infosec

infosec

Discussions about information security, applied cryptography, and privacy-preserving technology

m_j_r pfp

https://warpcast.com/a16zcrypto/0x78527e51

0 reply

0 recast

3 reactions

Ed O'Shaughnessy pfp

Ed O'Shaughnessy

https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying

0 reply

1 recast

0 reaction

Mantej Rajpal pfp

1 reply

1 recast

8 reactions

Daniel Lombraña pfp

Daniel Lombraña

Apple's Find My Network Exploit Lets Hackers Silently Track Any Bluetooth Device 9to5Mac reports: Although AirTag was designed to change its Bluetooth address based on a cryptographic key, the attackers developed a system that could quickly find keys for Bluetooth addresses. This was made possible by using "hundreds" of GPUs to find a key match. The exploit called "nRootTag" has a frightening success rate of 90% and doesn't require "sophisticated administrator privilege escalation." In one of the experiments, the researchers were able to track the location of a computer with an accuracy of 10 feet, which allowed them to trace a bicycle moving through the city. In another experiment, they reconstructed a person's flight path by tracking their game console. https://yro.slashdot.org/story/25/02/28/013227/apples-find-my-network-exploit-lets-hackers-silently-track-any-bluetooth-device?utm_source=rss1.0mainlinkanon&utm_medium=feed

1 reply

0 recast

1 reaction

Ed O'Shaughnessy pfp

Ed O'Shaughnessy

https://www.schneier.com/blog/archives/2025/02/an-icloud-backdoor-would-make-our-phones-less-safe.html

0 reply

0 recast

1 reaction

Mantej Rajpal pfp

1) Does Apple really care about encryption? 2) What was the U.K. really asking for? 3) How might Apple respond to a broad global demand from the U.K.? https://blog.cryptographyengineering.com/2025/02/23/three-questions-about-apple-encryption-and-the-u-k/

1 reply

1 recast

2 reactions

Mantej Rajpal pfp

If you have “Messages in iCloud” enabled, then messages are stored in iCloud separately (E2EE) and not included as part of the iCloud backup. But if you both a) don’t have Messages in iCloud enabled and b) don’t have Advanced Data Protection turned on, then RIP https://x.com/matthew_d_green/status/1892954546873180608?s=46&t=dO0uo_CgV6MrB7N3NkVjDA

0 reply

0 recast

3 reactions

Daniel Lombraña pfp

Daniel Lombraña

If you are running a Palo Alto firewall, this is important. 3 CVEs have been patched, CVE-2025-0108, CVE-2024-9474 and CVE-2025-011, but attackers are trying to gain root access. Apparently attackers are chaining the CVEs and getting access to firewalls, so they are urging their users to patch the os asap. More info here https://it.slashdot.org/story/25/02/19/2059256/palo-alto-firewalls-under-attack-as-miscreants-chain-flaws-for-root-access?utm_source=rss1.0mainlinkanon&utm_medium=feed

0 reply

0 recast

3 reactions

Mantej Rajpal pfp

How the NSA Allegedly Hacked China’s Northwestern Polytechnical University https://www.inversecos.com/2025/02/an-inside-look-at-nsa-equation-group.html

1 reply

0 recast

3 reactions

Daniel Lombraña pfp

Daniel Lombraña

The last trick to steal your password and wallet money has been through Steam. Apparently, hackers created a game with the Vidal info stealer malware. The game's name is PirateFi. I would say they didn't hide their intentions with that name.

0 reply

0 recast

3 reactions

Mantej Rajpal pfp

tl;dr If you use iOS, turn on Advanced Data Protection right now. Mass adoption is a consistent and reliable path to making a technology—in this case, end-to-end encrypted iCloud—mandatory. Settings -> Apple Account -> iCloud -> Advanced Data Protection -> Turn On The onus is still on Apple to make encrypted iCloud the default instead of opt-in 🫠 https://blog.cryptographyengineering.com/2025/02/12/u-k-asks-to-backdoor-icloud-backup-encryption/

1 reply

2 recasts

5 reactions

Daniel Lombraña pfp

Daniel Lombraña

I don't know how much on this article is correct or just an assumption, but it is really worrying that such systems can be accessed and modified that easily: https://www.schneier.com/blog/archives/2025/02/doge-as-a-national.html

0 reply

0 recast

1 reaction

Mantej Rajpal pfp

You don’t need to be an information security expert to understand that DOGE isn’t technically equipped to access the systems that they now have access to. Let’s not understate this. If the datasets currently available to DOGE are mishandled, it could compromise the safety of Americans serving abroad — intelligence operatives, military personnel, and diplomats — by way of exposed security clearance records, sensitive payment systems, and other classified materials. Like Cameron, I hope and pray no one in service to our nation is harmed 🇺🇸

1 reply

6 recasts

12 reactions

Ed O'Shaughnessy pfp

Ed O'Shaughnessy

Ooph! https://www.schneier.com/blog/archives/2025/02/delivering-malware-through-abandoned-amazon-s3-buckets.html

1 reply

0 recast

0 reaction

▫️Onyx pfp

@cipherscript.eth

🚨 HackManac Reports OpenAI Data Breach! A threat actor is allegedly in possession of login credentials tied to 20 million OpenAI user accounts. A sample dataset has been released, with additional credentials reportedly being sold for a nominal fee. The validity of these claims remains unconfirmed at this time. If you’ve only ever signed in using Google or Apple Single Sign-On (SSO) (meaning you never created a standalone OpenAI password) your risk would be comparatively lower. ChatGPT users around the globe experienced issues with the OpenAI chatbot late Wednesday. *(Translated from original source)* "When I realised that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me - this is a treasure, and Jesus thinks so too"

0 reply

0 recast

1 reaction