hayden aiken πŸ‡ΊπŸ‡²

@aikensource@infosec.exchange
132 Followers
128 Following
579 Posts
Jesus follower. wife guy. recovering floridian.
infosec🀝natsec.
ops and open source lover.
b.s. cybersecurity.
highly mistrustful security enthusiast.
bloghttps://debug.openaiken.net
emailhayden@openaiken.net
githttps://github.com/openaiken
whiskeyneat
hayden aiken πŸ‡ΊπŸ‡²Jul 5, 2024
#catsofmastodon
hayden aiken πŸ‡ΊπŸ‡²Jun 28, 2023
I need help picking out a new firewall for my home lab 😌
hayden aiken πŸ‡ΊπŸ‡²Mar 7, 2023
im trying to migrate my cloud-based private minecraft server to a local rhel 9 box and after hours of troubleshooting I figured out that i have to disable fips on the kernel arguments for java to successfully negotiate encrypted connections
Show threadhayden aiken πŸ‡ΊπŸ‡²Feb 28, 2023
Chaser (they didn't actually tell me when they completed deleting my account):
hayden aiken πŸ‡ΊπŸ‡²Feb 11, 2023
Today's a great day for cyber 😁 2 new books to collect dust, and replacement SIMs after the Fi breach to help mitigate my SIM-Swapping risk 😌 #infosec
hayden aiken πŸ‡ΊπŸ‡²Jan 31, 2023

Looks like a (minor?) data breach at #GoogleFi probably (I suspect but maybe not) related to the recent breach at #TMobile.
Phone numbers and plan details but supposedly no overtly sensitive personal information 🫠

CC: @briankrebs

Show threadhayden aiken πŸ‡ΊπŸ‡²Jan 29, 2023
Shot:
hayden aiken πŸ‡ΊπŸ‡²Dec 31, 2022

I did a bit of a double take when I saw openssl coming from AUR instead of official repos for a system upgrade πŸ˜‚β€‹

https://aur.archlinux.org/packages/openssl-1.0

AUR (en) - openssl-1.0

hayden aiken πŸ‡ΊπŸ‡²Dec 24, 2022

RE: #LastPass, Just want to point out that @bitwarden doesn't follow the OWASP recommended minimum PBKDF2 iterations either:

Source: https://bitwarden.com/help/what-encryption-is-used/#pbkdf2

Encryption Protocols | Bitwarden

Learn how Bitwarden salts and hashes password data before sending it to the cloud for secure storage.

Bitwarden
hayden aiken πŸ‡ΊπŸ‡²Dec 19, 2022
Accidentally broke the housing on the top burr of my coffee grinder tonight while cleaning it πŸ₯²
Γ—
hayden aiken πŸ‡ΊπŸ‡²Dec 24, 2022

RE: #LastPass, Just want to point out that @bitwarden doesn't follow the OWASP recommended minimum PBKDF2 iterations either:

Source: https://bitwarden.com/help/what-encryption-is-used/#pbkdf2

Show threadhayden aiken πŸ‡ΊπŸ‡²Dec 24, 2022
I'm a bit aggravated that this issue was such a hot #InfoSec topic and Bitwarden (which I'll probably be switching myself and my wife to, personally, because they do a lot of stuff better) was tossed around as a recommendation without even verifying that they didn't have the same issue. High horse.
Show threadFritz AdalisDec 24, 2022
@aikensource
@bitwarden "by anyone at Bitwarden" seems oddly specific.
Show threadhayden aiken πŸ‡ΊπŸ‡²Dec 24, 2022
@FritzAdalis @bitwarden it's not, imo.
Cannot be reverse engineered is what it says. If you read the rest of their info on security and e2ee it's pretty clear that it works exactly like you'd hope+expect. They're just communicating to the layman. Because obviously the user has their password and would not need to reverse engineer it. And bitwarden can't (nor can their business partners, which are also listed on their site!) Reverse engineer it even if they wanted to. They're just... Explaining how hashes work. No need to read too far into it
Show threadFritz AdalisDec 24, 2022
@aikensource
@bitwarden Sorry, my reading comprehension is low today. Thanks for the correction.