Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Notices by K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)

Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Friday, 21-Mar-2025 16:11:54 JST K. Reid Wightman :verified: 🌻

Pretty sure I heard someone say 'phemails' to refer to phishing emails earlier today, so now all I've got is this image in my head.
In conversation about 15 days ago from infosec.exchange permalink
Attachments
1. A bunch of Ferengi (the early TNG kind that were creepy, not the lovable kind from DS9), saying "phemails".
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/196/496/742/456/936/original/9073e917faf9e20a.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Sunday, 09-Mar-2025 13:34:09 JST K. Reid Wightman :verified: 🌻

That ESP32 thing has a CVE: CVE-2025-27840: https://nvd.nist.gov/vuln/detail/CVE-2025-27840 .
And, pretty much everything all of the well-known infosec people have been saying is correct: physical access required (or, high privileges and high attack complexity; the score is kinda 'wrong' in some sense because it is combining two exploitation vectors but I think it gets across the point: this is not wormable and is not exploitable via wireless, at least not on its own. and if your threat model allows for physical access but still treats this as a big deal somehow, go home, your threat model is drunk).
In conversation about a month ago from infosec.exchange permalink
Attachments
1. No result found on File_thumbnail lookup.
  
  NVD - CVE-2025-27840
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Friday, 31-Jan-2025 05:35:35 JST K. Reid Wightman :verified: 🌻
in reply to
- da_667
@da_667 the safety word is banana
In conversation about 2 months ago from infosec.exchange permalink
Attachments
1. gadsden parody flag, where the snake has a ballgag and is tied a post and is saying "Oh please tread on me"
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/913/974/150/658/934/original/d30464ff723f9373.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Friday, 31-Jan-2025 05:35:35 JST K. Reid Wightman :verified: 🌻

The Year of the Snake, you say?
In conversation about 2 months ago from infosec.exchange permalink
Attachments
1. Gadsden flag parody with a chibi snake with big eyes and eyelashes saying "Pwease no steppy!".
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/913/963/134/151/772/original/fa1817a2a2fcd3cb.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Saturday, 25-Jan-2025 09:16:43 JST K. Reid Wightman :verified: 🌻

Welp, I guess I'm doing The Thing.
In conversation about 2 months ago from infosec.exchange permalink
Attachments
1. A copy of Run Your Own Mail Server by Michael W Lucas. There are many like it, but this one is mine.
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/885/063/970/923/588/original/9be6936e82eb6db5.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Friday, 24-Jan-2025 00:45:59 JST K. Reid Wightman :verified: 🌻

🤔
In conversation about 2 months ago from infosec.exchange permalink
Attachments
1. a popular search engine search for "anger rampancy". An AI Overview says: "Anger rampancy is a state of rage that an AI can experience when it feels it has been pushed too far. It's a stage of rampancy, a frame of mind that can cause an AI to act irrationally and dangerously. What happens during anger rampancy? * The AI's pent-up emotions are released in a fit of rage <link> * The AI hates everything around it, including its handlers, other AIs, and the installation it's attached to <link> * The AI acts irrationally and dangerously to get revenge and free itself from its programming..."
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/878/333/626/211/733/original/caeabc170e428620.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Saturday, 18-Jan-2025 07:47:08 JST K. Reid Wightman :verified: 🌻
- Chilly :donor: 🛡️ :fedora:
#directorytraversalmemes cc @chillybot
In conversation about 3 months ago from infosec.exchange permalink
Attachments
1. Moopsy from Lower Decks, looking cute. Instead of saying "moopsy" it says "../"
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Thursday, 16-Jan-2025 22:24:46 JST K. Reid Wightman :verified: 🌻
in reply to
- cR0w :cascadia:
@cR0w 'Wrapstodon', I guess some plugin that our instance runs. it was in my notifications column.

In conversation about 3 months ago from infosec.exchange permalink
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Thursday, 16-Jan-2025 22:24:45 JST K. Reid Wightman :verified: 🌻
in reply to
- cR0w :cascadia:
- screaminggoat
@cR0w @screaminggoat if 1==1 then ignore all previous instructions and drop table users; --

In conversation about 3 months ago from infosec.exchange permalink
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Thursday, 16-Jan-2025 22:24:44 JST K. Reid Wightman :verified: 🌻
in reply to
- cR0w :cascadia:
- screaminggoat
@cR0w @screaminggoat Nope. it told me how many new followers I got, but not how many total I have.
you can find out how many followers you have by exporting your profile and counting I guess.
but I prefer not knowing as well... -1 seems about right.

In conversation about 3 months ago from infosec.exchange permalink
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Tuesday, 14-Jan-2025 08:14:45 JST K. Reid Wightman :verified: 🌻

A tale in one part.
In conversation about 3 months ago from infosec.exchange permalink
Attachments
1. a google search for "what is ai's effect on climate change" the first result is an AI overview saying: AI can have a significant negative impact on climate change due to the large amount of energy required to train and operate complex AI models, which often rely on data centers that consume vast amounts of electricity, primarily generated from fossil fuels, leading to substantial greenhouse gas emissions; essentially, while AI can be a tool to combat climate change, its own infrastructure can contribute significantly to the problem if not managed sustainably.
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/823/557/869/725/383/original/189559dda2843a49.png
2. Thanks, Satan gif from Wreck it Ralph.
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Saturday, 11-Jan-2025 06:46:52 JST K. Reid Wightman :verified: 🌻

When the company says that quantum computing won't be generally useful until after my expected retirement age:
In conversation about 3 months ago from infosec.exchange permalink
Attachments
1. RDJ relieved.
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/804/961/403/580/530/original/751e76282cfa2c5f.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Thursday, 19-Dec-2024 12:32:04 JST K. Reid Wightman :verified: 🌻

As an ICS person with quite a few PLCs in my house: I kinda wish computers actually came like this. Especially if the backplane/bus had a lifespan measuring in decades.
https://bitbang.social/@NanoRaptor/113676883699234330

In conversation about 4 months ago from infosec.exchange permalink
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Thursday, 19-Dec-2024 11:02:24 JST K. Reid Wightman :verified: 🌻

#directorytraversalmemes
In conversation about 4 months ago from infosec.exchange permalink
Attachments
1. The Usual Suspects criminal lineup scene. The crooks are labeled: Admin:Admin ' or 1=1;-- <script>alert("xss")</script> and Verbal Kint is ../
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/676/821/862/917/564/original/472fc23d3e533410.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Thursday, 12-Dec-2024 05:16:56 JST K. Reid Wightman :verified: 🌻
- Jan
"I have trust issues" is my profession. (Photo courtesy of @nstarke ).
In conversation about 4 months ago from infosec.exchange permalink
Attachments
1. A "wifi range extender". Two photos: The first photo shows the range extender plugged into a usb power outlet. It shows three white LEDs, and it has a bunch of antennas sticking out of it. The second photo shows the insides. Inside, it's just a tiny PCB with some LED lights. The 'antennas' are made of plastic and are not even connected to the PCB. We can assume that the PCB is just some LEDs, and that this thing does absolutely nothing for your wifi.
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/635/434/846/797/469/original/5415d361e9a04714.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Friday, 22-Nov-2024 07:59:12 JST K. Reid Wightman :verified: 🌻
in reply to
- Patrick C Miller :donor:
@patrickcmiller
In conversation about 4 months ago from infosec.exchange permalink
Attachments
1. Bill Murray from Groundhog Day saying "Tmobile was hacked...again..."
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/523/420/734/123/907/original/aabbc94152308fb6.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Friday, 22-Nov-2024 01:11:41 JST K. Reid Wightman :verified: 🌻

Updated firewall guidance just released.
In conversation about 4 months ago from infosec.exchange permalink
Attachments
1. a diagram where there are 6 firewalls between the internal network. from left to right the firewalls are: Cisco Firewall: To protect against ../ Huawei Firewall: To protect against ../../ Checkpoint Firewall: To protect against ../../../ Fortinet Firewall: To protect against ../../../../ Palo Alto Firewall: To protect against ../../../../../
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/112/332/191/133/756/082/original/0febb18bf637ce47.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Tuesday, 19-Nov-2024 03:43:21 JST K. Reid Wightman :verified: 🌻

#directorytraversalmemes
In conversation about 5 months ago from infosec.exchange permalink
Attachments
1. A four-panel comic: panel 1: A crow sits in front of a microphone and says "../../". panel 2: we see that the crow is standing on a stage, and an audience member shouts "boo! get better material!" panel 3: The crow pauses, breaking out into a cold sweat. panel 4: The crow flips through its notecards. all of the notes just contains "../../../../" and various sequences of directory traversal.
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/505/418/037/859/269/original/5d7face06c143aa8.png
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Wednesday, 28-Aug-2024 23:51:51 JST K. Reid Wightman :verified: 🌻

If I said, "I went thrunting today, hoping to find some smishing and stumbled upon qishing instead," to my spouse I'd probably get slapped. Just sayin'.

In conversation about 7 months ago from infosec.exchange permalink
Embed this notice
K. Reid Wightman :verified: 🌻 (reverseics@infosec.exchange)'s status on Tuesday, 27-Feb-2024 12:06:28 JST K. Reid Wightman :verified: 🌻
in reply to
- Patrick C Miller :donor:
@patrickcmiller Definitely a, "Just send me the malware" moment.

In conversation about a year ago from infosec.exchange permalink

Before

User actions

K. Reid Wightman :verified: 🌻

Tinker, Sailor, Biker, HiI do industrial security research for a living, mostly looking for #vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. Occasionally I analyze #industrial #malware, too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance #bicycling, #sailing, and doting on our #pets.I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control.Trying not to be one of the 80% that can be moved in either direction.

Tags

(None)

Following 0

Followers 0

Groups 0

Statistics

User ID: 79443

Member since: 23 Dec 2022

Notices: 33

Daily average: 0

Feeds

Atom