Chris John Riley  

@[email protected]
1.9K Followers
619 Following
1.8K Posts

I'm just this guy, you know!

- Views my own πŸ˜‡
- Security Advisor @ Stealth Startup πŸ‘”
- ex-Staff Security dino @ Google πŸ¦•
- Purveyor of fine whisky πŸ₯ƒ, hard mixes 🎧🎚️, & fresh bull πŸ’©
- Zurich πŸ‡¨πŸ‡­ / Valencia πŸ‡ͺπŸ‡Έ
- FI/RE

DJ Mixes https://mixcloud.com/c22dnb #dnb #DrumAndBass

Twitter :twitter:https://twitter.com/intent/user?screen_name=ChrisJohnRiley
Blog ✍️https://blog.c22.cc
GitHub :github:https://github.com/ChrisJohnRiley
Chris John Riley  3d ago
badkeys3d ago

I reported an insecure DKIM key to Deutsche Telekom / T-Systems. They first asked me to further explain things (not sure why 'Here's your DKIM private key' needs more explanation, but whatever...). Then they told me it's out of scope for their bugbounty.

I guess then there's really no reason not to tell you: They have a 384 bit RSA DKIM key configured at: dkim._domainkey.t-systems.nl

384 bit RSA is... how shall I put it? I think 512 bit is the lowest RSA key size that was ever really used. 384 bit RSA is crackable in a few hours on a modern PC (using cado-nfs). The private key is:
-----BEGIN RSA PRIVATE KEY-----
MIHxAgEAAjEAtTliQYV2Xvx1OGkDyOL799BTFEuobY2dn2AgtiKCQgrh78NVK1JK
j0yRXgNnPpGBAgMBAAECMF0t+TBZUCi8xATSMij7VLTxv5Xi5OIXesNiXOKtYIRP
LkpYfR5PggaMScfbmqSssQIZAMwOhm9d7Y7Qi7I2j1AlYbiqdtqO54T7FQIZAONa
9dJFkC6lM3EPXR+0SZ4dqwwpiM0nvQIYYgz8thi5JK264ohq9sTvnu9yKvUN9I09
AhgfgMYZKcxtujRjkSZtMzUUNLYzzDmJe90CGDKwqcBI0v9ChaR8WHht+/chMdxj
7ez94w==
-----END RSA PRIVATE KEY-----

Chris John Riley  Apr 11
BeyondMachines Apr 11
Lo and behold
Chris John Riley  Apr 10
Election interference at its finest… Trump can't keep his little hands off anything can he.
Chris John Riley  Apr 10

Are any people here good with portfolio creation? Looking for feedback on an adjusted EU focused golden ratio portfolio using mutual funds (for reasons).

---

* Equities (42% Total): I've split this into 32% Global Stock Index (IE00B03HD084) for the core beta and a 10% Small Cap Value tilt via Dimensional (IE00B2PC0716) to capture the factor premium.

* Defense (20%): Pure long-term insurance using 20+ Yr Euro Treasuries (IE00BGCZOL51) for deflationary protection.

* Trend Following (16%): iMGP DBi Managed Futures (LU2550036409) as a "crisis alpha" engine to dampen volatility when stocks and bonds correlate.

* Precious Metals (16% Total): Split 8% into a Physical Gold ETC (IE00B579F325) and 8% into a rebalancing "swing" fund (FR0011170786). The ETC isn't transferrable tax-free, so is used as a base.

* Cash / ST (6%): Immediate liquidity via short-term government bonds.

#Finance #FIRE

Chris John Riley  Apr 9
BleepingComputerApr 9

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies.

https://www.bleepingcomputer.com/news/security/google-chrome-adds-infostealer-protection-against-session-cookie-theft/

Google Chrome adds infostealer protection against session cookie theft

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies.

BleepingComputer
Chris John Riley  Apr 8

This just in:

Man interfering in election says he's "not interfering in election" while totally interfering in election.

Chris John Riley  Apr 8
Cool. I've set a timer to check in a year (manually)
Chris John Riley  Apr 8
Ars TechnicaApr 8
Iran demands cryptocurrency toll from tankers passing through Strait of Hormuz
Any tanker passing must reveal its cargo so Iran can determine transit fee amount.
https://arstechnica.com/tech-policy/2026/04/iran-demands-cryptocurrency-toll-from-tankers-passing-through-strait-of-hormuz/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
Chris John Riley  Apr 7
Will DormannApr 6

There's a new Windows 0day LPE that has been disclosed called BlueHammer. The reporter suggests that it's being disclosed due to how MSRC operates these days.

MSRC used to be quite excellent to work with.
But to save money Microsoft fired the skilled people, leaving flowchart followers.
I wouldn't be surprised if Microsoft closed the case after the reporter refused to submit a video of the exploit, since that's apparently an MSRC requirement now. πŸ˜‚

Anyway, yeah, it works. Maybe not 100% reliably, but well enough...

Chris John Riley  Apr 2
abadideaApr 2

IT'S HAPPENING

GITHUB, THE FIRST ENTERPRISE CLOUD SOLUTION TO REACH ZERO NINES RELIABILITY

https://mrshu.github.io/github-statuses/

#github