Hacker Factor

@[email protected]
48 Followers
5 Following
148 Posts
I'm Neal Krawetz, a computer security specialist and forensic researcher. I run FotoForensics, Hintfo, and RootAbout. Sleep is not necessary.
Websitehttps://hackerfactor.com/?social=defcon.social
Bloghttps://hackerfactor.com/blog/
FotoForensicshttps://fotoforensics.com/
Hintfohttps://hintfo.com/
Hacker FactorSep 10, 2025

Google's Security Blog explains how the Pixel 10 has achieved "Assurance Level 2" and you can trust their pictures.
https://security.googleblog.com/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html

Unfortunately, comments on their blog are restricted to "team members". I guess Google doesn't want to hear any criticisms. Such as: they don't protect any of the metadata, so anyone can trivially change the EXIF date, time, make, model, GPS, and more without breaking the cryptographic signature. I have working examples on my blog:
https://hackerfactor.com/blog/index.php?/archives/1077-Google-Pixel-10-and-Massive-C2PA-Failures.html

How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials

Posted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Manager, Google C2PA Core At Made by Goo...

Google Online Security Blog
Hacker FactorJul 7, 2024
What's the going rate for a box of continuous dot matrix printer paper with the tear-off sprocket strips? (Cleaning up the office and found an unused box -- along with a dot matrix printer . The paper is unused and about 30 years old.)
Hacker FactorMay 16, 2024
Looking for help: I have an AI-generated picture that included an AI-generated version of an artist's signature. Can anyone identify who's real signature the AI tried to copy? Could from a painter or photographer, contemporary or historic, but the source should be online somewhere.
Hacker FactorMay 15, 2024
Hacker FactorMay 14, 2024

Google Gemini, can you draw a stone-age cave art depicting "Change your password. It must include at least 7 characters and an image."

Sure, here is a stone-age cave art depicting "Change your password. It must include at least 7 characters and an image":

Hacker FactorMay 9, 2024
The Hacker Factor Blog: C2PA from the Attacker's Perspective
https://www.hackerfactor.com/blog/index.php?/archives/1031-C2PA-from-the-Attackers-Perspective.html
Hacker FactorFeb 12, 2024
Hey all you sysadmins: Since the Superbowl started, have you seen an increase in network scans and attack attempts from China?
Hacker FactorJan 2, 2024

I hope everyone had a Happy New Year!

This time, big corporations have promised that the year will be in 24-bit VGA color! This will be quite the improvement over last year's 4-bit CGA color. Why, it's almost going to seem realistic! (I still have my doubts since some vendors have posted specs saying that this year will use 24-bit VGA color with a 16-bit palette. But that's still an improvement over CGA.)

Hacker FactorOct 30, 2023
AmazonBot found one of my honeypots and appears confused by it. Thousands of "GET /" per hour..
Show threadHacker FactorJul 2, 2023

@thedarktangent Same flood of HTTP GET / and /blog requests just hit me again. 6,119 requests from 1385 IP addresses, all associated with a wide range of mastodon servers.

For now, I'm going to block the mastodon HTTP user-agent because of DDoS.