Got a phone interview for a backend dev job in an opsec company.

Interviewer:
This is a very serious and prestigious position, we take care of the most important bits of code.

*Proceeds to talk introductory nonsense*

Interviewer:
Do you know what a DNS is?

Me:
Yes, of course! DNS stands for Domain Name System.... Blah blah blah... I explain about the servers, about hosts file, about DNS spoofing and everything else possible on this topic.

Interviewer:
See, I was patient with you - letting you finish. I'm not sure what you're talking about and where you got it from, but a DNS is that line in the browser where you type the site's name.

He didn't ask any more questions, just told me that they'll get back to me. I asked not to do that.

Three weeks later I got an email claiming that I'm not qualified.

The fun of a VPN + browser user agent stuffs spoofing!

Disclaimer: I can't 'officially' verify this.

I've been using Firefox as main browser with about 5 addons for added privacy for ages now. When googles (fucking) reCaptcha takes more than a few minutes on Firefox (about 90 percent of the time, I'm estimating), I switch to Chromium (with the same amount of (similar) privacy addons) so I can go on with my stuff.

Now, I recently thought 'why not try to do user agent spoofing on Firefox to see if reCaptcha would start working 'normally'?

So, I installed a user agent spoofing addon on Firefox/Chromium, results:

Without spoofing:

Firefox reCaptcha success rate: 10 percent approx. (mostly 2+ minutes)
Chromium: 90 percent. (mostly instant)

With spoofing:
Firefox: 90 percent approx.
Chromium: 10-20 percent approx.

Again, I can't prove any of this yet but mother of fucking god, whenever using Chromium or spoofing Chromium on Firefox the succession rate skyrockets.

Google, what the fuck are you up to?

So apparently Congress knows what I'm up to.

"Uh, ma'am. You can't be 20 people at once. I'll send your message."

I guess spoofing doesn't work.

OS : Tail OS ✓
pass : 16+ ✓
Update password : every 15 days ✓
Mac address : spoofing ✓

Then you realise

Your Aadhar information is in gov DB.

TL; DR: Bringing up quantum computing is going to be the next catchall for everything and I'm already fucking sick of it.

Actual convo i had:

"You should really secure your AWS instance."

"Isnt my SSH key alone a good enough barrier?"

"There are hundreds of thousands of incidents where people either get hacked or commit it to github."

"Well i wont"

"Just start using IP/CIDR based filtering, or i will take your instance down."

"But SSH keys are going to be useless in a couple years due to QUANTUM FUCKING COMPUTING, so why wouldnt IP spoofing get even better?"

"Listen motherfucker, i may actually kill you, because today i dont have time for this. The whole point of IP-based security is that you cant look on Shodan for machines with open SSH ports. You want to talk about quantum computing??!! Lets fucking roll motherfucker. I dont think it will be in the next thousand years that we will even come close to fault-tolerant quantum computing.

And even if it did, there have been vulnerabilities in SSH before. How often do you update your instance? I can see the uptime is 395 days, so probably not fucking often! I bet you "dont have anything important anyways" on there! No stored passwords, no stored keys, no nothing, right (she absolutely did)? If you actually think I'm going to back down on this when i sit in the same room as the dude with the root keys to our account, you can kindly take your keyboard and shove it up your ass.

Christ, I bet that the reason you like quantum computing so much is because then you'll be able to get your deepfakes of miley cyrus easier you perv."

Whoever it was that thought that MAC address spoofing/randomization for "muh network security" was a good idea, I'm gonna violently fucking murder them. It doesn't solve jack shit for security, doesn't magically make your network device "anonymous" or whatever and it never fails to confuse my DHCP servers that use those fucking things. Whoever it was, hang yourself or I'll fucking do it for you. Filthy incompetent motherfucker!!

I absolutely love the dev community but one thing I just can't stand is the snobbery that permeates it. I don't understand why some devs expect non devs to know or understand the intricacies of computer programming or even computers in general when it's really not their job to do so.

"Ahhhhh!! How DARE this non dev PEASANT ask me about hacking Facebook accounts!! Does he NOT understand the basics of DNS spoofing and social engineering!!1!!1! bahh"

Either CloudFlare itself has decided to join the fun of attacking my DNS server, or somebody is just spoofing their IP in the UDP packets.
Crap, my ipset script is basically useless now, since the real source could be from anywhere :(

Any suggestions on what could I do to make this attack stop? It's not causing any real issues (at least for now), but it's still annoying as hell.
Get fucked, stupid skiddie who keeps manually changing the ip source in his script

Anybody else want to DDoS whole Russia and China Hosting Companys for there god damn dead Servers?

Always get a lot of spoofing and ssh login try's from there.

fail2ban FTW!

to;dr: school, raspi, spoofing, public status screen, funny pictured.

So. At school we had these huge ass 2/3 TVs displaying some information such as which teacher is ill, which lessons won't take place and some school related news. Standard stuff.

They worked using a raspberry pi attached to the TV fetching a website over http every now and then.

Using nmap I discovered that these pi's were in the same network as the pupils devices: Sweeeet.

After trying some standard passwords at the ssh port and not succeeding I came up with something different: A spoofing attack.

I would relay all traffic from those pi's through my device, would replace all images with a trollface picture (I know I know) and flip all text upside down.

Chaos, annoyed faces and laughter.
It was beautiful.

I fuckin give up.
You can't use Android without fuckin gapps, you can but it's fuckin miserable.
And microG still sucks (I respect all the effort from the devs tho)
And there are not enough roms that implement signature spoofing
Almost all the open source apps look like shit and are outdated (also appreciate the devs efforts)
.
.
.
YOU KNOW WHAT GOOGLE JUST TAKE MY DATA
I DONT GIVE A FUCK ANY MORE 😡😤😭
*Flashes Opengapps pico*

How do you prevent your software being vulnerable to IP address spoofing? Authentication? Certificates? VPN? Nah, just check the MAC address field of every packet. Nobody ever spoofed a MAC address before, that's just impossible. I thought that in binary there were only ones and zeros, but I guess nobody told me about the special tamper-resistant ones and zeros that MAC address fields are made of.

Oh, once you've done that, don't forget to tell the marketing people to put it in a brochure as an "innovation" for everyone to see.

I should post more of the crap the idiots I work "with" (quotes, because I am only here in body not mind) say. Especially when it comes to network stuff.

Lineageos finally found a way to add signature spoofing for microg. No need for special roms any more if you want to degoogle yourself.

Is spoofing your Mac to bypass the data usage limit of your college's network client, Cyberoam in my case, a criminal offence?

@dfox Was watching your live stream today and you talked about security... You should really add an HSTS preload directive to devrant.io to prevent spoofing.

tried to use devrant.com on a mobile browser: login only possible when spoofing desktop user agent, although at first sight, the site seems to work well in a responsive view. After upvoting 2 posts, website keeps nagging to install the app and sends disfunctional redirects. How can any website be broken on mobile in 2021?