Sampson ✅☑ Discover Homographs
☑ Formulate Evil Plan
☑ Register Malicious URL
☑ Acquire SSL Certificate
❌ Defeat #Brave
Not today 🦁
Emanuel Bronshtein
@e3amn2l
- 25 Followers
- 61 Following
- 7 Posts
Security Researcher, Free-software/Ethical-design advocate, Making the world a safer place.
wilkie (quilt appreciator)A friend works on the Social Media Alternatives Project (S-MAP) https://www.socialmediaalternatives.org/?page_id=30 which is looking for contributors. That applies to... like... a lot of you on here.
Micah LeeI've published a technical explanation of how to get unsandboxed arbitrary code execution in Subgraph OS, and how this attack compares with Qubes https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ cc @rootkovska
@rysiek @maiyannah Me too, I use high security settings in Tor browser (no JS by default, whitelist when needed) and it's annoying when the broken functionality can be accomplished with CSS instead (mostly menus)
Twitter verification https://twitter.com/e3amn2l/status/849552399484243969
Chris MartinIt's actually really awesome that Mastodon attracted a shitload of users who largely aren't aware that the underlying GNUSocial platform is old.
You know why?
Because it means we can do this over and over.
Every time someone releases a new implementation with different-looking chrome on top, it can go through its own marketing and media cycle and garner new users. *And the network effect will be cumulative.*
@femme @covalent is there a list like https://www.qubes-os.org/security/xsa/ that cover Linux vulnerabilities and if they effect Subgraph (if not, why?), also what about future use of Subgraph in qubes?
https://github.com/subgraph/subgraph-os-issues/issues/153
does it better if only Subgraph is used or not?
https://github.com/subgraph/subgraph-os-issues/issues/153
does it better if only Subgraph is used or not?