Author: James Ortega

Opinions of Linux

Why new users are perceived as they are to Linux. we all start from some where.


Deep Dive TCP

Awesome vid of the inner working of TCP.


A Bug Lurking For 12 Years Gives Attackers Root On Every Major #Linux Distro

[no content]

Source: A Bug Lurking For 12 Years Gives Attackers Root On Every Major Linux Distro


FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure

Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors.

Source: FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure


Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries

A study of 16 different Uniform Resource Locator (URL) parsing libraries has unearthed inconsistencies and confusions that could be exploited to bypass validations and open the door to a wide range of attack vectors. In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Synk, eight security vulnerabilities were identified in as many third-party libraries written in C,

Source: Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries


New Trick Could Let Malware Fake iPhone Shutdown to Spy on Users Secretly

Researchers have disclosed a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise. The discovery — dubbed “NoReboot” — comes courtesy of mobile security firm ZecOps, which found that it’s possible to block and then simulate an iOS rebooting operation,

Source: New Trick Could Let Malware Fake iPhone Shutdown to Spy on Users Secretly


Cell Infrastructure Vulns

Many telecoms are phasing out older frequencies for re-allocation. But this new exploit does target a newer spectrum (4G/LTE).

https://thehackernews.com/2021/12/new-mobile-network-vulnerabilities.html


Meltdown Log4j

It appears that ‘log4j’ is a thing and it’s melting down the internet but with all things, it’s exaggerated at first and later downplayed.


De-Google Your Phone

Even with Google-based hardware, you can de-bloat your phone and it does not have Google-based tracking. It’s all a matter of the firmware or in this case AOSP.


AWS 5G?

I learned of this while catching up with my old friends at #ITPro.TV. Once I heard of this I was like this could be awesome for security researchers. What a way to possibly reverse engineer at cell network from the ground up.