boomhauer

@boomhauer@infosec.exchange
16 Followers
159 Following
1.2K Posts
Yeah, man, I tell you what, man. That dang ol' Internet, man. You just go on there and point and click. Talk about W-W-dot-W-com. Click. Click. Click. Click.
boomhauer3d ago
Paul Asadoorian3d ago
This brought back memories (some good, some bad LOL)
boomhauer4d ago
nixCraft 🐧5d ago
😏
boomhauer4d ago
Marcus Hutchins 5d ago
Looking to get started learning malware analysis or reverse engineering? Check out my ever increasing selection of practical labs. Challenge range in difficulty and each one is designed to introduce a new malware technique.
https://malwaretech.com/labs/
MalwareTech Labs - Learn Reverse Engineering & Malware Analysis

Practical reverse engineering labs designed to imitate real-world malware techniques, helping beginners improve their skills in a safe and fun way.

boomhauer4d ago
A.R. Moxon, Verified Duck πŸ¦†5d ago
We sternly warn the left not to politicize the tragedy caused by our politics.
boomhauer4d ago
Steve Herman5d ago
WGAW, one of the two labor unions representing film, broadcast and online writers, departs Twitter/X after Elon Musk’s in-house Grok chatbot spewed antisemitic messaging across the social media platform.
boomhauer4d ago
Prof. Emily M. Bender(she/her)5d ago

A strong statement of resistance to the relentless marketing of "AI" in education spaces. I encourage all educators to have a look and consider signing on:

https://openletter.earth/an-open-letter-from-educators-who-refuse-the-call-to-adopt-genai-in-education-cb4aee75

An open letter from educators who refuse the call to adopt GenAI in education

boomhauer5d ago
Krypt3ia5d ago
Giggle
boomhauer5d ago
Ariadne Conill 🐰6d ago
head on. apply directly to the forehead.
boomhauer5d ago
Davey 6d ago
comrade bee 🐝  πŸ˜’
1 like = 1 prayer
boomhauer5d ago
Tingo6d ago

When you haven't been exposed to advertising for a while and it's no longer normalised, it's quite jarring. Not because it's annoying or shit, rarely lacking any artistic merit, begging and pleading and lying for attention and complicity - that bit you remember.

But because the only way this crap exists at all is through force, ramming it through devices without permission or consent. An entire industry based on tracking and surveillance to target assault.

It's fucking despicable.

#advertising

Γ—
nixCraft 🐧5d ago
😏
Show threadnixCraft 🐧5d ago
Back in those old days you needed one of those keys to log into the corporate network services like VPN or SSH servers. Even many banks had it as a 2FA. With popularity of cell phones this is replaced by apps
Show threadBarkerJr5d ago
@nixCraft are 2FA tokens really random? They seem to have patterns too often
Show threadMister Wanko5d ago
@barkerjr @nixCraft cite your source
Show threadstirz βœ…4d ago
@MisterWanko @barkerjr @nixCraft "Source: Internet"
.
.
.
.
*ducks*covers*slowly moves away from the spotlight*
Show threadMister Wanko4d ago

@stirz @barkerjr @nixCraft uuuuuuuuuuuuuugh

they were effective 2FA solutions for awhile. If I recall the master keys were stolen once? In any case each solution is a trade off.

Show threadStephen Greenham4d ago
@stirz @MisterWanko @barkerjr @nixCraft RSA SecurID tokens aren’t truly random β€” they’re time-based.
The server knows a shared secret seed and uses the current time to calculate what number should be on your token. That’s how it verifies your code.
Projects like stoken can generate the same codes β€” if you have the correct seed.
It’s secure because the seed is secret, not because the numbers are unpredictable.
Show threadBlueTeamSherpa 4d ago
@barkerjr @nixCraft the reason you think MFA has patterns is the same reason people see Jesus burnt into toast. Our brains are constantly seeking patterns even when they don’t exist.
Show threadmms   4d ago
@nixCraft I'm so glad the company I work in allows for yubikey, even though only a handfull of people use it.
Show threadcrazyeddie4d ago

@mms @nixCraft I read last night the Yubi5 and lower can be cloned in like 5 minutes of device access. I think 5 is what I have so...

The trezor is supposed to be able to fulfill this role but I haven't set it up yet. It has pin access and some other added measures you can use. It had a self-custody password manager, but chrome destroyed that. Brave should still work but again have not tried.

Show threadmms   4d ago
@crazyeddie @nixCraft I find it unimportant. There is as big of a risk I will loose the laptop that I have of anyone gaining access to my yubi. And let’s face it - if someone has the laptop, it should be considered hacked.
Show threadcrazyeddie4d ago

@mms @nixCraft Some laptops can be locked down. If you get something with coreboot firmware you can lock it down tight. Then you can at least know that your encrypted drive has to be hacked and whether what booted on it is your system or not.

You can sometimes do this with standard bios but it's risky if the feature is even available, especially on laptops. You can disable your gpu firmware for example.

Show threadthedoctor4d ago
@nixCraft I had one of those like a year ago.
Show threadlocnar4d ago
@nixCraft the phone apps are great to a point, they don't need to have their clocks sync'ed to the infra, as they all use the same clock signals. Those old keys are great, so long as they are synced. I would love to see the numbers on support cases now v. when those were used and had to be fixed after their batteries died.
Show threadMira4d ago
@nixCraft As of two years ago (when I quit my job), I had one of those for vpn and Citrix logins
Show threadFull Metal Archaeopteryx4d ago

@mira
Still have mine, for the same reasons

There's a new VPN that's supposed to be automatic for my laptop, and it was... until my machine was upgraded to Win 11

Thankfully, after a few dozen attempts at remembering the prefix, I was able to log in with the RSA and get IT to fix everything

It expires in a couple of weeks, though
@nixCraft

Show threadchfkch  4d ago
@nixCraft
Back in the old days, like June 2025.
Show threadScott Wilson4d ago

@nixCraft β€œthose old days”, you say???

I have 5 of these jokers on a keyring, and I use them DAILY.

The date is 2025-07-10.

Show threadRoelant (EN)4d ago
@nixCraft it's still in use by some banks actually πŸ™ˆ
Show threadstfn4d ago
@nixCraft yeah, my dad had one of those to log into his back in mid 00s, later the bank changed it to scratch cards
Show threadLori Olson4d ago
@nixCraft my bank still does, for payroll transactions. Although I haven’t used it in a couple years so they might’ve moved on
Show threadKonsolentieR4d ago
@nixCraft This was around about 20 years ago.. Nowadays also replaced with FIDO2 keys like Yubikey 😁
Show threadExpired Token4d ago
@nixCraft Yet my four Yubikeys together are still smaller that a single SecurID tokens. And can contain many more creds πŸ˜€.
Show threadVlad Didenko4d ago

@nixCraft I think stolen seeds had something to do with the decreased popularity as soon as alternatives, like YubiKey, became available.

e.g. https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/

The Full Story of the Stunning RSA Hack Can Finally Be Told

In 2011, Chinese spies stole the crown jewels of cybersecurityβ€”stripping protections from firms and government agencies worldwide. Here’s how it happened.

WIRED
Show threadnoodle4d ago
@nixCraft
I tried to order one for banking in case my phone died, they were astonished and explained I cannot. So I keep my 'spare' TOTP in an offline VM instead, which is an absolute nonsense thing to have to do, but worked when my phone died.
Show threadAndreas K4d ago
@nixCraft
Ah our corporate cyber security masters allow us to store it nowadays even in a closed source browser extension. Sigh.
Show threadFaraiwe5d ago

@nixCraft ah, yes, that cell phone in the SCIF, nice, nice ;)

(I hope it's not a SCIF)

Show threadArthas Wake5d ago
@nixCraft Nice Nice.
Show threadTuchowski5d ago
@nixCraft Hi, na? 😏
Show threadsebsauvage5d ago
@nixCraft
Ah... I used to have one of those when I worked as a developer for a bank.
Show threadAtanas5d ago
@nixCraft okay Elon. 420 069
Show threadJohn Maxwell5d ago
@nixCraft Strange things are afoot at the Circle-K.
Show threadPatrick5d ago
@nixCraft Aww. There's two. πŸ™‚β™ŠπŸ˜†
Show threadChris πŸ¦‘5d ago
@nixCraft Frankfurt, Brudi!
Show threadMrRoubos πŸ‹πŸ‡ͺπŸ‡ΊπŸ‡ΊπŸ‡¦5d ago
@nixCraft yep die heb ik ook nog gebruikt🫒
Show threadpodfeet5d ago
@nixCraft As in 1969…?
Show threadJim Sullivan4d ago
@nixCraft Clearly RSA is hoping you're available for some hot action.
Show threadKat4d ago
@RIJim @nixCraft Hey, they used to make a PIN-protected one, branded Safeword!
Show threadBryan Grossman4d ago
@nixCraft Nice.
Show threadPeter B.4d ago
@nixCraft to be honest, I'd prefer those anytime over putting /any/ security-related-stuff on a smartphone.
Show threadstellarorion πŸ›°οΈ4d ago
@nixCraft Tell me you're old without telling me:
Show threadMichael Vilain4d ago
@stellarorion @nixCraft The battery died in mine 10 years ago.
Show threadDavid P4d ago
@nixCraft nice
Show threadatom_skillz4d ago
@nixCraft Weren't those *very* backdoored even in their time?
Show threadcrazyeddie4d ago
@nixCraft Next comes 0
Show threadbimmer4d ago
@nixCraft nice
Show thread\u1f0a14d ago
@nixCraft Nice!
Show thread*|FNAME|* πŸ‡¨πŸ‡¦πŸ‡ΊπŸ‡¦πŸ‡¬πŸ‡±4d ago
@nixCraft
I had one of those!
Show threadcomp_ed824d ago

@nixCraft I'm sure I'm not the first to say this but I'll say it anyway:

Nice 😎

Show threadmav 4d ago
@nixCraft
nice