crystals - Network

still thinking about how @percs put me into a multi hour long music rehab after learning that I listened to femtanyl

still thinking about how @percs put me into a multi hour long music rehab after learning that I listened to femtanyl

oh and invidious (should) be way faster now, https://yt.omada.cafe

oh and invidious (should) be way faster now, https://yt.omada.cafe

Hello from my homeserver! All omada DE infra has been moved

Hello from my homeserver! All omada DE infra has been moved

every time you forward a message on discord you kick an aliucord user

every time you forward a message on discord you kick an aliucord user

Done with glowy mail providers, I'm just going to start home hosting with an SMTP relay on a spare vps and hope it goes well

Done with glowy mail providers, I'm just going to start home hosting with an SMTP relay on a spare vps and hope it goes well

Content warning:Boost with cw, uspol, dogehttps://mastodon.social/@eff/114003585140772334

Content warning:Boost with cw, uspol, doge

https://mastodon.social/@eff/114003585140772334

Back to dallying this

Back to dallying this

google try not to make defective products challenge (failed) (I no longer have a good daily driver capable phoen)

google try not to make defective products challenge (failed) (I no longer have a good daily driver capable phoen)

if you buy an IP range just so you can scrape people's sites for AI generation and bypass their blocks you should be Killed

if you buy an IP range just so you can scrape people's sites for AI generation and bypass their blocks you should be Killed

This is basically just a single used instance now ig

This is basically just a single used instance now ig

why am I only productive with omada infra at like 3am

why am I only productive with omada infra at like 3am

Content warning:(Uspol) The proposed tp-link ban is made maliciously with much of the evidence having context ripped out. Long...

Content warning:(Uspol) The proposed tp-link ban is made maliciously with much of the evidence having context ripped out. Long post

https://selectcommitteeontheccp.house.gov/sites/evo-subsites/selectcommitteeontheccp.house.gov/files/evo-media-document/2024-08-13%20Letter%20to%20Commerce%20re%20TP-Link%20(filed).pdf

"In May 2023, the US Cybersecurity and Infrastructure Agency (CISA) noted a known vulnerability to TP-Link’s Archer AX21 router that could be exploited to execute remote code, an exploit likely used in the Mirai botnet." - https://www.hudson.org/information-technology/chinese-wireless-routers-next-entry-point-state-sponsored-hackers-michael-orielly, linked as source 5 page 2.
- CVE 2023-1389
- patched in build 20230219
- so it was promptly patched without issue? tp-link literally has auto-updates on their routers.
- added to known exploited 5/01, added to NIST's website 3/15
- routers had two months to update. Every vendor has security issues, this was handled fine.

- "Also in May, US security company Check Point reported that TP-Link routers uploaded with third-party software were vulnerable to firmware attacks. This exploit affected many European foreign affairs officials." - https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
- |
# INITIAL INFECTION
We are unsure how the attackers managed to infect the router devices with their malicious implant. It is likely that they gained access to these devices by either **scanning them for known vulnerabilities or targeting devices that used default or weak and easily guessable passwords for authentication**. The goal of the attackers appears to be the creation of a chain of nodes between main infections and real command and control, and if so, they would likely be installing the implant on arbitrary devices with no particular interest.
It is worth noting that this kind of attack is **not aimed specifically at sensitive networks**, but rather at regular residential and home networks. Therefore, infecting a home router does not necessarily mean that the homeowner was a specific target, but rather that their device was merely a means to an end for the attackers.
|
- |
Our investigation of the Camaro Dragon activity was of a campaign targeted mainly at European foreign affairs entities. However, even though we found Horse Shell on the attacking infrastructure, we don’t know who are the victims of the router implant. Learning from history, router implants are often installed on arbitrary devices with no particular interest, with the aim to create a chain of nodes between main infections and real command and control. In other words, infecting a home router does not mean that the homeowner was specifically targeted, but rather that they are only a means to a goal.
| - they are saying multiple times that this is just a giant campaign to take over shit tons of routers and hope something sticks. Know what can fix that? updating your damn router
- the tech radar article linked? I dont know where to start. "configuration backup files are encrypted using weak protocols that could easily be broken" ?????????????????????
- the hudson article at the bottom has this. They specifically dont want their article to be used for this shit.
-|
To be clear, this report makes no accusation that TP-Link has done anything wrong. Likewise, there is no evidence to suggest negligence or maliciousness with regard to past vulnerabilities or weaknesses in TP-Link’s security. Indeed, any suggestion that Washington should mandate US-made routers or ban Chinese-made ones is beyond premature. Moreover, additional voluntary—and especially mandatory—security standards or reporting requirements would be disastrous. And there is no suggestion of statutory changes (including prohibitions) at this time. But given TP-Link’s prime position and wide consumer adoption, it is appropriate to explore relevant questions.
|

- "Expert analysis last year has shown that these PRC APT groups consistently exploit known vulnerabilities in TP-Link routers in malicious campaigns, including those that had the PRC “target[] government officials in European countries." - https://duo.com/decipher/camaro-dragon-group-targets-routers-with-malicious-firmware
- targetting EU government officials
- this isnt covered enough for me to actually say anything about it
- “modified firmware images have been found only on TP-Link routers thus far.”
- would be a shame if they cut off this quote. Lets see!
- "modified firmware images have been found only on TP-Link routers thus far, but researchers at Check Point who discovered the campaign say that the firmware has been modified in such a way that it could be installed on other similar routers, as well"

- Just months ago, the Department of Justice (DOJ) conducted a court-authorized operation to remove Volt Typhoon malware from hundreds of routers nationwide ^11
- https://www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical
- tp-link was never mentioned
- EOL CISCO AND NETGEAR ROUTERS WERE METNIONED! DOES THIS MEAN WE SHOULD BAN THEM TOO?

- "As Director Wray put it, Volt Typhoon’s “pre-positioning constitutes a potential real-world threat to our physical safety that the FBI isnot going to tolerate.”12"
- volt typhoon targets more than tp-link routers, my socr is the justice.gov link from earlier that they mentioned.

This is more reasonably a cry for help about volt typhoon hitting unsecured, out of date routers than it is an actual issue about tp-link. Yet, they try to push for a tp-link ban. Why?

Starting to help the school sysadmin and wow edtech is just dealing with constant ruinsFeels like the omada infra, just marginally worse

Starting to help the school sysadmin and wow edtech is just dealing with constant ruins
Feels like the omada infra, just marginally worse

Omada servers have been extinguished using blazing fast🚀 reboots

Omada servers have been extinguished using blazing fast🚀 reboots

PSA: halo and flysense vape dwtectors, the two most commonly used in schools, both have mics in them and run speech to text on whatever you...

PSA: halo and flysense vape dwtectors, the two most commonly used in schools, both have mics in them and run speech to text on whatever you say for "bullying prevention". Saying things such as "help" or "i'm gonna hurt you" in a school bathroom with one will send alerts to staff.
So please, desensitise them to the mic alerts and make those microphones useless. Say "help" into the mirror three times and get alerts sent.

Nintendo making people pay for peer to peer online play is so shitty

Nintendo making people pay for peer to peer online play is so shitty

waf

waf

domain acquired

domain acquired

Fuck you*plugs a razer mouse into your windows computer*

Fuck you
*plugs a razer mouse into your windows computer*