StatusNettag:status.hackerposse.com,2024-03-28:TagTimeline:infosecNotices tagged with infosecUpdates tagged with infosec on Hacker Poesy!http://www.hackerposse.com/~rozzin/graphics/stills/ray-traced/ripple.png2024-03-28T19:08:19-04:00http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2020-03-23:noticeId=3290638:objectType=noteNew note by lnxw48a1Oh, wonderful. A #<span class="tag"><a href="https://nu.federati.net/tag/zeroday" rel="tag">Zero-day</a></span> with #<span class="tag"><a href="https://nu.federati.net/tag/rce" rel="tag">RCE</a></span> on #<span class="tag"><a href="https://nu.federati.net/tag/windows" rel="tag">Windows</a></span> ... currently unpatched. <br /><br /> See: <a href="https://freeradical.zone/@tek/103874683857159931" title="https://freeradical.zone/@tek/103874683857159931" rel="nofollow noreferrer" class="attachment">https://freeradical.zone/@tek/103874683857159931</a> <br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/infosec" rel="tag">infosec</a></span>http://activitystrea.ms/schema/1.0/post2020-03-23T22:34:00+00:002020-03-23T22:34:00+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2483953tag:nu.federati.net,2020-01-21:noticeId=3242455:objectType=notelnxw48a1 repeated a notice by tekRT @tek@freeradical.zone I have an awesome friend at Code for America, a non-profit based in SF (with some remote positions) that helps government better serve its people. They're working currently in safety net services, criminal justice reform, and easing the EITC participation gap.They're also currently hiring for security engineers:- <a href="http://status.hackerposse.com/url/19974" title="https://www.codeforamerica.org/jobs?gh_jid=2036230" class="attachment" id="attachment-19974" rel="nofollow external">http://status.hackerposse.com/url/19974</a> <a href="http://status.hackerposse.com/attachment/19975" class="attachment more" title="Show more">…</a>
https://nu.federati.net/notice/3242455
http://activitystrea.ms/schema/1.0/share2020-01-21T22:32:14+00:002020-01-21T22:32:14+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}http://activitystrea.ms/schema/1.0/activityhttps://freeradical.zone/users/tek/statuses/103523653264719091I have an awesome friend at Code for America, a non-profit based in SF (with some remote positions) that helps government better serve its people. They're working currently in safety net services, criminal justice reform, and easing the EITC participation gap.They're also currently hiring for security engineers:- <a href="http://status.hackerposse.com/url/19971" title="https://www.codeforamerica.org/jobs?gh_jid=2036230-" class="attachment" id="attachment-19971" rel="nofollow external">http://status.hackerposse.com/url/19971</a> h<a href="http://status.hackerposse.com/attachment/19973" class="attachment more" title="Show more">…</a>
https://freeradical.zone/users/tek/statuses/103523653264719091
http://activitystrea.ms/schema/1.0/post2020-01-21T22:26:28+00:002020-01-21T22:26:28+00:00http://activitystrea.ms/schema/1.0/personhttps://freeradical.zone/users/tektekPolitics ∪ tech ∪ security ∪ privacy ∪ O_o | Owner/admin of Free Radical | I blog about this at https://blog.freeradical.zone/tekTek dba TekPolitics ∪ tech ∪ security ∪ privacy ∪ O_o | Owner/admin of Free Radical | I blog about this at https://blog.freeradical.zone/http://activitystrea.ms/schema/1.0/notehttps://freeradical.zone/users/tek/statuses/103523653264719091New note by tekI have an awesome friend at Code for America, a non-profit based in SF (with some remote positions) that helps government better serve its people. They're working currently in safety net services, criminal justice reform, and easing the EITC participation gap.They're also currently hiring for security engineers:- <a href="http://status.hackerposse.com/url/19971" title="https://www.codeforamerica.org/jobs?gh_jid=2036230-" class="attachment" id="attachment-19971" rel="nofollow external">http://status.hackerposse.com/url/19971</a> h<a href="http://status.hackerposse.com/attachment/19973" class="attachment more" title="Show more">…</a>https://nu.federati.net/conversation/2460846https://nu.federati.net/conversation/2460846http://activitystrea.ms/schema/1.0/notehttps://freeradical.zone/users/tek/statuses/103523653264719091New note by tekI have an awesome friend at Code for America, a non-profit based in SF (with some remote positions) that helps government better serve its people. They're working currently in safety net services, criminal justice reform, and easing the EITC participation gap.They're also currently hiring for security engineers:- <a href="http://status.hackerposse.com/url/19971" title="https://www.codeforamerica.org/jobs?gh_jid=2036230-" class="attachment" id="attachment-19971" rel="nofollow external">http://status.hackerposse.com/url/19971</a> h<a href="http://status.hackerposse.com/attachment/19973" class="attachment more" title="Show more">…</a>http://activitystrea.ms/schema/1.0/post2020-01-21T22:26:28+00:002020-01-21T22:26:28+00:00http://activitystrea.ms/schema/1.0/personhttps://freeradical.zone/users/tektekPolitics ∪ tech ∪ security ∪ privacy ∪ O_o | Owner/admin of Free Radical | I blog about this at https://blog.freeradical.zone/tekTek dba TekPolitics ∪ tech ∪ security ∪ privacy ∪ O_o | Owner/admin of Free Radical | I blog about this at https://blog.freeradical.zone/https://nu.federati.net/conversation/2460846http://activitystrea.ms/schema/1.0/notetag:status.hackerposse.com,2018-11-21:noticeId=131904:objectType=noteNew note by rozzinConversations with kids, about #<span class="tag"><a href="https://status.hackerposse.com/tag/umwelt" rel="tag">umwelt</a></span>, #<span class="tag"><a href="https://status.hackerposse.com/tag/superpowers" rel="tag">superpowers</a></span>, and #<span class="tag"><a href="https://status.hackerposse.com/tag/infosec" rel="tag">infosec</a></span>:<br /> <br /> "Why are they looking at me?" <br /> "Because they heard you fart."<br /> "Whhhhat do you mean?!?!"<br /> "Hearing people can hear farts." <br /> … <br /> <a href="https://www.jwz.org/blog/2018/11/tell-them-to-stop-listening-to-my-farts/" title="https://www.jwz.org/blog/2018/11/tell-them-to-stop-listening-to-my-farts/" class="attachment" id="attachment-18027" rel="nofollow external">https://www.jwz.org/blog/2018/11/tell-them-to-stop-listening-to-my-farts/</a> <br /> !<a href="https://eduposse.org/group/3/id" class="h-card group" title="Education Posse (education)">education</a> !<a href="http://eduposse.org/group/310/id" class="h-card group" title="Parenting (parenting)">parenting</a> #<span class="tag"><a href="https://status.hackerposse.com/tag/poop" rel="tag">poop</a></span> !<a href="http://sn.jonkman.ca/group/416/id" class="h-card group" title="Computer and Network Security (security)">security</a>http://activitystrea.ms/schema/1.0/post2018-11-21T18:55:42+00:002018-11-21T18:55:42+00:00http://activitystrea.ms/schema/1.0/personhttp://status.hackerposse.com/user/1rozzinRobotanist, FOSS engineer, artist w/ a superhuman ability to distinguish shades of khaki. FoxtrotGPS, libvisualid, GNU Robots maintainer.42.76537 -71.46757rozzinJoshua Judson RosenRobotanist, FOSS engineer, artist w/ a superhuman ability to distinguish shades of khaki. FoxtrotGPS, libvisualid, GNU Robots maintainer.Nashua, New Hampshire, USAhomepagehttp://www.hackerposse.com/~rozzintruetag:status.hackerposse.com,2018-11-21:noticeId=131904:objectType=thread:crc32=8ca5f90etag:social.umeahackerspace.se,2018-05-24:noticeId=2059751:objectType=notemmn repeated a notice by rysiekRT @rysiek With all my gripes with# Signal (centralized, non-federated, server-based, Electron-based desktop app), the fact that in my circle of contacts it's not longer the "pretty good solution we should be using" but the "pretty good solution we are using but looking for something better" is such a win.I just wanted to stop for a second and appreciate that.If we're<a href="http://status.hackerposse.com/attachment/17447" class="attachment more" title="Show more">…</a>
https://social.umeahackerspace.se/notice/2059751
http://activitystrea.ms/schema/1.0/share2018-05-24T05:48:55+00:002018-05-24T05:48:55+00:00http://activitystrea.ms/schema/1.0/personhttps://social.umeahackerspace.se/user/2mmnFree software and free culture fanatic.63.82842 20.25972mmnMMN-o ✅⃠Free software and free culture fanatic.Umeå, Swedenhomepagehttps://blog.mmn-o.se/truehttp://activitystrea.ms/schema/1.0/activityhttps://mastodon.social/users/rysiek/statuses/100079817104921655With all my gripes with# Signal (centralized, non-federated, server-based, Electron-based desktop app), the fact that in my circle of contacts it's not longer the "pretty good solution we should be using" but the "pretty good solution we are using but looking for something better" is such a win.I just wanted to stop for a second and appreciate that.If we're talking <a href="http://status.hackerposse.com/attachment/17446" class="attachment more" title="Show more">…</a>
https://mastodon.social/@rysiek/100079817104921655
http://activitystrea.ms/schema/1.0/post2018-05-23T17:33:38+00:002018-05-23T17:33:38+00:00http://activitystrea.ms/schema/1.0/personhttps://mastodon.social/users/rysiekrysiekHacker, activist, free-softie ◈ information security at https://isnic.is/ ◈ formerly at https://occrp.org/ ◈ my opinions are my own etc. ◈#foss #libre #privacy #infosec. ۬. :rysiekRysiekúr MemessonHacker, activist, free-softie ◈ information security at https://isnic.is/ ◈ formerly at https://occrp.org/ ◈ my opinions are my own etc. ◈#foss #libre #privacy #infosec. ۬. :http://activitystrea.ms/schema/1.0/notehttps://mastodon.social/users/rysiek/statuses/100079817104921655New note by rysiekWith all my gripes with# Signal (centralized, non-federated, server-based, Electron-based desktop app), the fact that in my circle of contacts it's not longer the "pretty good solution we should be using" but the "pretty good solution we are using but looking for something better" is such a win.I just wanted to stop for a second and appreciate that.If we're talking <a href="http://status.hackerposse.com/attachment/17446" class="attachment more" title="Show more">…</a>https://social.umeahackerspace.se/conversation/1170192https://social.umeahackerspace.se/conversation/1170192http://activitystrea.ms/schema/1.0/notehttps://mastodon.social/users/rysiek/statuses/100079817104921655New note by rysiekWith all my gripes with# Signal (centralized, non-federated, server-based, Electron-based desktop app), the fact that in my circle of contacts it's not longer the "pretty good solution we should be using" but the "pretty good solution we are using but looking for something better" is such a win.I just wanted to stop for a second and appreciate that.If we're talking <a href="http://status.hackerposse.com/attachment/17446" class="attachment more" title="Show more">…</a>http://activitystrea.ms/schema/1.0/post2018-05-23T17:33:38+00:002018-05-23T17:33:38+00:00http://activitystrea.ms/schema/1.0/personhttps://mastodon.social/users/rysiekrysiekHacker, activist, free-softie ◈ information security at https://isnic.is/ ◈ formerly at https://occrp.org/ ◈ my opinions are my own etc. ◈#foss #libre #privacy #infosec. ۬. :rysiekRysiekúr MemessonHacker, activist, free-softie ◈ information security at https://isnic.is/ ◈ formerly at https://occrp.org/ ◈ my opinions are my own etc. ◈#foss #libre #privacy #infosec. ۬. :https://social.umeahackerspace.se/conversation/1170192tag:social.umeahackerspace.se,2018-05-16:noticeId=2032103:objectType=notemmn repeated a notice by rysiekRT @<a href="https://mastodon.social/users/rysiek" class="h-card u-url p-nickname mention" title="rysiek ✅">rysiek</a> Oh boy. <a href="https://github.com/signalapp/Signal-Desktop/issues/1635tl;dr" title="https://github.com/signalapp/Signal-Desktop/issues/1635tl;dr" rel="nofollow external noreferrer" class="attachment">https://github.com/signalapp/Signal-Desktop/issues/1635tl;dr</a> Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.Gotta love #<span class="tag"><a href="https://social.umeahackerspace.se/tag/electron" rel="tag">Electron.</a></span> As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."#<span class="tag"><a href="https://social.umeahackerspace.se/tag/infosec" rel="tag">InfoSec</a></span>
https://social.umeahackerspace.se/notice/2032103
http://activitystrea.ms/schema/1.0/share2018-05-16T13:20:24+00:002018-05-16T13:20:24+00:00http://activitystrea.ms/schema/1.0/personhttps://social.umeahackerspace.se/user/2mmnFree software and free culture fanatic.63.82842 20.25972mmnMMN-o ✅⃠Free software and free culture fanatic.Umeå, Swedenhomepagehttps://blog.mmn-o.se/truehttp://activitystrea.ms/schema/1.0/activityhttps://mastodon.social/users/rysiek/statuses/100016443863112410<p>Oh boy. <a href="https://github.com/signalapp/Signal-Desktop/issues/1635" rel="nofollow"><span class="invisible">https://</span><span class="ellipsis">github.com/signalapp/Signal-De</span><span class="invisible">sktop/issues/1635</span></a></p><p>tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.</p><p>Gotta love <a href="https://mastodon.social/tags/electron" class="mention hashtag" rel="tag">#<span>Electron</span></a>. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."</p><p><a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="tag">#<span>InfoSec</span></a></p>
https://mastodon.social/@rysiek/100016443863112410
http://activitystrea.ms/schema/1.0/post2018-05-12T12:56:59+00:002018-05-12T12:56:59+00:00http://activitystrea.ms/schema/1.0/personhttps://mastodon.social/users/rysiekrysiekHacker, activist, free-softie ◈ information security at https://isnic.is/ ◈ formerly at https://occrp.org/ ◈ my opinions are my own etc. ◈#foss #libre #privacy #infosec. ۬. :rysiekRysiekúr MemessonHacker, activist, free-softie ◈ information security at https://isnic.is/ ◈ formerly at https://occrp.org/ ◈ my opinions are my own etc. ◈#foss #libre #privacy #infosec. ۬. :http://activitystrea.ms/schema/1.0/notehttps://mastodon.social/users/rysiek/statuses/100016443863112410New note by rysiek<p>Oh boy. <a href="https://github.com/signalapp/Signal-Desktop/issues/1635" rel="nofollow"><span class="invisible">https://</span><span class="ellipsis">github.com/signalapp/Signal-De</span><span class="invisible">sktop/issues/1635</span></a></p><p>tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.</p><p>Gotta love <a href="https://mastodon.social/tags/electron" class="mention hashtag" rel="tag">#<span>Electron</span></a>. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."</p><p><a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="tag">#<span>InfoSec</span></a></p>https://social.umeahackerspace.se/conversation/1151737https://social.umeahackerspace.se/conversation/1151737http://activitystrea.ms/schema/1.0/notehttps://mastodon.social/users/rysiek/statuses/100016443863112410New note by rysiek<p>Oh boy. <a href="https://github.com/signalapp/Signal-Desktop/issues/1635" rel="nofollow"><span class="invisible">https://</span><span class="ellipsis">github.com/signalapp/Signal-De</span><span class="invisible">sktop/issues/1635</span></a></p><p>tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.</p><p>Gotta love <a href="https://mastodon.social/tags/electron" class="mention hashtag" rel="tag">#<span>Electron</span></a>. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."</p><p><a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="tag">#<span>InfoSec</span></a></p>http://activitystrea.ms/schema/1.0/post2018-05-12T12:56:59+00:002018-05-12T12:56:59+00:00http://activitystrea.ms/schema/1.0/personhttps://mastodon.social/users/rysiekrysiekHacker, activist, free-softie ◈ information security at https://isnic.is/ ◈ formerly at https://occrp.org/ ◈ my opinions are my own etc. ◈#foss #libre #privacy #infosec. ۬. :rysiekRysiekúr MemessonHacker, activist, free-softie ◈ information security at https://isnic.is/ ◈ formerly at https://occrp.org/ ◈ my opinions are my own etc. ◈#foss #libre #privacy #infosec. ۬. :https://social.umeahackerspace.se/conversation/1151737http://activitystrea.ms/schema/1.0/notetag:mblog.kavehmoravej.com,2018-02-23:noticeId=17123:objectType=noteNew note by kavehAutomated Twitter phishing tool.<br /> <br /> <a href="https://github.com/omergunal/PoT" title="https://github.com/omergunal/PoT" class="attachment" rel="nofollow external">https://github.com/omergunal/PoT</a><br /> <br /> !<a href="https://social.ilikefreedom.ro/group/11/id" class="h-card group" title="infosec (infosec)">infosec</a> !<a href="http://sn.jonkman.ca/group/416/id" class="h-card group" title="Computer and Network Security (security)">security</a>http://activitystrea.ms/schema/1.0/post2018-02-23T12:42:32+00:002018-02-23T12:42:32+00:00http://activitystrea.ms/schema/1.0/personhttps://mblog.kavehmoravej.com/user/1kaveh#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.kavehkaveh#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.earthhomepagehttps://kavehmoravej.comtruehttp://sn.jonkman.ca/conversation/1147661http://activitystrea.ms/schema/1.0/notetag:mblog.kavehmoravej.com,2018-02-23:noticeId=17122:objectType=noteNew note by kavehPinMe, a novel user-location mechanism that exploits non-sensory/sensory data stored on the smartphone, e.g., the environment's air pressure, along with publicly-available auxiliary information, e.g., elevation maps, to estimate the user's location when all location services, e.g., GPS, are turned off.<br /> <br /> <a href="https://arxiv.org/abs/1802.01468" title="https://arxiv.org/abs/1802.01468" class="attachment" rel="nofollow external">https://arxiv.org/abs/1802.01468</a><br /> <br /> !<a href="https://social.ilikefreedom.ro/group/11/id" class="h-card group" title="infosec (infosec)">infosec</a> !<a href="http://sn.jonkman.ca/group/416/id" class="h-card group" title="Computer and Network Security (security)">security</a>http://activitystrea.ms/schema/1.0/post2018-02-23T12:33:26+00:002018-02-23T12:33:26+00:00http://activitystrea.ms/schema/1.0/personhttps://mblog.kavehmoravej.com/user/1kaveh#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.kavehkaveh#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.earthhomepagehttps://kavehmoravej.comtruehttp://sn.jonkman.ca/conversation/1147651http://activitystrea.ms/schema/1.0/notetag:mblog.kavehmoravej.com,2018-02-16:noticeId=16701:objectType=noteNew note by kavehSSH-Audit, checks your SSH config and suggests improvements.<br /><br /><a href="https://github.com/arthepsy/ssh-audit" title="https://github.com/arthepsy/ssh-audit" class="attachment" rel="nofollow">https://github.com/arthepsy/ssh-audit</a><br /><br /> !<a href="https://social.ilikefreedom.ro/group/11/id" class="h-card group" title="infosec (infosec)">infosec</a> !<a href="http://sn.jonkman.ca/group/416/id" class="h-card group" title="Computer and Network Security (security)">security</a>http://activitystrea.ms/schema/1.0/post2018-02-16T19:37:43+00:002018-02-16T19:37:43+00:00http://activitystrea.ms/schema/1.0/personhttps://mblog.kavehmoravej.com/user/1kaveh#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.kavehkaveh#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.earthhomepagehttps://kavehmoravej.comtruehttp://sn.jonkman.ca/conversation/1144350http://activitystrea.ms/schema/1.0/notetag:mblog.kavehmoravej.com,2018-02-16:noticeId=16698:objectType=noteNew note by kavehWhat will the warrior-guardian of the future look like?<br /><br /> !<a href="https://social.ilikefreedom.ro/group/11/id" class="h-card group" title="infosec (infosec)">infosec</a> !<a href="http://sn.jonkman.ca/group/416/id" class="h-card group" title="Computer and Network Security (security)">security</a> <a href="https://mblog.kavehmoravej.com/file/49143203caff9416e237327995f2fbe815ac6eb495717c568aa83e581d25674d.jpg" title="https://mblog.kavehmoravej.com/file/49143203caff9416e237327995f2fbe815ac6eb495717c568aa83e581d25674d.jpg" class="attachment" rel="nofollow">https://mblog.kavehmoravej.com/attachment/2821</a>http://activitystrea.ms/schema/1.0/post2018-02-16T19:31:38+00:002018-02-16T19:31:38+00:00http://activitystrea.ms/schema/1.0/personhttps://mblog.kavehmoravej.com/user/1kaveh#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.kavehkaveh#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.earthhomepagehttps://kavehmoravej.comtruehttp://sn.jonkman.ca/conversation/1144347http://activitystrea.ms/schema/1.0/notetag:mblog.kavehmoravej.com,2017-08-04:noticeId=7577:objectType=noteNew note by kaveh306 Million Freely Downloadable Pwned Passwords (SHA1 hashed) and how this data can be employed to do good things:<br /> <br /> <a href="https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/" title="https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/" class="attachment" rel="nofollow external">https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/</a><br /> <br /> !<a href="http://sn.jonkman.ca/group/416/id" class="h-card group" title="Computer and Network Security (security)">security</a> !<a href="https://social.ilikefreedom.ro/group/11/id" class="h-card group" title="infosec (infosec)">infosec</a>http://activitystrea.ms/schema/1.0/post2017-08-04T17:11:33+00:002017-08-04T17:11:33+00:00http://activitystrea.ms/schema/1.0/personhttps://mblog.kavehmoravej.com/user/1kaveh#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.kavehkaveh#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.earthhomepagehttps://kavehmoravej.comtruehttp://sn.jonkman.ca/conversation/1036535http://activitystrea.ms/schema/1.0/notehttp://sn.jonkman.ca/notice/1451842New note by bobjonkmanformer♻ @JimHarris: LOVE THIS Cartoon! Why Security & Privacy Are Essential Given The Explosion Of Data Today #<span class="tag"><a href="http://sn.jonkman.ca/tag/bigdata" rel="tag">BigData</a></span> #<span class="tag"><a href="http://sn.jonkman.ca/tag/infosec" rel="tag">infosec</a></span> #<span class="tag"><a href="http://sn.jonkman.ca/tag/cybersecurity" rel="tag">CyberSecurity</a></span> #<span class="tag"><a href="http://sn.jonkman.ca/tag/sapphirenow" rel="tag">SAPPHIRENOW</a></span> <a href="https://cdn.andertoons.com/img/toons/cartoon6410.png" title="https://cdn.andertoons.com/img/toons/cartoon6410.png" class="attachment" rel="nofollow external">https://cdn.andertoons.com/img/toons/cartoon6410.png</a> ♻ via #<span class="tag"><a href="http://sn.jonkman.ca/tag/twitter" rel="tag">Twitter</a></span> !<span class="vcard"><a href="http://quitter.se/group/938/id" class="url" title="privacy (privacy)"><span class="fn nickname group">privacy</span></a></span>http://activitystrea.ms/schema/1.0/post2017-05-14T19:16:42+00:002017-05-14T19:16:42+00:00http://activitystrea.ms/schema/1.0/personhttp://sn.jonkman.ca/user/2bobjonkmanformerDon't use this account! Subscribe to me at https://gs.jonkman.ca/bobjonkman/43.60009 -80.5497bobjonkmanformerFormer Bob Jonkman -- Please use the new server at https://gs.jonkman.caDon't use this account! Subscribe to me at https://gs.jonkman.ca/bobjonkman/Elmira, Ontario, Canadahomepagehttps://gs.jonkman.ca/bobjonkmantruehttp://sn.jonkman.ca/conversation/962960http://twitter.com/#!/cjbprime/status/817486773106475009RT @panther_modern Remote Command Execution #<span class="tag"><a href="http://status.hackerposse.com/tag/infosec" rel="tag">infosec</a></span> <a href="https://t.co/SpOofQ2ckF" title="https://t.co/SpOofQ2ckF" class="attachment" id="attachment-13726" rel="nofollow external">https://t.co/SpOofQ2ckF</a>
http://twitter.com/#!/cjbprime/status/817486773106475009
http://activitystrea.ms/schema/1.0/share2017-01-06T21:44:35+00:002017-01-06T21:44:35+00:00http://activitystrea.ms/schema/1.0/personhttp://twitter.com/cjbprimecjbprimeVP Engineering @FlightCar, previously at @OLPC. Enjoying Python and JavaScript, Linux kernel dev, p2p/webrtc, photography, guitar, vegan food, bicycles.cjbprimeChris BallVP Engineering @FlightCar, previously at @OLPC. Enjoying Python and JavaScript, Linux kernel dev, p2p/webrtc, photography, guitar, vegan food, bicycles.Cambridge, MAhomepagehttp://t.co/Fn8BPoPvx9truetag:status.hackerposse.com,2017-01-06:noticeId=117121:objectType=thread:crc32=957d99c7http://twitter.com/#!/cjbprime/status/808828997102661632RT @x0rz The Mother of All Skimmers
http://twitter.com/#!/cjbprime/status/808828997102661632
http://activitystrea.ms/schema/1.0/share2016-12-14T00:21:47+00:002016-12-14T00:21:47+00:00http://activitystrea.ms/schema/1.0/personhttp://twitter.com/cjbprimecjbprimeVP Engineering @FlightCar, previously at @OLPC. Enjoying Python and JavaScript, Linux kernel dev, p2p/webrtc, photography, guitar, vegan food, bicycles.cjbprimeChris BallVP Engineering @FlightCar, previously at @OLPC. Enjoying Python and JavaScript, Linux kernel dev, p2p/webrtc, photography, guitar, vegan food, bicycles.Cambridge, MAhomepagehttp://t.co/Fn8BPoPvx9truetag:status.hackerposse.com,2016-12-14:noticeId=114538:objectType=thread:crc32=e2478173tag:n2.federati.net,2016-05-25:fave:1310:note:146803:2016-05-25T15:22:40+00:00Favoritebobjonkman2 favorited something by meitar: <h1><a href="https://news.ycombinator.com/item?id=11768980">Fabrication-Time Attacks on CPUs: Ken Thompson was right</a></h1> <blockquote> <p>While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party—often overseas—to fabricate their design. To guard against shipping chips with errors (intentional or otherwise) chip design companies rely on post-fabrication testing. Unfortunately, this type of testing leaves the door open to malicious modifications since attackers can craft attack triggers requiring a sequence of unlikely events, which will never be encountered by even<br /> the most diligent tester.</p> <p>In this paper, we show how a fabrication-time attacker can leverage analog circuits to create a hardware attack that is small (i.e., requires as little as one gate) and stealthy (i.e., requires an unlikely trigger sequence before effecting a chip’s functionality). In the open spaces of an already placed and routed design, we construct a circuit that uses capacitors to siphon charge from nearby wires as they transition between digital values. When the capacitors fully charge, they deploy an attack that forces a victim flip-flop to a desired value. We weaponize this attack into a remotely-controllable privilege escalation by attaching the capacitor to a wire controllable and by selecting a victim flip-flop that holds the privilege bit<br /> for our processor. We implement this attack in an OR1200 processor and fabricate a chip. Experimental results show that our attacks work, show that our attacks elude activation by a diverse set of benchmarks, and suggest that our attacks evade known defenses.</p> </blockquote> <p>The only practical defense against something like this for a layperson is to rely on technology that doesn't yet exist: open source hardware combined with next-gen home 3d printing capabilities. I'd be surprised if this sort of attack isn't already part of the NSA's black budget.</p> <p><a class="tag" href="/tags/surveillance">#surveillance</a> <a class="tag" href="/tags/hardware">#hardware</a> <a class="tag" href="/tags/NSA">#NSA</a> <a class="tag" href="/tags/security">#security</a> <a class="tag" href="/tags/infosec">#infosec</a></p>
https://n2.federati.net/notice/146809
http://activitystrea.ms/schema/1.0/favorite2016-05-25T15:22:40+00:002016-05-25T15:22:40+00:00http://activitystrea.ms/schema/1.0/personhttps://n2.federati.net/user/1310bobjonkman2Temporary account to help demonstrate GNU social federationbobjonkman2Bob JonkmanTemporary account to help demonstrate GNU social federationWaterloo Region, Ontario, Canadahomepagehttp://kwlug.org/node/992truehttp://activitystrea.ms/schema/1.0/notehttps://joindiaspora.com/p/7421446New note by meitarFabrication-Time Attacks on CPUs: Ken Thompson was right While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party—often overseas—to fabricate their design. To guard against shipping chips with erro<a href="http://status.hackerposse.com/attachment/10926" class="attachment more" title="Show more">…</a>tag:n2.federati.net,2016-05-25:objectType=thread:nonce=eb08b106e78bbbf2tag:n2.federati.net,2016-05-25:noticeId=146808:objectType=notebobjonkman2 repeated a notice by meitarRT @meitar Fabrication-Time Attacks on CPUs: Ken Thompson was right While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party—often overseas—to fabricate their design. To guard against shipping ch<a href="http://status.hackerposse.com/attachment/10927" class="attachment more" title="Show more">…</a>
https://n2.federati.net/notice/146808
http://activitystrea.ms/schema/1.0/share2016-05-25T15:22:37+00:002016-05-25T15:22:37+00:00http://activitystrea.ms/schema/1.0/personhttps://n2.federati.net/user/1310bobjonkman2Temporary account to help demonstrate GNU social federationbobjonkman2Bob JonkmanTemporary account to help demonstrate GNU social federationWaterloo Region, Ontario, Canadahomepagehttp://kwlug.org/node/992truehttp://activitystrea.ms/schema/1.0/activityhttps://joindiaspora.com/p/7421446Fabrication-Time Attacks on CPUs: Ken Thompson was right While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party—often overseas—to fabricate their design. To guard against shipping chips with erro<a href="http://status.hackerposse.com/attachment/10926" class="attachment more" title="Show more">…</a>
https://joindiaspora.com/p/7421446
http://activitystrea.ms/schema/1.0/post2016-05-25T15:16:45+00:002016-05-25T15:16:45+00:00http://activitystrea.ms/schema/1.0/personhttps://joindiaspora.com/u/meitarmeitarmeitarmaymayhttp://activitystrea.ms/schema/1.0/notehttps://joindiaspora.com/p/7421446New note by meitarFabrication-Time Attacks on CPUs: Ken Thompson was right While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party—often overseas—to fabricate their design. To guard against shipping chips with erro<a href="http://status.hackerposse.com/attachment/10926" class="attachment more" title="Show more">…</a>tag:n2.federati.net,2016-05-25:objectType=thread:nonce=eb08b106e78bbbf2tag:n2.federati.net,2016-05-25:objectType=thread:nonce=eb08b106e78bbbf2http://activitystrea.ms/schema/1.0/notehttps://joindiaspora.com/p/7421446New note by meitarFabrication-Time Attacks on CPUs: Ken Thompson was right While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party—often overseas—to fabricate their design. To guard against shipping chips with erro<a href="http://status.hackerposse.com/attachment/10926" class="attachment more" title="Show more">…</a>http://activitystrea.ms/schema/1.0/post2016-05-25T15:16:45+00:002016-05-25T15:16:45+00:00http://activitystrea.ms/schema/1.0/personhttps://joindiaspora.com/u/meitarmeitarmeitarmaymaytag:n2.federati.net,2016-05-25:objectType=thread:nonce=eb08b106e78bbbf2http://activitystrea.ms/schema/1.0/notetag:quitter.se,2015-06-17:noticeId=3803124:objectType=commentNew note by mcscxSwiftKey #<span class="tag"><a href="http://quitter.se/tag/exploit" rel="tag">exploit</a></span> turns Samsung #<span class="tag"><a href="http://quitter.se/tag/galaxy" rel="tag">Galaxy</a></span> phones into remote bugging devices <a href="http://qttr.at/rgr" title="http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/" class="attachment" rel="nofollow external">http://qttr.at/rgr</a> (via @<a href="https://gnusocial.de/fefelonger" class="h-card mention" title="fefelonger">fefelonger</a>) !<a href="http://quitter.se/group/897/id" class="h-card group" title="Android Group on StatusNet (android)">android</a> !<a href="https://social.ilikefreedom.ro/group/11/id" class="h-card group" title="infosec (infosec)">infosec</a> !<a href="http://sn.jonkman.ca/group/416/id" class="h-card group" title="Computer and Network Security (security)">security</a>http://activitystrea.ms/schema/1.0/post2015-06-17T10:46:22+00:002015-06-17T10:46:22+00:00http://activitystrea.ms/schema/1.0/personhttp://quitter.se/user/113454mcscx♂mcscxmcscx♂Germanyhttp://sn.jonkman.ca/conversation/555589http://activitystrea.ms/schema/1.0/notehttps://fresh.federati.net/notice/98986New note by lnxw48 <p>RP @<span class="vcard"><a href="http://quitter.se/ignurante" class="url" title="ignurante"><span class="fn nickname mention">ignurante</span></a></span> I agree. Better disable it: Using <span class="caps">WPS</span> on your Wi-Fi router may be even more dangerous than you think <a href="http://url.federati.net/9XDUp" title="http://ur1.ca/i485g" rel="nofollow external">http://url.federati.net/9XDUp</a> #<span class="tag"><a href="https://fresh.federati.net/tag/infosec" rel="tag">infosec</a></span> !<span class="vcard"><a href="http://sn.jonkman.ca/group/416/id" class="url" title="Computer and Network Security (security)"><span class="fn nickname group">security</span></a></span></p>http://activitystrea.ms/schema/1.0/post2014-09-04T20:08:47+00:002014-09-04T20:08:47+00:00http://activitystrea.ms/schema/1.0/personhttps://fresh.federati.net/user/54lnxw48lnxw48lnxw48 (Linux Walt)http://status.hackerposse.com/conversation/55376