Twitter is ending free API access.
-
PuTTY on my Win98 VM crashes OpenSSH and I'm somewhat hesitant to report it because I feel like they're going to keep the bug in out of spite because "why are you using ancient OS lmao"
https://social.treehouse.systems/@grawity/109689295609404907
From the release notes for OpenSSH 9.2
* [sshd(8)](https://man.openbsd.org/sshd.8) : fix a pre-authentication double-free memory fault introduced in OpenSSH 9.1. This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms.
https://www.openssh.com/txt/release-9.2
-
-
-
Let's do a quick #OopSec postmortem on this dickwizard Nikolas Sharp, who tried to ransom his employer Ubiquiti for 50 BTC (~$1.5MM at the time) after pilfering internal files.
* Operated from his home address and home internet connection. Thus, when his VPN failed, his system touched Ubiquiti servers using his home IP, which obviously implicated him.
Lesson: Never operate from your home, and if you must, don't use your own internet connection.
Lesson: Configure your VPN connection to fail safe.
* Used a commercial VPN paid with his own PayPal account with his name on it. (Even if his VPN hadn't failed, they probably could have gotten him on this anyway.)
Lesson: Use an onion router like Tor or pay for a VPN with cash or crypto
* Lied to the FBI. This is almost certainly netting him extra prison time.
Lesson: Don't talk to cops. Shut the fuck up!
And finally, this last one really defies reason:
* After the FBI *raided his house* , he went out and leaked a bunch of information to the press, whose reporting resulted in the Ubiquiti stock price taking a dive. As if LEO and the company weren't already incentivized to crucify this straw-brained sackcloth and flannel mockery of a human being, he went out and gave them even more reason and urgency to throw him in a cage.
Lesson: Once again, shut the fuck up!
Don't do crimes, kids, but if you are compelled by fortune or circumstance, maybe come up with a plan that doesn't unravel the moment everything doesn't go perfectly for you.
The BleepingComputer writeup on the story, and the link to a PDF of the indictment docs here:
https://infosec.exchange/@ceresbzns/109798315606083421
-
A Novel PayPal Scam
https://anderegg.ca/2023/02/01/a-novel-paypal-scam
-
Chinese spy balloon flying over U.S. ‘right now,’ Pentagon says
https://www.washingtonpost.com/national-security/2023/02/02/chinese-spy-balloon-pentagon/
-
Weird things I learned while writing an x86 emulator
https://www.timdbg.com/posts/useless-x86-trivia/
-
