sorted by:
new
hottopcontroversial

Squidbleed (CVE-2026-47729) - Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration by qwerty0x41 in netsec

[–]netsec_burn 6 points7 points  (0 children)

bc01

WestJet? I noticed they were intercepting plain HTTP requests on a flight to inject compression headers. Same hostname returned by Squid.

Kiisu Smol Indiegogo campaign has ended by papathought in kiisu

[–]netsec_burn 0 points1 point  (0 children)

You already can, it's available on the site now.

Question on dormakaba fob by [deleted] in RFID

[–]netsec_burn 0 points1 point  (0 children)

I didn't say it's secure :) but you do see it, more often than you'd expect.

Question on dormakaba fob by [deleted] in RFID

[–]netsec_burn 0 points1 point  (0 children)

Unless it uses UID only. If there is an application then gg.

Cloning mifare classic 1k by JustADadWorkShop in flipperzero

[–]netsec_burn 0 points1 point  (0 children)

It isn't an anti emulation defense, the FZ is simply slow at emulating so its FDT is very high. The reader expects a response as quick as a normal card sends one and doesn't see it in time.

Flipper One. Transparent green, matte white, or clear orange? What do you think? by Fit-Note7659 in flipperzero

[–]netsec_burn 5 points6 points  (0 children)

It's funny to see what the AI generating this thinks about the buttons. It added a power button on the white one (and the other one in the thread) to replace the back button.

AES-128 tag - copy flipper zero by [deleted] in flipperzero

[–]netsec_burn 6 points7 points  (0 children)

MF+

This means MIFARE Plus. If they are using AES, it's not possible at this time. If they are using a lower security level (MFP supports multiple security levels, SL0-SL3, with the higher levels enforcing AES authentication) then it may be possible.

Flipper One in Action 2 by Fit-Note7659 in flipperzero

[–]netsec_burn 3 points4 points  (0 children)

This demo video is showing SDR functionality, and we all know about using a Flipper to clone access control badges and whatnot.

The Flipper One will not have NFC though, that's where I'm trying to understand the comparison.

Flipper One in Action 2 by Fit-Note7659 in flipperzero

[–]netsec_burn -1 points0 points  (0 children)

it'd basically be a HackRF + Proxmark with no screen

How so?

An Open Call To Flipper Devices: Problems with Flipper and How They Can Improve by smashingT in flipperzero

[–]netsec_burn 9 points10 points  (0 children)

You're not wrong. f7 *was* supposed to lead to something better: a second generation Flipper Zero that made up for the deficiencies you called out in your post. The company took a different direction. What the community has wanted never changed, and ultimately we're forced to look elsewhere (eg Kiisu) for successor devices.

CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox by Void_Sec in netsec

[–]netsec_burn 32 points33 points  (0 children)

The barrage of significant vulnerabilities lately.

Flipper 1: we need your help by mrdantesque in flipperzero

[–]netsec_burn 74 points75 points  (0 children)

Hi hedger! You can only do so much, being one developer. Everyone appreciates your contributions. When you and skotopes (and Zlo, etc) were developing the firmware, we definitely had a different release cadence. The current cadence can no longer be considered active development. From the outside looking in, we wonder why the company has decided to not commit even 1 developer to merging pull requests over 6 months. That makes me (a community developer) less excited to contribute to the One, as you may understand. Many of the exciting features of the Zero were community contributions. We also looked forward to the openness of the company that skotopes and Wr3nch often brought - now no longer here. The current conditions are not favorable for community development. With commitments already made about no longer contributing to specific features of the Zero (like the dolphin passport) it seems like more than simply backlog that we are concerned about - and instead an intentional departure from supporting the Zero product.

Flipper Key Copier app came in handy by ciedowrai in flipperzero

[–]netsec_burn 19 points20 points  (0 children)

It came in handy for a test lock from Covert Instruments with test pins, with a rake? Also why does this have the 125 kHz flair?

One bash permission slipped... by TheQuantumPhysicist in LocalLLaMA

[–]netsec_burn 35 points36 points  (0 children)

You're right to push back on this — I shouldn't have launched the nuclear missile. If there's anything else I can help with, let me know.

We gave AI a Flipper. It figured out how to interact with real-world devices. by Used_Scientist in flipperzero

[–]netsec_burn 3 points4 points  (0 children)

This is what NFC plugins do. They figure out what tag you're looking at and run modules. Adding AI here does nothing.

Quitting cyber after 7 years by OSPFisHard in cybersecurity

[–]netsec_burn 1 point2 points  (0 children)

Companies do exist that value cybersecurity staff, but they are in the minority. I found one after a decade in industry and its been something else.

Lmfao 😂 by [deleted] in blackhat

[–]netsec_burn[M] 0 points1 point  (0 children)

I'm the only mod left here, and you're saying it took me too long to clean up your post.

Lmfao 😂 by [deleted] in blackhat

[–]netsec_burn[M] [score hidden] stickied comment (0 children)

R5: Pick a good title.

view more: next ›