Scala compiler engineer for embedded HDLs by profession.

I also trickjump in Quake III Arena as a hobby.

  • 0 Posts
  • 3 Comments
Joined 1 year ago
Cake day: June 13th, 2023
  • jard@sopuli.xyztoTechnology@lemmy.worldApple has seemingly found a way to block Android’s new iMessage appEnglish
    191·
    7 months ago

    The “security hole” was that this app pretended to be a M1 MacBook Pro with a validation payload generated using a simulated old x86 macOS library. This particular edge case somehow tricked Apple’s servers into thinking that it was a real MacBook Pro it was talking to, and it proceeded to happily generate the encryption keys needed to create iMessage traffic. From there it was a thorough reverse engineering of the iMessage API.

    By all intents and purposes, the app was developed using a high profile exploit. The Python POC it was “based” (purchased) off of is still out there for everyone to see.

    That’s not to mention it was discovered by a hobbyist high-schooler. Complaints of monopolistic anti-competitiveness aside, you have to admit that’s cool.

  • jard@sopuli.xyztoAndroid@lemmy.worldRooting CommunityEnglish
    41·
    8 months ago

    Not only are root accounts themselves disabled by default, but it’s also highly recommended that any methods of remote and local login to root are disabled. It’s literally the most basic hardening step you can do for any Linux setup.

    My VPS gets hit by tens of thousands of attempts to SSH into root every single day. My fail2ban jail for ssh alone get so absurdly large that it fills my remote terminal, and that’s not even including the fact that I ban by CIDR blocks, not individual IP, so I have hundreds of IPs blocked for a single fail2ban entry.

    None of those attempts are actually successful as I’ve completely disabled password authentication and logins to root. The last thing I would want on my phone is full, unadulterated root access for that reason alone.