Emiliano
@mahakam.bsky.social
Reposted by Emiliano
Io non so nemmeno come commentare. La Serie A (quelli di Piracy Shield, ricordate? Quelli disposti a bloccare mezza Internet pur di "fermare la pirateria") ha deciso di... trasmettere su YouTube le partite, gratis, in un certo numero di nazioni:
www.reddit.com/r/singapore/...
www.reddit.com/r/singapore/...
September 13, 2025 at 7:20 PM
Io non so nemmeno come commentare. La Serie A (quelli di Piracy Shield, ricordate? Quelli disposti a bloccare mezza Internet pur di "fermare la pirateria") ha deciso di... trasmettere su YouTube le partite, gratis, in un certo numero di nazioni:
www.reddit.com/r/singapore/...
www.reddit.com/r/singapore/...
Reposted by Emiliano
Il Proton Authenticator nuovo fiammante che è stato lanciato in pompa magna qualche giorno fa, ha qualche problemino di sicurezza piuttosto grave. 🫠
www.reddit.com/r/privacy/co...
www.reddit.com/r/privacy/co...
From the privacy community on Reddit: Proton Authenticator logs full TOTP secrets in plaintext
Explore this post and more from the privacy community
www.reddit.com
August 3, 2025 at 8:30 PM
Il Proton Authenticator nuovo fiammante che è stato lanciato in pompa magna qualche giorno fa, ha qualche problemino di sicurezza piuttosto grave. 🫠
www.reddit.com/r/privacy/co...
www.reddit.com/r/privacy/co...
Reposted by Emiliano
The surprising thing about the North Hyde / Hayes substation fire is that London Heathrow's operations immediately decided to close the airport for 24 hours, well before the recovery time was known.
Does anyone know why? Any guess? Why pushing out recovery so far so early?
Does anyone know why? Any guess? Why pushing out recovery so far so early?
March 21, 2025 at 9:47 AM
The surprising thing about the North Hyde / Hayes substation fire is that London Heathrow's operations immediately decided to close the airport for 24 hours, well before the recovery time was known.
Does anyone know why? Any guess? Why pushing out recovery so far so early?
Does anyone know why? Any guess? Why pushing out recovery so far so early?
Reposted by Emiliano
The plot thickens - LHR did have redundant power (3N), just for some reason didn’t use it.
Curious to see what comes out of the inquiry.
Curious to see what comes out of the inquiry.
March 23, 2025 at 11:10 PM
The plot thickens - LHR did have redundant power (3N), just for some reason didn’t use it.
Curious to see what comes out of the inquiry.
Curious to see what comes out of the inquiry.
Reposted by Emiliano
Il dominio esiste, l'ho comprato ieri (un altro... 🥲) e breve sarà anche disponibile il servizio DOH (DNS over HTTPS).
Specifiche: 2 istance Ubuntu 24.04 x86_64 con dnsmasq 2.90 e Nginx 1.24.0 (per il DOH) su infrastruttura cloud Oracle nella region di Milano.
Specifiche: 2 istance Ubuntu 24.04 x86_64 con dnsmasq 2.90 e Nginx 1.24.0 (per il DOH) su infrastruttura cloud Oracle nella region di Milano.
February 16, 2025 at 3:03 PM
Il dominio esiste, l'ho comprato ieri (un altro... 🥲) e breve sarà anche disponibile il servizio DOH (DNS over HTTPS).
Specifiche: 2 istance Ubuntu 24.04 x86_64 con dnsmasq 2.90 e Nginx 1.24.0 (per il DOH) su infrastruttura cloud Oracle nella region di Milano.
Specifiche: 2 istance Ubuntu 24.04 x86_64 con dnsmasq 2.90 e Nginx 1.24.0 (per il DOH) su infrastruttura cloud Oracle nella region di Milano.
Reposted by Emiliano
Reposted by Emiliano
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Woah. Backdoor in liblzma targeting ssh servers.
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
March 30, 2024 at 5:13 PM
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
Reposted by Emiliano
Who's here and completely off Twitter? Trying to see what the rest of the world is doing.
July 2, 2023 at 9:57 PM
Who's here and completely off Twitter? Trying to see what the rest of the world is doing.
Reposted by Emiliano
This is pretty cool: https://neal.fun/deep-sea/
The Deep Sea
Scroll down the deep sea in this interactive page.
neal.fun
June 22, 2023 at 8:41 AM
This is pretty cool: https://neal.fun/deep-sea/