Avatar

himazawa

himazawa@infosec.pub
Joined
8 posts • 37 comments
Direct message

How much like the corne do you want it to be?

like a normal keyboard and not split

Also, how DIY do you want to get?

As long as no soldering is required I am up for everything

permalink
report
parent
reply

WannaCry targeted hospitals, businesses and similar machines.

WannaCry targeted everything with SMB exposed, blindly.

Also, you should read more about security through obscurity, the fact that “no one will target you because you are a low-value target” is a false sense of security.

permalink
report
parent
reply

I don’t know why the author of the video didn’t mention it but LockDown mode is really useful.

At least for me the default is lockdown mode on and appropriate exceptions for websites I trust.

permalink
report
reply

I believe the risk of running outdated software is super inflated and mediatic, 99% of people would be absolutely fine running a version of Android from 3 years ago or Windows 8.

That’s the same thing people running windows XP on internet were thinking in 2017.

Then WannaCry arrived and they got their data encrypted :)

permalink
report
parent
reply

Perhaps images, video, font etc. rendering could be compromised?

Yes, it already happen in the past. Also the Wi-Fi and Bluetooth stack got exploited, like multiple kernel drivers.

But it shouldn’t be a matter of “in the past was X exploited?” but more on having a correct security posture.

Honestly if you are arguing about wasting a “perfectly working phone” you should blame it on the vendor, especially Android devices vendors have this let’s say “defect” of dropping the support after 4/5 years.

Also not going to talk about custom ROMs (with the super rare exclusion of some) managed by god knows who, without any security team behind.

Since even the NFC and Cellular Network stack got vulnerabilities the only way you would consider an old phone “safe” to use is just turning it into the equivalent of a local ARM server.

Also pretty fun seeing the replies in the original post talking about how Google Play store shouldn’t have malware on it.

permalink
report
reply

Do anyone knows if it support local-only without joining the p2p network?

permalink
report
reply

Exploited in the wild, reported in April, no fix since then?

Edit: looks like it was fixed on the 26th of April, why is tagged as 0day?

permalink
report
reply

Ahaha I had this exact same experience. Locked out because bitwarden didn’t get the code correctly. “Luckily” the jwt token never expires so I was able to log back in without the 2FA.

permalink
report
reply

You think that being convicted for lifetime is a solution anyway?

permalink
report
parent
reply

Honestly curious, why? I live in a country that doesn’t have it but I don’t see downsides if the crimes committed are way too bad. For example, why keeping alive (with contributors money) a serial killer?

permalink
report
parent
reply