Micah Lee π @micahflee@mastodon.social
Digital security/software dev/journalist
I'm running an OnionShare receive mode server in a Qubes AppVM on a desktop computer that I'll just leave online for a long time.
It's not quite stable yet, but here's the work-in-progress pull request: https://github.com/micahflee/onionshare/pull/695
Anyway want to try sending me some files, anonymously and securely? Load this address in Tor Browser: http://uxhsndx5d3ufxqoj.onion/
For the last two years I've carried a honeypot laptop with me every time I traveled. I checked it in my luggage, left it unattended in my hotel rooms. After each trip, I did forensic analysis on the laptop to detect if it had been tampered with.
I wrote about my experience and methodology here: https://theintercept.com/2018/04/28/computer-malware-tampering/
The road towards an integrated SecureDrop Workstation based on Qubes OS https://securedrop.org/news/road-towards-integrated-securedrop-workstation/
Judge rules that it's a Constitutional violation for Trump to block people on Twitter http://thehill.com/regulation/389021-judge-rules-trump-cant-block-users-on-twitter
And I think logging_on_to_the_internet.jpg was my favorite picture
Thank you to whoever sent in BufferOverflow.lib.
And thank you for all these PDFs:
./Italys_Surveillance_Toolbox_-_34C3_Finale.pdf
./anarchistcookbook2000.pdf
./CA-Models.pdf
./Enigmail_Handbook_1.8_en.pdf
./interpol-2073-03-13.pdf
./Feminist-Activism-and-Digital-Networks-Between-Empowerment-and-Vulnerability.pdf
./CrackedLabs_WChristl_Corporate.Surveillance.in.Everyday.Life.pdf
lol who sent me Deanonymizing_Tor_Hidden_Service_Traffic_Through_HSDir_Is_A_Cake_Walk_Say_Researchers_HITB_Presenters_Showcase_New_Threats__Player.One.pdf?
Don't work v3 onion services are coming soon! And my OnionShare receive mode AppVM's netvm is set to a VPN proxyVM, so deanonymizing it won't actually reveal my real IP, it will reveal my VPN's IP.
I'm running an OnionShare receive mode server in a Qubes AppVM on a desktop computer that I'll just leave online for a long time.
It's not quite stable yet, but here's the work-in-progress pull request: https://github.com/micahflee/onionshare/pull/695
Anyway want to try sending me some files, anonymously and securely? Load this address in Tor Browser: http://uxhsndx5d3ufxqoj.onion/
'The West Wing official refuted the idea that the presence of a camera and microphone on the presidentβs phone posed any risk, telling POLITICO, βDue to inherent capabilities and advancement in technologies, these devices are more secure than any Obama-era devices.β'
ππ€£π
https://www.politico.com/story/2018/05/21/trump-phone-security-risk-hackers-601903
NASA Is Launching a Box of Lasers to Make the Coldest Spot In the Universe https://www.space.com/40631-nasa-coldest-spot-universe-laser-box.html
Does anyone still use 32-bit Windows? At what point can devs who release Windows software stop releasing 32-bit software and only 64-bit?
#OnionShare is a #FLOSS software by @micahflee that helps you share a file of any size securely and anonymously. It runs through Tor so you're even not giving away the metadata of your sharing process; everything stays between you and people you share your files with. It works on Linux, Mac and Windows.
Digital PTSD is real: Journalists covering the alt-right are experiencing the debilitating effects of online harassment and violent imagey
I haven't found this trivial bypass myself, but I'm not at all surprised that the latest patched Thunderbird/Enigmail is still vulnerable (only if you allow remote content, of course)
It has been a bad week for encrypted messaging and itβs only Wednesday
Oops! Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US https://motherboard.vice.com/en_us/article/gykgv9/securus-phone-tracking-company-hacked #infosec
I made my efail exploit work against Thunderbird. Just confirmed that it works with Enigmail 2.0, but Enigmail 2.0.4 (released today) successfully thwarts it.
I'm trying to modify the payload to use css as a background (like background-image: url()) but so far I haven't gotten Thunderbird to actually load it
PGP users,
I implemented a simple #efail exploit for Apple Mail, which is vulnerable to direct exfiltration with its default settings. The mitigation, disabling remote content, works but is brittle. So never click "Load Remote Content". (Thunderbird/Enigmail is vulnerable in a similar way, but I haven't tried that one yet.)
https://www.youtube.com/watch?v=_67Pz9zpPb0&feature=youtu.be
It's been like almost a decade since I last jailbroke an iPhone
Meet Sunder, a New Way to Share Secrets
https://freedom.press/news/meet-sunder-new-way-share-secrets/
Check it out, Snowden and cryptographer Frederic Jacobs originally came up with the concept and it's finally ready for testing. A usable implementation of Shamir's Secret Sharing scheme, with crypto implemented in rust.
Senate report strongly implies Russian hacking story was a public service β but whistleblower Reality Winner remains in jail (by James Risen)
https://theintercept.com/2018/05/09/russian-hacking-us-election-senate-reality-winner/
WikiLeaks Show more
