savagejen is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
savagejen boosted

Here's the Debian Project's statement about the arrest of Dmitry Bogatov, a Debian Maintainer who worked in the Debian Haskell group and currently maintains several packages for command line and system tools. He was arrested by Russian authorities, and Debian has removed his keys from their servers in case they're compromised.

savagejen boosted

Just worked on a couple problems on ... nice for when you want to do some problem solving but don't have a project to work on.

Confidence and discouragement Show more

Confidence and discouragement Show more

savagejen boosted

For me the hardest part of making a Mastodon bot was figuring out the OAuth dance to get my access token.

Twitter offers a UI that does this for you, so I made one for Mastodon! It works on any instance, but it does require you to run a `curl` command (that it generates for you) at the very end. Hope you find it useful!

I mean if you see how to exploit it, feel free to speak up ๐Ÿ˜˜

Seems like there is a lot of interest in -2016-10229 so I went ahead and looked at it a little.

Start here:

Then read this commit:
Look at the code changes, it's not obviously vulnerable.

And then finally read this message from the commit author:

savagejen boosted

I just went around and did some basic nmap-ing on the most popular Mastodon instances, and there's some seriously sketchy stuff in there. Publicly reachable Postgres servers, tons of open internal HTTP ports, SSH with password login, multiple Mastodon instances that seem to be running on mail server VMs, โ€ฆ

I guess if you're just running a single-user instance for yourself, sure, but those are all 2000+ user instances.

It bothers me when people say "if you are good at X, you can't also be good at Y." I have heard the stereotype repeated often that devs are either good at seeing the big picture or the implementation details, but not both. It bothers me because I feel that I can do both, and in fact some of my most clever work was the result of using an implementation detail to subvert system design to fit my needs. Stop typecasting people along these lines.

Sunday morning. Vaguely wishing I was chilling on a couch with a good latte listening to someone spin chill out music.

Cloud at cost *still* hasn't processed payment for my VPS. :disappointed:

Has anyone tried the new keybase chat client?
What do you think of it?
(Source here: )

Are there any ccc affiliated instances yet? When are hackerspaces and chaostreffs going to stand up instances for their members?

(Specifically this happens when running a full scan)

Not for nothing, but I've found even just having old Zeus binaries (from the time period when the source was leaked) on the hard drive of a windows 10 box (in this case I have never run them at all) causes the box to blue screen and reboot, and upon startup Windows Defender reports that the scan completed successfully, even though it did not! I sent Microsoft a note about it weeks ago and never heard back.

This place already has better content than other social networks I've joined. Consistently seeing great infosec content posted. Maybe it's just the extra space to talk?

savagejen boosted

Have fun planting virus signatures in strange places that touch remote disks somehow/somewhere.


Change your mail sig to:

Or send it in a browser var, as a password (quickly find the sites that don't encrypt passwords), send to open syslogs, etc.

The some AV actually delete/quarantine the file (weblogs, mailspool, {u,w}tmp etc.)!

What are your ideas?

Inspired by:

savagejen boosted

The Shadow Brokers - don't read if you hold clearance Show more

savagejen boosted
savagejen boosted

Idea for another post privacy setting: visible only to mutuals.