DoesSec πŸ” πŸͺͺ β˜• 

@[email protected]
36 Followers
444 Following
598 Posts
PKI, certs, mTLS, E2EE, HSM, Smart card, AsciiDoc, InfoSec, GRC, stay secure
Stackexchangehttps://security.stackexchange.com/users/287132/doessec
GitHubhttps://github.com/DoesSec
Reddithttps://www.reddit.com/user/doessec
Matrixhttps://matrix.to/#/#@doessec:matrix.org
PGPhttps://keyoxide.org/hkp/9904C2115B23F1E9A02A15A1FFD323CA3A59EC81
DoesSec πŸ” πŸͺͺ β˜• 3d ago
GNU Taler4d ago
A paper from an Austrian Central Bank economist worth reading: "Privacy by Design for Public Digital Money" by Martin Summer.
The framing says it all: privacy in payments is dismissed as a niche concern, but that fundamentally underestimates what is at stake.
When central bankers start writing this, the conversation is shifting.
πŸ”— https://www.oenb.at/en/Publications/Economics/Working-Papers.html
#GNUTaler #FLOSS #PrivacyTech #DigitalMoney #CBDC
Working Papers - Oesterreichische Nationalbank (OeNB)

DoesSec πŸ” πŸͺͺ β˜• 3d ago
Emily Nakashima4d ago

My greatest professional accomplishment of the year: I got my exec & manager teammates saying "point positive," a term from whitewater rafting and kayaking.

Meaning: when facing hazards, point people toward where to go/what to do, rather than drawing attention to everything to avoid.

DoesSec πŸ” πŸͺͺ β˜• 5d ago
Jeff Johnson5d ago
15 years of Tim Apple
DoesSec πŸ” πŸͺͺ β˜• 6d ago
Pink6d ago
#wero
DoesSec πŸ” πŸͺͺ β˜• Mar 30
Shawn WebbMar 29

One lesson that the #DarkSword exploit chain teaches us: Any API used to allowlist things will be abused to allow bad things.

The iOS RTLD provides functionality for PAC-enforced pointer signing. This is needed to allowlist executable symbols in a dyld object.

The Cross-DSO CFI work in #HardenedBSD does something similar for the exact same reason. I'm hoping to revisit this to determine a new path forward.

(Source analysis: https://github.com/AntonioCiolino/DarkSword-Analysis)

1/x

GitHub - AntonioCiolino/DarkSword-Analysis: DarkSword iOS Exploit Chain -- Deep Technical Analysis

DarkSword iOS Exploit Chain -- Deep Technical Analysis - AntonioCiolino/DarkSword-Analysis

GitHub
DoesSec πŸ” πŸͺͺ β˜• Mar 29
Greenpeace InternationalMar 29

β€œWhile it might be tempting and accessible to many, fast fashion is harmful to consumers, workers, and the environment. Its devastating impact transcends geographical and social boundaries. Affecting people’s health and environment for the sake of more profit.”

#fastfashion

https://act.gp/3Q4C1ST

DoesSec πŸ” πŸͺͺ β˜• Mar 28
BasicAppleGuyMar 28
Second Lives for Discontinued Mac Pros
DoesSec πŸ” πŸͺͺ β˜• Mar 14
 #FediPact Mar 14

Meta Platforms: Lobbying, Dark Money, and the App Store Accountability Act

An open-source intelligence investigation into how Meta Platforms built a multi-channel influence operation to pass age verification laws that shift regulatory burden from social media platforms onto Apple and Google's app stores.

https://tboteproject.com

https://github.com/upper-up/meta-lobbying-and-other-findings

#FediPact #meta #threads #AgeVerification

DoesSec πŸ” πŸͺͺ β˜• Mar 13
Γ–lbaumMar 13

@rmondello Every time a site requests a passkey, but 1Password takes time to offer it because it’s still locked, Safari intercepts the request, offering a passkey it does not have, even though passkeys are disabled in Safari.

After I dismiss it, 1Password is blocked and I have to refresh the page.

Some top notch programming you have here. No wonder a lot of people hate passkeys.

DoesSec πŸ” πŸͺͺ β˜• Mar 11
Natasha πŸ‡ͺπŸ‡ΊMar 10

This is Mycena rosoflava. A species of agaric mushroom in the family Mycenaceae. It is a wood-inhabiting mushroom native to New Zealand.

It is also quite beautiful in my opinion, which is the real reason why I'm posting it ...

πŸ“· Photographed by Aucklander Jay Lichter at Hunua Falls in May 2024