. Also thank you and happy thanksgiving y'all.