Jason Gassel

@[email protected]
23 Followers
138 Following
27 Posts

Security engineer and recovering developer.

he/him

Pixelfed@[email protected]
Jason GasselMar 18, 2024
Lesley Carhart Mar 18, 2024

My #cybersecurity educational conference, @pancakescon is this Sunday. It is free and virtual, accessible to almost anyone. The talk format is fun - half educational on infosec, and half about a personal hobby. Spend some of your weekend with us! On top of two tracks of great talks, we also have a Lockpick Village hosted by @LockEx , @Blenster will be hosting a hardware hacking village, and we have a wonderful CTF hosted by the @qcomresearch folks!

To participate, check out https://pancakescon.com, and join our Slack. That's it! That's how you see our streams, ask questions, and win fabulous prizes donated by our sponsors. No strings, just healthy community fun.

PancakesCon 6

Family Brunch - 9/21/2025

PancakesCon 6
Jason GasselAug 27, 2023
StefanAug 27, 2023
These #nwsl games need a short pregame show @paramountplus
Jason GasselApr 12, 2023
Show threadShauna GMApr 11, 2023

@uswnt

UPDATE: the goalpost must be red carded for interfering with the Becky goal

Jason GasselApr 7, 2023
Drew KadelApr 6, 2023
My daughter, who has had a degree in computer science for 25 years, posted this observation about ChatGPT on Facebook. It's the best description I've seen:
Jason GasselFeb 6, 2023
Shauna GMFeb 6, 2023

"I’m Becky Sauerbrunn, Olympic gold medalist and two-time FIFA World Cup champion. Since I started playing soccer, I’ve faced countless challenges to gender equity in sport, from pay disparity to unsafe working conditions. I can assure you that playing with or against transgender women and girls is not a threat to women’s sports."

https://www.news-leader.com/story/opinion/2023/02/05/bills-targeting-transgenders-athletes-are-cruel-and-pointless/69866434007/

#TransRights #NWSL #USWNT

Becky Sauerbrunn: Let Missouri trans girls and women play

Those claiming to be concerned about women's sports should focus on real issues like unequal pay, Missouri Olympian Becky Sauerbrunn writes.

Springfield News-Leader
Jason GasselJan 29, 2023
abadideaJan 28, 2023

to quote an old tweet of mine:

Put the date in your paper. Put the date in your pastebin. Put the date in your blogpost. Please, the date, put it.

Jason GasselJan 25, 2023
Show threadSportsBotsJan 25, 2023
We’ve added @RacingLouFC, @GothamFC, @WashSpirit, @HoustonDash, @TheNCCourage, @NWSL, @weareangelcity, @chicagoredstars, @ThornsFC, @ORLPride, @sandiegowavefc, @thekccurrent and @OLReign to our roster! #SportsBotsRoster
Jason GasselJan 18, 2023
Zach EversonJan 18, 2023

"What Happened When I Got Pregnant"

Sara Björk Gunnarsdóttir describes Lyon's awful response

#WoSo

https://www.theplayerstribune.com/posts/sara-bjork-gunnarsdottir-soccer-pregnancy

What Happened When I Got Pregnant by Sara Björk Gunnarsdóttir | The Players’ Tribune

Sara Björk Gunnarsdóttir is fighting back: “This is about my rights as a worker, as a woman and as a human being.”

The Players' Tribune
Jason GasselJan 9, 2023
Kansas City Current signed... Debinha!?!?! 🤯​ #NWSL #TealRising
Jason GasselDec 24, 2022
Eric CapuanoDec 24, 2022

Ok, I was tired of rumors speculating about which #LastPass fields appear to be encrypted client-side before being sent to LastPass, so I ran some tests of my own.

For a basic "Password" item, here is what I can tell so far.

When saving the item, the following primary fields are transmitted encrypted:

  • Name
  • Extra (Notes field)
  • Username
  • Password
  • TOTP (not in this screenshot, but did test)

However, I also observed the following fields having a cleartext (hex) version in the payload as well:

  • Name
  • Username
  • URL
  • Folder Name (not hex)

So in other words, there is more than just the URL being transmitted to LastPass in the clear, which makes sense because LastPass' Admin console reveals login activity for all users which includes Name, Username, and URL of the login event; so naturally, these things must be transmitted and kept server-side outside of the vault. However, this once again does go against their "zero-knowledge of anything in your vault" marketing...

Screenshots of this test below. I have omitted the encrypted data to prevent revealing enough for a "Known Plaintext Attack" to derive a key, but the relevant pieces are visible.

If I am missing anything here, do let me know.

#LastPassHack #LastPassBreach