hayden aiken πŸ‡ΊπŸ‡²

@aikensource@infosec.exchange
132 Followers
128 Following
579 Posts
Jesus follower. wife guy. recovering floridian.
infosec🀝natsec.
ops and open source lover.
b.s. cybersecurity.
highly mistrustful security enthusiast.
bloghttps://debug.openaiken.net
emailhayden@openaiken.net
githttps://github.com/openaiken
whiskeyneat
hayden aiken πŸ‡ΊπŸ‡²Jul 5, 2024
#catsofmastodon
hayden aiken πŸ‡ΊπŸ‡²Jun 28, 2023
I need help picking out a new firewall for my home lab 😌
hayden aiken πŸ‡ΊπŸ‡²Mar 7, 2023
im trying to migrate my cloud-based private minecraft server to a local rhel 9 box and after hours of troubleshooting I figured out that i have to disable fips on the kernel arguments for java to successfully negotiate encrypted connections
Show threadhayden aiken πŸ‡ΊπŸ‡²Feb 28, 2023
Chaser (they didn't actually tell me when they completed deleting my account):
hayden aiken πŸ‡ΊπŸ‡²Feb 11, 2023
Today's a great day for cyber 😁 2 new books to collect dust, and replacement SIMs after the Fi breach to help mitigate my SIM-Swapping risk 😌 #infosec
hayden aiken πŸ‡ΊπŸ‡²Jan 31, 2023

Looks like a (minor?) data breach at #GoogleFi probably (I suspect but maybe not) related to the recent breach at #TMobile.
Phone numbers and plan details but supposedly no overtly sensitive personal information 🫠

CC: @briankrebs

Show threadhayden aiken πŸ‡ΊπŸ‡²Jan 29, 2023
Shot:
hayden aiken πŸ‡ΊπŸ‡²Dec 31, 2022

I did a bit of a double take when I saw openssl coming from AUR instead of official repos for a system upgrade πŸ˜‚β€‹

https://aur.archlinux.org/packages/openssl-1.0

AUR (en) - openssl-1.0

hayden aiken πŸ‡ΊπŸ‡²Dec 24, 2022

RE: #LastPass, Just want to point out that @bitwarden doesn't follow the OWASP recommended minimum PBKDF2 iterations either:

Source: https://bitwarden.com/help/what-encryption-is-used/#pbkdf2

Encryption Protocols | Bitwarden

Learn how Bitwarden salts and hashes password data before sending it to the cloud for secure storage.

Bitwarden
hayden aiken πŸ‡ΊπŸ‡²Dec 19, 2022
Accidentally broke the housing on the top burr of my coffee grinder tonight while cleaning it πŸ₯²
Γ—
hayden aiken πŸ‡ΊπŸ‡²Dec 31, 2022

I did a bit of a double take when I saw openssl coming from AUR instead of official repos for a system upgrade πŸ˜‚β€‹

https://aur.archlinux.org/packages/openssl-1.0

Show threadFelix Yan 🦊Dec 31, 2022

@aikensource It's happening all the time :)

We even have a script to move packages from repos to AUR these days: https://github.com/archlinux/contrib/blob/master/aur/repos2aur

contrib/repos2aur at master Β· archlinux/contrib

Arch contrib scripts. Contribute to archlinux/contrib development by creating an account on GitHub.

GitHub
Show threadhayden aiken πŸ‡ΊπŸ‡²Dec 31, 2022
@felixonmars makes sense! I'm happy I was allowed some capacity to verify what was going on. I do wish there was a bit of a more immediately apparent way to verify the identity of developers on an AUR package or verify the authenticity of the package itself, at least in cases such as this where the package will be a critical system utility, at least for something. Arch (can't say the same for manjaro which is what I'm running) has never really let me down in terms of documentation and accountability but maybe it could be a bit friendlier. Just pontificating