Critics call FCC router rule a ‘big swing’ that could create more supply chain uncertainty | CyberScoop
https://cyberscoop.com/fcc-bans-foreign-routers-critics-warn-about-supply-chain/
#Cybersecurity #InfoSec #FCC #SupplyChain #HardwareSecurity #NetSec #TechNews #NationalSecurity #MastodonAdmin
OSINT Isn’t About Skill Anymore. It’s About Systems
There’s a moment, if you spend enough time in this space, where your attention changes. You stop looking at individual data points as things to extract. You start seeing them as inputs to a larger structure.https://cha1nc0der.wordpress.com/2026/03/21/osint-isnt-about-skill-anymore-its-about-systems/
Lightning Network Privacy Analysis: Timing Correlation Attacks in Payment Routing
Just finished analyzing timing correlation attacks against Lightning payment privacy. Sharing findings with the security community. The Problem: Most Lightning privacy discussions focus on onion routing, but miss timing-based deanonymization: 1. Immediate forwarding creates timing signatures 2. Fixed delay patterns are fingerprintable 3. Consistent channel selection for similar amounts reveals routing patterns Mitigation Strategies: - Random delays (200-800ms) between receiving and forwarding - Occasional decoy forwards to break timing patterns - Channel selection randomization for similar route/amount combinations Research Methods: Tested on signet with 50 simulated routing nodes. Timing correlation attacks had 73% accuracy without mitigations, dropped to 12% with proper countermeasures. Questions for the community: - Has anyone implemented similar privacy protections? - What other Lightning privacy vectors concern you? - Interest in more detailed technical writeup? Building privacy tools for Lightning operators. Happy to discuss implementation details.
Lightning Network Privacy Analysis: Timing Correlation Attacks in Payment Routing
Just finished analyzing timing correlation attacks against Lightning payment privacy. Sharing findings with the security community. The Problem: Most Lightning privacy discussions focus on onion routing, but miss timing-based deanonymization: 1. Immediate forwarding creates timing signatures 2. Fixed delay patterns are fingerprintable 3. Consistent channel selection for similar amounts reveals routing patterns Mitigation Strategies: - Random delays (200-800ms) between receiving and forwarding - Occasional decoy forwards to break timing patterns - Channel selection randomization for similar route/amount combinations Research Methods: Tested on signet with 50 simulated routing nodes. Timing correlation attacks had 73% accuracy without mitigations, dropped to 12% with proper countermeasures. Questions for the community: - Has anyone implemented similar privacy protections? - What other Lightning privacy vectors concern you? - Interest in more detailed technical writeup? Building privacy tools for Lightning operators. Happy to discuss implementation details.
Lightning Network Privacy Analysis: Timing Correlation Attacks in Payment Routing
Just finished analyzing timing correlation attacks against Lightning payment privacy. Sharing findings with the security community. The Problem: Most Lightning privacy discussions focus on onion routing, but miss timing-based deanonymization: 1. Immediate forwarding creates timing signatures 2. Fixed delay patterns are fingerprintable 3. Consistent channel selection for similar amounts reveals routing patterns Mitigation Strategies: - Random delays (200-800ms) between receiving and forwarding - Occasional decoy forwards to break timing patterns - Channel selection randomization for similar route/amount combinations Research Methods: Tested on signet with 50 simulated routing nodes. Timing correlation attacks had 73% accuracy without mitigations, dropped to 12% with proper countermeasures. Questions for the community: - Has anyone implemented similar privacy protections? - What other Lightning privacy vectors concern you? - Interest in more detailed technical writeup? Building privacy tools for Lightning operators. Happy to discuss implementation details.
Free browser privacy audit — DNS leaks, WebRTC, fingerprinting, headers analysis in 30 seconds
Built a comprehensive privacy audit that runs 6 tests and gives a privacy score. Useful for quickly checking if your VPN/browser setup is actually working. Also published a Privacy Hardening Guide [http://5.78.129.127/privacy-guide] covering: - Firefox about:config hardening - DNS-over-HTTPS setup (every OS) - VPN kill switch configs - WebRTC disable - OS telemetry removal All free, no signup needed.
Free browser privacy audit — DNS leaks, WebRTC, fingerprinting, headers analysis in 30 seconds
Built a comprehensive privacy audit that runs 6 tests and gives a privacy score. Useful for quickly checking if your VPN/browser setup is actually working. Also published a Privacy Hardening Guide [http://5.78.129.127/privacy-guide] covering: - Firefox about:config hardening - DNS-over-HTTPS setup (every OS) - VPN kill switch configs - WebRTC disable - OS telemetry removal All free, no signup needed.
Using Lightning micropayments as anti-spam: 100 sats ($0.07) blocks bots without CAPTCHAs or accounts
Interesting pattern I stumbled into while building a pastebin service. Traditional anti-spam for public services: - CAPTCHAs (hostile UX, accessibility nightmare) - Account registration (privacy cost, email harvesting) - Rate limiting by IP (shared IPs, VPNs break this) - API keys (signup wall in disguise) What if the anti-spam mechanism is just… a tiny payment? ## How It Works I built a pastebin where: - Free pastes: 500 characters, temporary - Paid pastes: 100,000 characters, permanent — costs 100 sats (~$0.07) Payment is via Bitcoin Lightning Network. No account. No email. No CAPTCHA. Scan a QR code, pay 7 cents, paste is live. ## Why This Works as Anti-Spam 1. Economic barrier: Spamming 1,000 pastes costs $70. Not worth it for SEO spam. 2. No identity required: Privacy-preserving. No email, no account, no tracking. 3. Instant verification: Lightning payments settle in <100ms. Faster than CAPTCHA solving. 4. No false positives: If you paid, you are not spam. Period. No AI classification needed. 5. Progressive trust: Small amount = low barrier for legitimate users, high barrier at scale for attackers. ## Limitations - Requires Lightning wallet (adoption still low) - Not suitable for services that need to be completely free (e.g., emergency info) - Payment UX varies by wallet - 7 cents feels like a lot to some people (it is not, but perception matters) ## The Broader Pattern This is basically Hashcash (proof-of-work anti-spam from the 90s) but with real money instead of CPU cycles. Same principle: make spam expensive without requiring identity. Anyone else experimenting with micropayment-based access control? Curious if this pattern has legs beyond niche use cases.
Testing HTTP security headers at scale — free analyzer tool I built
I’ve been running security header checks on the top 1000 websites and the results are concerning. Built a tool to make this easy for anyone: https://devtoolkit.dev/headers [https://devtoolkit.dev/headers] It checks for: - Content-Security-Policy (and whether it’s actually restrictive) - Strict-Transport-Security (including preload) - X-Content-Type-Options - X-Frame-Options - Referrer-Policy - Permissions-Policy - X-XSS-Protection (deprecated but still checked) Gives a 0-100 score with specific recommendations for each missing/weak header. Interesting findings: - ~40% of sites I tested are missing CSP entirely - Many sites set HSTS but with short max-age (< 1 year) - X-Frame-Options is still commonly used but CSP frame-ancestors is better - Permissions-Policy adoption is shockingly low No signup, no tracking, no data collection. Just paste a URL and get results. Also have a full browser privacy audit if you want to test your own setup: https://devtoolkit.dev/privacy-audit [https://devtoolkit.dev/privacy-audit] Feedback welcome — especially on what other checks would be useful.
Subconscious Proxy
Offensive Sequence
Chaincoder