Lightnews — Scholar-powered news

Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)

Max Resing @resingm.infosec.exchange.ap.brid.gy · 24d

For those interested, the certificate details can be found in #ct logs:

crt.sh

crt.sh | 9314793

crt.sh

Max Resing @resingm.infosec.exchange.ap.brid.gy · 24d

Yesterday, 10 years ago, Let's Encrypt issued their first #tls #certificate to the domain name `helloworld.letsencrypt.org`. Since then, they issued 7 billion certificates.

To quote Borat: "Great success!"

Congrats!

#letsencrypt #tls #ssl #https

2 50 10

Max Resing @resingm.infosec.exchange.ap.brid.gy · 24d

It is rumored that a #ddos attack happened during the local #elections in the city of #Münster, and surrounding regions. #wdr reports that a bunch of IP addresses send millions of requests. I was not able to check tje results myself at times on the official platform #citeq.

Have not anything […]

Max Resing @resingm.infosec.exchange.ap.brid.gy · 27d

"With dove season in full swing, we ask all our customers to please be
mindful of their surroundings and avoid shooting doves on or near
fiber/electric lines."

* Lexington Electric Systems, from the NANOG mailing list

This must be a very #us centric problem of #internet service providers […]

Max Resing @resingm.infosec.exchange.ap.brid.gy · 27d

@jtk - "Long past time to abandon" Perl ? 😄

Just joking :)

Max Resing @resingm.infosec.exchange.ap.brid.gy · 28d

So, while working on some #botnet research, I discovered a domain for which a #nameserver was configured with the name `ns1.nulled-ns.com` and `ns2.nulled-ns.com`. As more I figure out about this unknown authoritative nameserver, as more I am convinced that the entire purpose of the nameserver […]

Max Resing @resingm.infosec.exchange.ap.brid.gy · 29d

Big leap forward on #internet #governance in #canada: By November 04, ISPs are required to report major outages within 2 hours and must hand in a post-mortem 30 days following the incident. The proclaimed goal is to strenghten transparency in the short term, and resiliency in the long term […]

Max Resing @resingm.infosec.exchange.ap.brid.gy · Sep 4

@jmeyer - Thanks Jérôme, I just read the tooltip on the page, as an example RIPE's `k.root-server.org` (screenshot).

Hosting would make sense, since the majority of root server instances are likely hosted in commercial (Internet) DCs, I guess.

A screenshot of IPInfo's website of the `k.root-servers.org` server with the tooltip open to show a quick help on what the "Privacy" flag means.

Max Resing @resingm.infosec.exchange.ap.brid.gy · Sep 4

Do not read this as critique to #ipinfo, but I am surprised to see that the `b`, `i`, `k`, `l` and `m` #dns root servers have the "privacy" flag set, meaning the IPs attempted to "hide" themselves.

All 13 root server IPs are flagged as #anycast. I thought, there are still ~some~ servers not yet […]

Index - Polars user guide

Max Resing @resingm.infosec.exchange.ap.brid.gy · Sep 4

Exciting to share that #polars made it's first move into #distributed processing. They announced Polars Cloud just recently.

To me, it looks like self-hosting is on the agenda. I am waiting patiently :)

#datascience #dataengineering #distributedsystems #python

docs.pola.rs

2 1

Max Resing @resingm.infosec.exchange.ap.brid.gy · Sep 4

@jtk - It is a learning curve, but you will see that Polars is much more streamlined and consistent :) I am working with Polars for ~2years now, and I can't turn back to pandas...

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 25

Looks like there is a typo squatting attack going on to harvest #container #registry login #credentials of #ghcr:

https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/

Be safe out there!

#github #docker #podman #kubernetes #phishing #devops

ghrc.io Appears to be Malicious

Comments

bmitch.net

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 25

It's been a few days that the #gfw was observed to block off all TCP/443 connections for around 2 hours on August 20.

What do you folks speculate might have been the reason behind it?

#china #censorship #greatfirewall

Analysis of the GFW's Unconditional Port 443 Block on August 20, 2025

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 22

The Great Firewall Report publishes some research on how #china cut-off all `TCP/443` (inbound and outbound) with `TCP RST+ACK` packet injections through the #greatfirewall .

Intimidating, how a nation can isolate their entire population from the common #internet .

#censorship #gfw

Comments

gfw.report

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 22

I am just wondering, and this is a question to the #infosec community:

Can't you migrate a #tld from one server to another including #dnssec by first testing your setup with a #canary zone? #cloudflare speaks about challenges in having RSA/SHA256 on #verisign's end, but ECDSA P-256 on their end […]

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 22

Anyone interested in #operational #dns #challenges : #cloudflare also presented the migration of the `.gov` at #dnsoarc :

https://indico.dns-oarc.net/event/48/contributions/1038/attachments/1005/1948/gov-transition-nsec-nsec3.pdf

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 22

In January 2023, #cloudflare replaced #verisign in providing #dns #registry services for the `.gov` #tld. Besides the registry, they also run the authoritative #nameservers.

Verisign ran it for 12 years, and cost the #us #government apparently just half as much as Cloudflare charges ($7.2M) […]

2

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 21

@gme - I see. You are rather looking for an umbrella mailing list, that incorporates all fediverse/activity pub projects?

In that case, I stick to my recommendation, what changes is the website you should look for. There are projects/platforms that tackle the fediverse in a whole. Those would […]

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 21

@gme - I like the idea. Albeit, I am no #mastodon #operator, I would suggest to reach out to the developers in #germany . Perhaps they like the idea and provide some help.

https://joinmastodon.org/about#impressum

discuss - [opennic-discuss] Failed TLDs for removal - arc

Reposted by Max Resing

BrianKrebs @briankrebs.infosec.exchange.ap.brid.gy · Aug 19

Having lost more hours to reading criminal complaints over the years than I care to remember, I can confidently state that I have never encountered one as entertaining and complete as the one that dropped today, charging a 22 y/o Oregon man with operating […]

[Original post on infosec.exchange]

The control panel for the Rapper Bot botnet greets users with the message “Welcome to the Ball Pit, Now with refrigerator support,” an apparent reference to a handful of IoT-enabled refrigerators that were enslaved in their DDoS botnet.

6 25

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 18

I agree, John! From a researcher's perspective, it is interesting to keep an eye on it. These projects circumvent any moderation, which tends to attract illicit activity.

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 17

This threat here suggests that more activity stems again from the #opennic parallel #dns #root .

Not sure, if more activity, and a reborn of the #opennicproject leads to less or more abuse from the system. Any opinions from the #infosec community?

#askfedi #askinfosec

lists.opennicproject.org

Max Resing @resingm.infosec.exchange.ap.brid.gy · Aug 17

Apparently, there exists a website called `ipv4.]#ipv4`, where you can register HTTP web requests from hosts where you have access to. Once accessed, you can "claim" the requesting #IPv4 address with an [#http GET request on `/claim?name=`.

The leaderboard leads the person which claims […]