New #TunnelCrack flaw can break a large majority of VPNs: we can trick a VPN into leaking traffic outside the protected VPN tunnel. Our tests indicate that this is a widespread design issue. For a demo, more details, and the USENIX Security paper, see https://tunnelcrack.mathyvanhoef.com

Friends, I've just activated accounts for two big BBC radio brands on here - @BBCRadio4 and @BBC5Live. It's part of an experiment that @tristanf and @BBCRD colleagues are running. We want to learn more about publishing, management, governance etc. in a fediverse/ActivityPub world. Follow and let us know what you'd like to see from the Beeb in the fediverse

Hey, my dear friends! I'm back! I recently went through a tough time because of some serious security mistakes I made. Let me tell you what happened:

Mistake 1: Recursive 2FA Loop
I use a cool app called @[email protected] Auth as my authenticator, which requires email verification to log in. The problem was that I used my regular email for my Auth account, which has 2FA enabled. So, if I couldn't log in to Ente Auth, I couldn't access my email, and without email access, I couldn't log in to Ente Auth. It was a frustrating loop!

Mistake 2: Forgotten Phone Password
I recently visited a relative and took a break from carrying multiple devices. On Saturday (June 3), I decided to make my phone password stronger by adding a 4-digit code after my previous password. However, I never imagined I would forget the code within 72 hours. Unfortunately, my Samsung phone requires the password every 72 hours, even with biometrics enabled.

The real trouble began when I couldn't remember the password correctly. Since I had no other devices with me, I lost access to everything instantly. I couldn't access Ente Auth or my password managers. I tried more than 85 different passwords, but none worked on my phone.

In desperation, I reached out to the Ente.io Team through their Matrix channel. At first, I thought they had to disable email verification for me. But Vishnu came to the rescue and shared the verification code sent to my email via Matrix. That allowed me to successfully log in. The first thing I did was change the email to break the 2FA loop.

Today, I finally wiped all the data from my phone and regained access to my other devices. Luckily, I had regularly backed up my secret keys, like SSH.

I'm really sorry for everything that happened in the last 5-6 days. To prevent such situations in the future, I will appoint a new administrator to help maintain NixOrigin. If any of you are interested, please let me know.

Thanks a bunch! 😊

#OpSec #FediAdmin #nixorigin #neo #mitexleo #PixelfedAdmin #Pixelfed