@cjd nice work ;-)
mc.fly
@mcfly@milliways.social
Hacker. kind of, taking care of security in critical infrastructure.
Woodworker as a hobby.
overall overlord (provisional) of @milliways
German expat living in Holland. Hackerspace @pixelbar and CCC
Toots in en, de and een kleine beetje nederlands
Born at 330PPM CO2. Fuck Nazis, everywhere.
The private team of mc.fly toots here...
Posts
Latest notes
No posts yet.
@the_wub yep I agree on that. I want a cat with a smaller attack surface
@the_wub I don't want the data collecting, the always on, the constant monitoring so in case of an accidents the manufacturer can proof is not his fault.
I would prefer open source on the software but especially when it comes to stuff like engine management that's not very high on my list.
I like the accident detection and alarming but if buy that third party and just put that on the car.
I would like to have a new electric car but the whole data collection part is the main thing keeping me away from it.
So I liked this article quite a lot. Forgot where I found it, likely here somewhere on the fediverse...
https://arkadiyt.com/2026/05/13/removing-the-modem-and-gps-from-my-rav4/
Automated #security scanning.
What tools do you use to scan your enviroments for security issues? Why?
Not looking for virusscanners here, more for a bit more enterprisy enviroment?
Are there things i should have a look at?
What is your experience in general?
RT welcome for reach.
There seen to be a fix in commit https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4
That fix made it into 7.0.5 which was released 30 mins (?) ago
https://cdn.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.0.5
@miketango from what I can read in the discussion is that someone saw the fix in the commit and asked a LLM too build an exploit and published that.
That someone was not aware of an embargo
https://lwn.net/Articles/1071719/
#DirtyFrag is a broken embargo.
Local Privilege Escalation to root.
Public working exploit. No CVE assigned yet.
No fix in sight.
<Edith> 7.0.5 was just released which has a fix <\Edith>
#infosec #cyber #tsunamiofvulns
This is the documentation & exploit of DirtyFrag:
https://github.com/V4bel/dirtyfrag/blob/master/README.md
https://www.theregister.com/2026/05/02/ncsc_brace_for_patch_tsunami/
The patch tsunami is coming. #infosec
"All organizations have 'technical debt'; a backlog of technical issues – that is both expensive and time-consuming – as a result of prioritising short-term gains over building resilient products.
Artificial Intelligence, when used by sufficiently-skilled and knowledgeable individuals, is showing the ability to exploit this technical debt at scale and at pace across the technology ecosystem. The result is likely to be a "forced correction" as those weaknesses are uncovered and addressed in bulk"
https://www.theregister.com/2026/02/18/jailbreak_an_f35/
There is a point.
Just look at the attack surface of a modern fighter jets with local mechanics, access to the code and access to the hardware.
As vendor this is a battle you have lost if your customer has the motivation to do so.
I also think this was aimed at the government of the county of the vendor there.
Because when he said:
"If you still want to upgrade despite everything, I'm going to say something I should never say, but I will anyway: you can jailbreak an F-35"
he really said:
"If you still want to upgrade despite everything, I'm going to say something that we decided in several meetings with a lot of people involved that I will say this in this specific way: you can jailbreak an F-35"
Hello World
From the new Internet. First speedtest. It seems to roughly deliver :-D