@pft@infosec.exchange
12 Followers
96 Following
187 Posts

·· 𝘗𝘢𝘯𝘤𝘢𝘬𝘦 𝘍𝘭𝘪𝘱𝘱𝘪𝘯𝘨 𝘛𝘪𝘮𝘦 ··

I work in cyberspace, security department.

  5h ago
It remains a myth as to why @protonprivacy does not delete emails when pressing DELETE key...
  13h ago

I don't suppose that trusting #sigstore to run a centralized CA and transparency logs just to issue short-lived certs for me to generate signatures is much more secure than #PGP signing using my own keys. I'm just increasing the attack surface...

The whole Googlesque philosophy of "trust us; don't be evil" is contrary to my take on information security.

But I'm also open to anyone convincing me otherwise.

#cosign #rekor #flucio

  1d ago
Viss1d ago
you can outsource the work, but you cant outsource the risk
  1d ago
Lukasz Olejnik3d ago
New research: RSA-2048 encryption keys can be broken with single qubit and 3 oscillators. The catch? You’ll need about 10 followed by 45 million zeros joules of energy—roughly comparable to several medium-sized stars, or 10^44,999,986 Hiroshima bombs. Good luck! https://arxiv.org/pdf/2412.13164
  3d ago
Stefan Habel6d ago
More companies should embrace reminders that pop up after a certain amount of scrolling, letting readers know that it’s time to close the browser tab… #LinkedIn
  3d ago

Today I was told that if I'm working in security, I must be familiar with #Microsoft #Purview.

I wonder: is Microsoft even a player in the security game?

  4d ago
Latest apple publication on #LLMs is another proof that headlines like these are just publicity stunts by AI-bros. I absolutely cannot imagine that #hackers that manage to run high-impact campaigns would use #aislop to improve their attacks.
Show thread  5d ago
I'm definitely screwed!
  5d ago
So #Dynadot want's my "government-issued ID" to delete my account. You might want to reconsider if you're planning to do business with them. #Privacy
  6d ago
Show threadVissJun 6

@da_667 hahahaha dude for a talk i did at securityfest last year, i think i even pointed out that you can change the shell of a user to a bash script instead of /bin/bash or whatever..

you can like
echo "curl parrot.live" > /tmp/fucktardia.sh
chmod +x /tmp/fucktardia.sh
chsh loser
(aim it at /tmp/fucktardia.sh)
user loser now sshes into a box and gets party parrot.

control c? connection drops.
i am currently unaware of a way to bypass that, but if we find one, we should tell @bagder