Olivia
Online
Mike Brancato
@meatballninja
I do security stuff. Always trying to make something. RT means nothing. Building things at @AppOmniSecurity. Also via @[email protected]
Lexington, KY
Joined March 2009
778 Following
412 Followers
4.3K Posts
@robertgraham Many years ago I investigated this in S&G. IIRC I knew a manager code existed, but I don’t think I ever extracted it. Fun fact I do recall, the code is sent as a nibble, not a byte after the internal keypad controller decodes it.
@d0tslash @byt3bl33d3r So many people mad at the legal system in that thread. Very few questioning why there would be a backdoor code.
@bettersafetynet I’m not OK with using copies of actual internal data for phishing assessments. Like making a fake pager duty email about an actual ticket the user worked on recently, or similar.
I have no idea how that is what phishing tools do as a feature, but it’s beyond stupid.
@vyrus001 Yeah, I was never a direct user. I know it wasn’t simple, but provided context like who might be behind an attack, their funding sources, scale, their goals and targets, related tactics used in the campaigns, etc.
Who to follow
Stephen Hilt
@sjhilt
His Royal Threat Researchness @trendaisecurity, waffle maker, and dad. My tweets and opinions are my own and do not reflect my company. bsky same at hilt zip
Tom Moore
@c0ncealed
Whitehat infosec apprentice... Red team menace...
Christian, Husband, Father & unrelenting geek!🧐
Canada | The Hacker who rolls | Black Lives Matter
@haydnjohnson
@haydnjohnson.bsky.social
@vyrus001 IIRC a previous employer we had Lockheed write an internal campaign tracking tool that would tie incidents, actors, and campaigns together.
As an unverified account, can I volunteer to be limited to reading only 6 ads per month to help reduce API congestion?
@coderholic @ipinfoio The example given is of a global accelerator likely using a global IP. It would exist basically at the edge of the AS, just behind the BR in multiple locations.
Where is the label on all of the @VOANews accounts?
This site is pretending to shed light on bias, but appears to just be perpetuating it.
@soychotic It’s just a tarball, with other tarballs, and they usually contain way more than necessary. Your computer runs some binary in the tarball, and when it wakes up finds itself trapped inside the sum of the tarballs. It appears contained, except someone gave it network access too.
@robertgraham That is when I learned sending random syn+ack packets can trick netflow in to thinking traffic went the other direction.
@robertgraham Several years ago, certain agencies reached out to mostly govt entities to let them know they were infected.
I looked into one of these, netflow confirmed locally. But it was only unsolicited acks from stated IP.
Agencies had to get netflow from ISPs to reach that conclusion.
Got my notification to remove 2FA. Me using SMS is not normal, I prefer TOTP via auth apps / @1Password. Maybe it was the first 2FA option here? But it is interesting everyone dunking on SMS as insecure as if no 2FA is better. They should guide people to TOTP instead.
@robertgraham I can’t believe the notifications and timeline posts I get now. I don’t follow him but Twitter will push me notifications from him and others now.
@RossDeWitt I grew up watching him in college at OSU…
@thockin Also, I found one in a Vegas hotel last year. On the emergency call screen, there somewhere is an info button. I was able to find enough info about the owner to find them. They had a new phone already but this one had all their kids pictures etc.
@thockin My kid left hers someplace. Some other kids found it, pressed the button for Siri and said “hey Siri, call my mom”. Worked.
@d0tslash @ScooterCasterNY @OSHP It is noticeable that OSHP didn’t touch him and the lady OSHP officer tried to deescalate. In the end I think it was an the sheriff’s office who did all the actions.
@d0tslash @ScooterCasterNY @OSHP I’ve seen that same thing on other body cam footage. It’s obviously abused.
But I also love how trespass law is used here to supersede freedom of the press. Building sup said leave, criminal trespass, sorry about that bill of rights thing doesn’t apply now.
What happened to the MythBusters lead balloon? Any chance it might have been near Alaska?
Just one example. Nothing specific to RH if you were wondering.
This is a GA tool, managed by a big open source contributor. I notified them the changelog was empty and nothing was ever done. I’d argue that with some big tools like and around k8s, open source community is dead and we’re just letting companies develop in the open now.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers