⊥ᵒᵚ⁄Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️ @falken@qoto.org

I'm on the server floor of a "highly secure data center with 24/7/365 surveillance, direct access control and robust perimeter security".

An actual duck just walked by. 🦆

The panic is absolutely glorious. I think this just became one of the highlights of my life.

My favourite thing about this one is the cross tenant bit generated no logs in the victim's tenant.. so good luck with that. MS assigned a CVE, said no customer action needed, and then didn't tell anybody about the details.

Are people really being hired through Mastodon posts? I feel embarrassed to put my CV on here but I see a lot of people doing it and my workplaces and funds are illegally removing the only women and would appreciate any help finding remote work in STEM
https://ssh25.tiiny.site/
#fedihire #getfedihired

Good lord: https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments1). If you are an Entra ID admin reading this, yes that means complete access to your tenant.

“We’re constantly told, you know, we need to see peaceful protests. Well, here’s a peaceful protest … We projected a piece of journalism on to a wall and now people have been arrested for malicious communications. I think that, frankly, says a lot more about the policing of Trump’s visit than it does about what we did.”

https://www.theguardian.com/us-news/2025/sep/17/four-arrested-after-image-of-trump-and-epstein-projected-onto-windsor-castle-ahead-of-presidents-visit

#DonaldTrump #JeffreyEpstein #PrinceAndrew #Windsor

Private Eye knocking it out of the park yet again! 😂

Never let corporate software on your personal device. Exhibit 763738
https://oldbytes.space/@feoh/115215401541166467

🤯 Instagram is testing new iOS push notifications that include a profile photo. Each time the notification is shown on your screen, it triggers a GET request to fetch that image, letting Meta track every on-screen impression.

The app still misuses push notifications to send detailed device analytics about the device (uptime, battery, volume, locale, timezone, memory, CPU, etc.)

#privacy #infosec #privacymatters #Apple #iOS #meta
More 👇🧵

Can anyone recommend an open-source (Windows) alternative to Microsoft OneNote? I've looked at a few, but can't find the functionality I need: the ability to freely drag text/objects on a 'whiteboard/canvas' type page; a similar interface/layout to OneNote; being able to save files locally (not cloud-only).

Does anyone I know have access to a 9-track data tape transport?
Ideally one set up to work with Readtape?
A friend has some 9-track tapes which are historically interesting and we'd like to try and recover them.
They have been hit by mould/mildew but we think they could be cleaned.
#digipres

Assigned Male Comics by Sophie LaBelle hits the bullsye again: