cheet
@cheet@infosec.pub
- Comment on Zelda 64: Recompiled 4 months ago:
Yeah this is a good analogy, except it comes from tooling that would allow any n64 game to be converted with some work.
Like an openmw generator for any Bethesda game.
- Comment on Microsoft is testing Game Pass ads on the Windows 11 Settings homepage 6 months ago:
if you’re in the know, check out vlmcsd on github and “test” windows enterprise with KMS. It can run on everything from a pi, to docker, to openwrt. If you’re really gangster, you can set up SRV records and get auto activation on your lan
- Comment on Rabbit R1 AI box revealed to just be an Android app 6 months ago:
Holy shit, that’s actually hilarious, I imagine someone would have noticed when their paste/auto type password managers didn’t work
For those confused, this sounds like instead of making a real website, they spin up a vm, embed a remote desktop tool into their website and have you login through chrome running on their VM, this is sooooo sketch it, its unreal anyone would use this in a public product.
Imagine if to sign into facebook from an app, you had to go to someone else’s computer, login and save your credentials on their PC, would that be a good idea?
- Comment on Spotify plans to raise prices this year and introduce new plans - GSMArena.com news 7 months ago:
Give me some artists and I’ll look em up for you.
- Comment on Playing GameCube classics, but in 4K on a Mac with PlayStation controllers, just like Nintendo intended. 8 months ago:
The blog post they did showing how they do a sort of regression testing is still some of the coolest devops I’ve seen.
Check the FifoCI stuff here.
- Comment on Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown 9 months ago:
The thing is, if there’s a wireless exploit/hack that can cause “patient harm” the FDA+Health Canada would force a recall the sec its publicly known.
The flipper wouldn’t be the only thing able to exploit it, anybody with a radio and some software would be able to. It just so happens the flipper can also do it cause its a swiss army knife and has a general purpose radio.
Generally by the time an attack exists on the flipper, its already been mastered on laptops and raspberry pis and stuff, putting it on the flipper is more to make it available to test easily without having to lug out the laptop. Nobody is inventing new exploits for such underpowered hardware as the flipper. People are porting known exploits to it.
I can’t say how concerned you should be, but this won’t make her any safer than before, equal risk. Just as likely someone with a laptop in a backpack doing that. We don’t make laptops illegal tho.
What I would be concerned about is the idea that the company that makes the implant would not be able to easily test for issues in the implant with such an “illegal” device. Yes they could use a laptop, but you don’t use an xray machine to find a stud, you use a handheld studfinder cause its cheap and easy.
Hope that helps explain a bit
- Comment on Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown 9 months ago:
Im a security professional who works to harden medical devices. I use the flipper zero to easily test many different protocols that would be a pain in the ass to do “manually”.
The flipper makes it easy for me to verify IR, sub GHz, USB, SPI, and many other protocols while being able to walk around the devices I test.
Without the flipper I could totally do these checks with homebrew tools, a pi and an rtlsdr (unless thats gonna be illegal too?) But it would take me writing new tools and procedures rather than the ease of the flipper.
Anybody in the know can tell you that the hardware isn’t anything special, and like many others have said, its like making a swiss army knife illegal cause the toothpick can be used to pick a lock.
This isn’t gonna stop anybody, if pentest tools are showing flaws in your product, maybe we should send flippers to the car manufacturers and tell them to fix their shit. You shouldn’t be allowed to sell a car that can be wirelessly hacked like this, just like how the FDA doesn’t let you sell medical devices that can be hacked like that.
You don’t just put the cat back in the bag…
- Comment on Amazon finds $1B jackpot in its 100 million+ IPv4 address stockpile | The tech giant has cited ballooning costs associated with IPv4 addresses 9 months ago:
In addition to what the other commented said, a lot of sys and net admins really don’t like the idea of every lan device being globally addressable, while there’s ways around it, a standard ipv4 Nat is a safety blanket to a lot of admins… Not that it should be like that, just my observation.
- Comment on [deleted] 11 months ago:
Can you really not read any of the compiled code tho? Like if I take the binary, put it in ghidra and use that to reverse engineer something, is that not clean room still?
I remember watching Halt and Catch fire where they had 1 group writing specs for what he REed and another group would write that code according to spec.
- Comment on xkcd #2867: DateTime 11 months ago:
Holy crap I wasn’t ready for that. Great rec tho
- Comment on new rule 11 months ago:
How’d you get my shell history?
- Comment on Which controller did you start with? 11 months ago:
N64, and no I’m still not sure how to hold it, I always end up walking funny.
- Comment on Backdoored firmware lets China state hackers control routers with “magic packets” 1 year ago:
From what I gather it’s closer to a port knock than magic packets