. o ( start a cyber metal band called Pyramid of Pain )
| pronouns (en) | he/him or they/them |
| pronouns (nl) | hij/hem of die/diens |
| It's me. | https://stiiin.nl/ |
Stijn van Drongelen
- 99 Followers
- 255 Following
- 52 Posts
Toots do not represent employer's opinion.
Caria Giovanni - HarpocratesStatic + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.
Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.
But two things stood out:
1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.
2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.
Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.
Soon the full analysis
#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics
Hey @bitsoffreedom, tekenen jullie ook even? https://keepandroidopen.org/open-letter/
See the Planner app within Microsoft Teams for Android.
Be surprised that it's there, days after being told you don't have a license.
Try to create a To Do list in it. It works.
Try to delete it. There's no option to do so.
Who the fuck makes this shit, and why do we keep buying it?
VNC ResolverIP/Port: 99.251.254.190:5900
Hostname: pool-99-251-254-190.cpe.net.cable.rogers.com
Client Name: chipi chipi chapa chapa
Location: Willowdale, Ontario, CA 🇨🇦
ASN: AS812 Rogers Communications Canada Inc.
VNC Password: N/A
ID: 1794828
Added to DB: 05/06/2025, 10:54:13 PM (UTC)
Last seen: 05/06/2025, 06:52:41 PM (UTC)
https://computernewb.com/vncresolver/browse#id/1794828
Hostname: pool-99-251-254-190.cpe.net.cable.rogers.com
Client Name: chipi chipi chapa chapa
Location: Willowdale, Ontario, CA 🇨🇦
ASN: AS812 Rogers Communications Canada Inc.
VNC Password: N/A
ID: 1794828
Added to DB: 05/06/2025, 10:54:13 PM (UTC)
Last seen: 05/06/2025, 06:52:41 PM (UTC)
https://computernewb.com/vncresolver/browse#id/1794828
Tweede Kamer Documenten BotVoor mijn DNS-vrienden, aangenomen zojuist: "Motie van het lid Ceder over uitspreken dat het wenselijk is dat alle overheidssites naar één domeinextensie overgaan" - wen alvast aan tweedekamer.gov.nl als concept! https://berthub.eu/tkconv/document.html?nummer=2026D09261
Ketan Joshi**Grandfather, you lived through an explosion of renewable energy beyond even the most optimistic forecasts. Yet fossil fuels persisted. What happened??**
**Well, grandson, you see, a very large number of professional people thought a sentence-generating software program had a little guy inside it. And then, **
evacideIf you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
You may look at a problem and think "Aha! The solution is to run my own email server." Now you have two problems, Google is marking all of your email as spam, an unknown number of threat actors using your server to spread malware because you forgot to patch something, and a small pile of subpoenas.
Fesshole 🧻On Linux forums I, a woman, would get ignored and disrespected. These days I ask my question, then switch to a fake account to give a completely wrong answer, then switch back again to thank them and praise their Linux knowledge. The experts show up right away. Sorted.