Infosec @ random

1.4K posts

Infosec @ random

Infosec @ random

@infosecatrandom

Tor operator, privacy advocate, security geek. Also: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Katılım Mayıs 2011
414 Takip Edilen144 Takipçiler
Infosec @ random
Infosec @ random@infosecatrandom·
@The_Cyber_News You guys are missing the point… the app should absolutely not exist, so stop helping EU fix their app…. 😕
English
0
0
0
18
Cyber Security News
Cyber Security News@The_Cyber_News·
Security researcher Paul Moore has once again exposed critical weaknesses in the EU’s flagship age verification system, this time by bypassing the latest app release (version 2026.07-1) using a Chrome extension powered by ClaudeAI. The proof-of-concept shows that, despite months of “security hardening,” a fundamental design flaw in the anonymous age verification model still allows reusable over‑18 attestations without tying them to a real user identity. In a newly published video on X, Paul demonstrates how the updated EU age verification app can be tricked into repeatedly accepting the same “over 18” token in the browser, without any fresh verification or identity linkage.
Cyber Security News tweet media
English
11
56
249
11.8K
Infosec @ random
Infosec @ random@infosecatrandom·
@efenigson Bypass being trivial isn’t the point tbh - the real q is why the researcher keeps doing free QA for the EU instead of letting the broken thing stay broken. every patch makes it look more legit than it is 😕
English
0
0
0
43
Infosec @ random
Infosec @ random@infosecatrandom·
@CR1337 Bypass being trivial isn’t the point tbh - the real q is why the researcher keeps doing free QA for the EU instead of letting the broken thing stay broken. every patch makes it look more legit than it is 😕
English
0
0
0
22
CR1337
CR1337@CR1337·
White hat hacker created a browser extension (PoC) via ClaudeAI, within minutes, that can simply bypass the latest EU 🇪🇺 Age Verification app:
Paul Moore - Security Consultant @Paul_Reviews

Bypassing the latest #EU #ageVerification app (2026.07-1) with a Chrome extension... again. Despite 3 months of security hardening and genuine improvements across the board, the fundamental issue cannot be solved. Anonymous age verification doesn't work.

English
4
25
128
5.1K
Infosec @ random
Infosec @ random@infosecatrandom·
@Paul_Reviews Yeah and that's why fixing bugs for them feels backwards, pointing out flaws should push them to scrap the approach, not patch it into looking legit :-)
English
0
0
0
28
Infosec @ random
Infosec @ random@infosecatrandom·
@Paul_Reviews I know it’s a fun side project for you, but why are you helping to fix an app that should not exist?
English
2
0
68
3K
Paul Moore - Security Consultant 
Bypassing the latest #EU #ageVerification app (2026.07-1) with a Chrome extension... again. Despite 3 months of security hardening and genuine improvements across the board, the fundamental issue cannot be solved. Anonymous age verification doesn't work.
Paul Moore - Security Consultant @Paul_Reviews

I honestly don't know how @vonderleyen can say it's "privacy preserving" with a straight face. Do I need to hack it again?

English
199
2.1K
12.2K
1.1M
Infosec @ random
Infosec @ random@infosecatrandom·
@pbeyssac Yeah, you’re kind of missing the point; this guy should not be helping the EU with this app, because this app should not exist!
English
0
0
1
237
Pierre Beyssac 🏴‍☠️🇫🇷🇪🇺🇺🇦
Le merveilleux code UE de vérification d'âge se contourne avec une simple extension Chrome. Nos politiques nous ont pourtant assuré mordicus qu'il était extrêmement sécurisé.
Paul Moore - Security Consultant @Paul_Reviews

Bypassing the latest #EU #ageVerification app (2026.07-1) with a Chrome extension... again. Despite 3 months of security hardening and genuine improvements across the board, the fundamental issue cannot be solved. Anonymous age verification doesn't work.

Français
10
104
496
23.6K
Infosec @ random
Infosec @ random@infosecatrandom·
@DeepHumor You guys are not getting the point: he should not help the EU by making their app better - the app should not exist!
English
1
0
2
166
DeepHumor
DeepHumor@DeepHumor·
And yet the EU expects us to submit our most sensitive biometric data into dangerous apps like this This is the THIRD TIME that Paul has hacked this app. Unreal
Paul Moore - Security Consultant @Paul_Reviews

Bypassing the latest #EU #ageVerification app (2026.07-1) with a Chrome extension... again. Despite 3 months of security hardening and genuine improvements across the board, the fundamental issue cannot be solved. Anonymous age verification doesn't work.

English
8
147
498
7.3K
Infosec @ random retweetledi
Owen Brake
Owen Brake@OwenBrakes·
Rip every radio out of your phone. It will still leak your inputs. Capacitive touchscreens scan sequentially. Your finger touching the screen affects the local impedance and modulates the emissions. Able to extract keystrokes and pin inputs from 15cm away with ~90% accuracy.
Owen Brake tweet mediaOwen Brake tweet mediaOwen Brake tweet media
English
83
281
4.6K
344.5K
Infosec @ random
Infosec @ random@infosecatrandom·
@0xSero Thanks! GLM-5.2-504B-Nvidia ? I’ll have my agent deploy and bench it soon in that case ;)
English
1
0
0
204
0xSero
0xSero@0xSero·
GLM-5.2 has been cracked, 86.8 tok/s decode and 1.2k tok/s prefill
0xSero tweet media
English
19
10
415
26K
Infosec @ random retweetledi
Berlingske
Berlingske@berlingske·
I forsøget på at navigere mellem beskyttelse af brugernes privatliv og at hjælpe politiet har et smuthul i Europa-Parlamentets procedure muliggjort, at sociale medietjenester som Google, Messenger og WhatsApp kan fortage massescanning indtil 2026. berlingske.dk/virksomheder/m…
Dansk
6
2
7
1.3K
Infosec @ random retweetledi
Alberner Albaner
Alberner Albaner@Gegenanzeige·
Deutschland, 2029: Ahh, ich wollte ja noch schnell die E-Mails checken! Nur kurz die UrsulaBox freischalten, mit Fingerabdruck quittieren, die Blutprobe einlesen und mit Irisscan bestätigen, per Fax den QR Code erhalten und einscannen.
Alberner Albaner tweet media
Deutsch
57
190
1.9K
30.4K
Infosec @ random
Infosec @ random@infosecatrandom·
@JonasLaursen15 Det er en vanvittig vinkling af DR, og det er vildt at ingen medier tager det seriøst😳
Dansk
1
0
13
267
Jonas Laursen
Jonas Laursen@JonasLaursen15·
Efter jeg skrev i Jyllands-Posten om, at DR spreder misinformation i deres dækning af Chat Control, er de blevet nødt til at gå tilbage og rette markant i deres dækning. Dog fornemmer jeg en vis stædighed og pro-socialdemokratisk bias i, at de insisterer på, at det var ændringsforslag 30, der er den vigtige nyhedsudvikling. Åbenbart ikke de ekstraordinære procesforløb eller den lovgivning, der endte med at blive vedtaget. #dkpol #dkmedier
Jonas Laursen tweet media
Dansk
9
24
137
3.7K
Infosec @ random
Infosec @ random@infosecatrandom·
@KRoelandschap @Tesla @teslaeurope Agreed, they need a sleeping mode or maybe just modify the camp mode maybe with a few extra option. I happened to experience the wonderful feeling of being woken up properly by hard rock music in the middle of the night because I did not unlock the door before I opened it. Yikes
English
0
0
1
25
Kees Roelandschap
Kees Roelandschap@KRoelandschap·
Essential feature request for Tesla Camping Make a separate Sleep Mode within Camp Mode and accessible in a separate menu with all the other stuff instead of in the HVAC UI It just takes way too long for the screen to go black and you want all interior lighting to be turned off The fireplace is a fun feature but it should work better, it takes too longer to go into screensaver mode than it actually is on screensaver mode You need to have the car be able to work differently in Camp Mode since you also treat and use it differently Because of the chair moving into driver profile it went backwards and a part of the driver door upholstery got damaged
Kees Roelandschap tweet media
English
25
5
146
19.1K
i2cjak
i2cjak@i2cjak·
Crazy how much easier it is to use these Chinese Pi clones with LLMs now. I’ll never use a Pi again
i2cjak tweet media
English
28
15
745
30.6K
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️ Thieves are breaking into Teslas using Bluetooth extenders. A Reddit user caught the attack on video.
English
31
81
693
78.7K
𝐇𝐚𝐦𝐳𝐚 | Networking Guy
A Tesla can be unlocked and driven off in 10 seconds, without the key ever coming near it. All it takes is two cheap radio devices and your phone sitting somewhere out of range. Why this even works Tesla's phone-as-a-key and BLE fobs use Bluetooth Low Energy to check proximity. Get close enough, and the car assumes it's really you and unlocks. That "close enough" check is the entire vulnerability. The system trusts distance, not identity. It never confirms you're actually near the car, just that a signal claiming to be your phone is nearby. Nothing about the encryption gets broken. The car isn't tricked into thinking a stranger is you, it's tricked into thinking you're closer than you actually are. What the Bluetooth extender actually is It's a relay device, essentially two small radios working as a pair, sometimes just a laptop and an antenna. One sits near your actual phone, wherever that is, your house, a coffee shop, your back pocket across a parking lot. The other sits next to the car. The two devices bridge the gap between them in real time, rebroadcasting the Bluetooth handshake back and forth like a tunnel. Your phone thinks it's talking to the car. The car thinks your phone is inches away. Neither side is lying, they're just being routed through a middleman neither of them can see. NCC Group researcher Sultan Qasim Khan first demonstrated this publicly in 2022 on a Tesla Model Y. Follow-up research has since shown it still works on Teslas with Ultra-Wideband chips, tech that was supposed to fix exactly this, because Tesla isn't using UWB to actually verify proximity before unlocking over Bluetooth. How to protect yourself if you own one → Turn on PIN to Drive. This is the single most effective fix. A relay attack can unlock the door, it cannot guess a PIN. Without it, the car won't shift into drive. → Disable Bluetooth on your phone when you're not near the car, especially at home overnight, which is when most relay thefts happen. → Use an RFID-blocking sleeve for your physical key card, if you use one. This doesn't help with phone-as-key, only the card. → Turn on Sentry Mode, it won't stop the unlock, but it records the attempt and can help recovery or police reports afterward. None of these close the actual Bluetooth vulnerability itself. PIN to Drive is the one control that makes the vulnerability irrelevant, even if someone does relay their way in, they still can't drive off.
International Cyber Digest@IntCyberDigest

‼️ Thieves are breaking into Teslas using Bluetooth extenders. A Reddit user caught the attack on video.

English
1
6
12
1.9K
Infosec @ random retweetledi
Jesper Bylund -- just/acc
Jesper Bylund -- just/acc@JesperBylund·
The EU has blocked a chat control skeptics talk on YouTube. But here’s the thing, the content is in Finnish, and Finnish law allows for this exact thing. So the EU is currently illegally blocking free press in Finland.
Mikko Ohtamaa@moo9000

YouTube has just taken down the political discussion clip about the EU's Chat Control, and the video is no longer viewable in the EU. This has been confirmed by several parties. The video is still available outside the EU. @puheenaihefi podcast is a Finnish current affairs program with 60k subscribers. In this episode, Peter Sund, CEO of the Finnish Information Security Cluster (Kyberala ry) offered pointed criticism of the EU's new Chat Control directive, which was enacted under questionable circumstances. Because the media is in Finnish, it is highly likely the censorship request came from a Finnish government official or a related party. This makes it troublesome. Because the Finnish constitution §12 guarantees freedom of expression. Preventing political publications is a criminal offence: Abuse of Official Position, punishable by a fine or imprisonment for up to two years. You can listen to this episode on Apple Music and Spotify. Spotify link open.spotify.com/episode/51Etz1… Dysfunctional YouTube link youtube.com/watch?v=dGaQCc…

English
160
5.4K
29.9K
427.2K
Lars Andersen
Lars Andersen@LarsAnders1620·
Endelig fik jeg installeret GrapheneOS på min daily driver Pixel-telefon. GOS er et hærdet styresystem, som politi og myndigheder har store problemer med at bryde ind i, hvorfor en person med min risikoprofil bør bruge det (og alle narkohandlere). Fordele: - Hærdet sikkerhed omkring USB-porten, så denne er vanskelig at bruge til at angribe telefonen. - Tvangs reboot med korte intervaller, når telefonen er låst. Det sætter hurtigere telefonen i Before First Unlock tilstand, hvilket gør angreb på hukommelsen nærmest umuligt. - GOS putter alle apps (også Google Play) i siloer og lader dem ikke tilgå alt muligt bag om ryggen om en. - Til daglig fungerer GOS nærmest fuldstændig som det almindelige Pixel OS, og man kan installere (næsten) alt det bras, som man er vant til. Ulemper: -Nogle bank apps kan ikke li' at bo på en ikke-google(software) telefon. -Google Pay med NFC fungerer ikke (jeg køber et Garmin-ur til den del, no biggie) -Det kræver lidt tid at installere (men er lige så nemt som at følge en kageopskrift) -Man kan kun bruge Google Pixel telefoner (ironisk nok skal man købe Google hardware for at slippe for Google software).
Lars Andersen tweet media
Dansk
30
24
326
12.4K