Posts
@dsp @badkeys That's a limitation of DNS, and management UI's can make configuring larger strings quite frustrating. My favorite is when parts of the base64 gibberish are mixed up in the DNS response so you can see that there is something that *looks like* your public key, yet it won't verify your messages.
View full thread on infosec.place
0
0
0
@badkeys@infosec.exchange My educated guess is they couldn't fit larger keys into their DNS records...
View full thread on infosec.place
1
5
2
@wdormann I'd agree with that, but I don't know what level of control apps have on mobile.
@Mer__edith
View full thread on infosec.place
0
1
0
@wdormann As I understand they "knowing why" (as of now) doesn't imply this was *expected* behavior before.
I'd compare the persistent (not self-deleting) messages dilemma to secure deletion: below the next architectural boundary you can't really decide what's happening to your data ("were the bits of that file really deleted from the disk?"), but in special cases you take extra steps to prevent leaks ("let's overwrite a bunch of times, hopefully it helps").
@Mer__edith
View full thread on infosec.place
1
1
0
@claesdevreese To be fair and factual there were quite significant intelligence leaks _against_ the same candidate too during the past weeks.
View full thread on infosec.place
0
0
0
Fair criticism of the latest @Bellingcat@mstdn.social piece about leaked .gov.hu credentials (HU, use your favorite translator):
https://kiber.blog.hu/2026/04/09/tobb_szaz_magyar_kormanyzati_jelszo_kerult_ki_az_internetre_ja_de_mikor
There is *a lot* to report about in Hungarian politics/natsec, but digging up old credential dumps just misdirects attention and discredits relevant investigative work.
View on infosec.place
https://kiber.blog.hu/2026/04/09/tobb_szaz_magyar_kormanyzati_jelszo_kerult_ki_az_internetre_ja_de_mikor
There is *a lot* to report about in Hungarian politics/natsec, but digging up old credential dumps just misdirects attention and discredits relevant investigative work.
0
0
0
@brewsterkahle "and if we think them not enlightened enough to exercise their control with a wholesome discretion, the remedy is not to take it from them, but to *inform their discretion by education*.”
Maybe you can point me to the right direction about this: today we see pretty clearly how un/mis/disinformed masses can ruin democracies, yet I see very little push for basing voting rights on education/knowledge. Why is that? (I know the "literacy tests" in the US were badly abused but this doesn't mean that fair systems are impossible)
I don't expect a full explanation, would be happy with some pointers.
View full thread on infosec.place
0
1
0
Is your KitKat Stolen?
https://nestlecorporate.qualifioapp.com/quiz/1776864_2455/CDCG-KITKAT-STOLEN-FORM.html
View on infosec.place
https://nestlecorporate.qualifioapp.com/quiz/1776864_2455/CDCG-KITKAT-STOLEN-FORM.html
0
2
0
[RSS] Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices
https://www.evilsocket.net/2026/04/02/Mongoose-Preauth-Remote-Code-Execution-and-mTLS-Bypass/
View on infosec.place
https://www.evilsocket.net/2026/04/02/Mongoose-Preauth-Remote-Code-Execution-and-mTLS-Bypass/
0
0
0
@dosnostalgic I feel deep spiritual connection with the kid on the couch
View full thread on infosec.place
0
0
0
0
4
0
There is currently an insane spy thriller running in #Hungary ICYMI:
https://www.direkt36.hu/en/titkosszolgalati-nyomasra-tortent-hazkutatas-a-tiszat-segito-informatikusoknal-aztan-kibukott-egy-gyanus-muvelet-a-part-ellen/
A 90min interview with the whistleblower was released too that reveals even more pieces of the puzzle. The whole thing screams for a movie (and long prison sentences).
View on infosec.place
https://www.direkt36.hu/en/titkosszolgalati-nyomasra-tortent-hazkutatas-a-tiszat-segito-informatikusoknal-aztan-kibukott-egy-gyanus-muvelet-a-part-ellen/
A 90min interview with the whistleblower was released too that reveals even more pieces of the puzzle. The whole thing screams for a movie (and long prison sentences).
0
7
0
@freddy Not that I know of unfortunately. Your post reminded me of this one and took me a while to even find the video I watched a couple yrs back... It's concise, works by listening only and the seek should already be at the end of the ad segment :)
View full thread on infosec.place
1
0
0
@freddy "broken attention span" is a pretty interesting topic:
https://www.youtube.com/watch?v=aDfeOvUZ7Kk&t=240s
View full thread on infosec.place
0
2
0
"The decision not to build something is a decision, an important one! Document it accordingly."
https://terriblesoftware.org/2026/03/03/nobody-gets-promoted-for-simplicity/
Many other things to quote from this piece!
View on infosec.place
https://terriblesoftware.org/2026/03/03/nobody-gets-promoted-for-simplicity/
Many other things to quote from this piece!
0
0
0
[RSS] A Copy-Paste Bug That Broke PSpice(R) AES-256 Encryption
https://jtsylve.blog/post/2026/03/18/PSpice-Encryption-Weakness
View on infosec.place
https://jtsylve.blog/post/2026/03/18/PSpice-Encryption-Weakness
0
0
0
0
0
0
[RSS] KslDump -- Why bring your own knife when Defender already left one in the kitchen?
https://github.com/andreisss/KslDump
View on infosec.place
https://github.com/andreisss/KslDump
0
0
0
Hear me out: The boiling point of ethanol is well within the range of operating temperatures of GPUs, so we could use all those AI datacenters to brew moonshine!
View on infosec.place
0
10
0
@dale_price The fact that browsers used to make you click through a warning window when you encountered a HTTPS site still makes me giggle
View full thread on infosec.place
1
0
0
In the Future All Food Will Be Cooked in a Microwave, and if You Can’t Deal With That Then You Need to Get Out of the Kitchen
https://www.colincornaby.me/2025/08/in-the-future-all-food-will-be-cooked-in-a-microwave-and-if-you-cant-deal-with-that-then-you-need-to-get-out-of-the-kitchen/
View on infosec.place
https://www.colincornaby.me/2025/08/in-the-future-all-food-will-be-cooked-in-a-microwave-and-if-you-cant-deal-with-that-then-you-need-to-get-out-of-the-kitchen/
0
2
0
Humble request for vibe-coders: report your runtime errors!
LLM tends to insert Pokémon exception handlers everywhere, making problems (of which vide-code has a *lot*) hard to even notice.
Slightly related illustration:
View on infosec.place
LLM tends to insert Pokémon exception handlers everywhere, making problems (of which vide-code has a *lot*) hard to even notice.
Slightly related illustration:
0
6
0
"Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters" by Rasmus Moorats
https://blog.nns.ee/2026/01/06/aike-ble/
View on infosec.place
0
3
1
I updated my MC-NBFX serializer (of WCF's NetTcpBinding fame) for comatibility with the latest @kaitai@infosec.exchange release:
https://github.com/v-p-b/nbfx/commit/bb588dec57e0dfee6db389de70235d9693ea6d6a
It turned out that the release introduced mandatory consistency `_check()`s for serialization (see Release Notes) that force you to take additional hurdles during development, but unit tests paid dividends as I emphasized in the announcement post:
https://blog.silentsignal.eu/2024/10/28/wcf-net.tcp-pentest/
#pentest #UnitTesting
View on infosec.place
https://github.com/v-p-b/nbfx/commit/bb588dec57e0dfee6db389de70235d9693ea6d6a
It turned out that the release introduced mandatory consistency `_check()`s for serialization (see Release Notes) that force you to take additional hurdles during development, but unit tests paid dividends as I emphasized in the announcement post:
https://blog.silentsignal.eu/2024/10/28/wcf-net.tcp-pentest/
#pentest #UnitTesting
0
0
0
I completely missed that @kaitai@infosec.exchange v0.11 was finally released with serialization support:
https://kaitai.io/news/2025/09/07/kaitai-struct-v0.11-released.html
This is huge and it's great to see that @nlnet@social.nlnet.nl money goes to the right places!
View on infosec.place
https://kaitai.io/news/2025/09/07/kaitai-struct-v0.11-released.html
This is huge and it's great to see that @nlnet@social.nlnet.nl money goes to the right places!
0
2
0