Micah Lee πŸ”‘ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Micah Lee πŸ”‘ @micahflee@mastodon.social

Pinned toot

I'm running an OnionShare receive mode server in a Qubes AppVM on a desktop computer that I'll just leave online for a long time.

It's not quite stable yet, but here's the work-in-progress pull request: github.com/micahflee/onionshar

Anyway want to try sending me some files, anonymously and securely? Load this address in Tor Browser: uxhsndx5d3ufxqoj.onion/

Pinned toot

For the last two years I've carried a honeypot laptop with me every time I traveled. I checked it in my luggage, left it unattended in my hotel rooms. After each trip, I did forensic analysis on the laptop to detect if it had been tampered with.

I wrote about my experience and methodology here: theintercept.com/2018/04/28/co

And I think logging_on_to_the_internet.jpg was my favorite picture

Thank you to whoever sent in BufferOverflow.lib.

And thank you for all these PDFs:
./Italys_Surveillance_Toolbox_-_34C3_Finale.pdf
./anarchistcookbook2000.pdf
./CA-Models.pdf
./Enigmail_Handbook_1.8_en.pdf
./interpol-2073-03-13.pdf
./Feminist-Activism-and-Digital-Networks-Between-Empowerment-and-Vulnerability.pdf
./CrackedLabs_WChristl_Corporate.Surveillance.in.Everyday.Life.pdf

lol who sent me Deanonymizing_Tor_Hidden_Service_Traffic_Through_HSDir_Is_A_Cake_Walk_Say_Researchers_HITB_Presenters_Showcase_New_Threats__Player.One.pdf?

Don't work v3 onion services are coming soon! And my OnionShare receive mode AppVM's netvm is set to a VPN proxyVM, so deanonymizing it won't actually reveal my real IP, it will reveal my VPN's IP.

I'm running an OnionShare receive mode server in a Qubes AppVM on a desktop computer that I'll just leave online for a long time.

It's not quite stable yet, but here's the work-in-progress pull request: github.com/micahflee/onionshar

Anyway want to try sending me some files, anonymously and securely? Load this address in Tor Browser: uxhsndx5d3ufxqoj.onion/

'The West Wing official refuted the idea that the presence of a camera and microphone on the president’s phone posed any risk, telling POLITICO, β€œDue to inherent capabilities and advancement in technologies, these devices are more secure than any Obama-era devices.”'

πŸ˜‚πŸ€£πŸ˜…

politico.com/story/2018/05/21/

Does anyone still use 32-bit Windows? At what point can devs who release Windows software stop releasing 32-bit software and only 64-bit?

is a software by @micahflee that helps you share a file of any size securely and anonymously. It runs through Tor so you're even not giving away the metadata of your sharing process; everything stays between you and people you share your files with. It works on Linux, Mac and Windows.

onionshare.org/

Digital PTSD is real: Journalists covering the alt-right are experiencing the debilitating effects of online harassment and violent imagey

theoutline.com/post/4543/journ

I haven't found this trivial bypass myself, but I'm not at all surprised that the latest patched Thunderbird/Enigmail is still vulnerable (only if you allow remote content, of course)

I made my efail exploit work against Thunderbird. Just confirmed that it works with Enigmail 2.0, but Enigmail 2.0.4 (released today) successfully thwarts it.

I'm trying to modify the payload to use css as a background (like background-image: url()) but so far I haven't gotten Thunderbird to actually load it

PGP users,

I implemented a simple exploit for Apple Mail, which is vulnerable to direct exfiltration with its default settings. The mitigation, disabling remote content, works but is brittle. So never click "Load Remote Content". (Thunderbird/Enigmail is vulnerable in a similar way, but I haven't tried that one yet.)

youtube.com/watch?v=_67Pz9zpPb

It's been like almost a decade since I last jailbroke an iPhone

Meet Sunder, a New Way to Share Secrets
freedom.press/news/meet-sunder

Check it out, Snowden and cryptographer Frederic Jacobs originally came up with the concept and it's finally ready for testing. A usable implementation of Shamir's Secret Sharing scheme, with crypto implemented in rust.

Senate report strongly implies Russian hacking story was a public service β€” but whistleblower Reality Winner remains in jail (by James Risen)
theintercept.com/2018/05/09/ru

WikiLeaks Show more