Kevin

@tiberiustribun
33 Followers
84 Following
762 Posts
Garten, Holz und Metall, war mal im CCCWI zuhause
Pronounshe / him
CountryGermany
Kevin1d ago
Michael Valkenberg1d ago

If you follow me, you know Lilu by now.

Lilu is one of the friendliest, cuddliest, dorkiest cats I have ever known. She is not among the smartest.

Last night Lilu spent more than an hour walking through the flat making licking and spitting noises. I grew quite concerned, but she still ate happily, and when it was bedtime she had stopped.

This morning I saw that SOMEBODY had been chewing on my chili plants.

#catsofmastodon #caturday

KevinMar 18
NiléaneMar 2

RE: https://infosec.exchange/@david_chisnall/116160637051672728

the question you should be asking yourself is not “what's the best way to verify the age of every single computer user on earth”

but rather “why the fuck are we trying to verify the age of every single computer user on earth????”

and the answer to that is: fascism
stop. complying.

KevinMar 17
HartMar 17
MÜLLERMILCH NEIN DANKE
#afdVerbot
KevinMar 17
Caria Giovanni - HarpocratesMar 16

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

KevinMar 15
BodilMar 14
I don't want to put undue pressure on any country in particular, but I'd like you to please be aware that it's the Ides of March tomorrow.
KevinMar 14
Gerade mal in die Wahlvorschläge für die #kommunalwahl in #rüsselsheim geschaut. Für die #noafd ist über ein Drittel Rentner. Als gäbe es nicht schon genug andere Gründe hier noch einer warum man denen nicht die Zukunft überlassen sollte.
KevinMar 10
Astrobach Mar 9

The media is such a wiener for Elon Musk.

The dude will say baseless nonsense like "in ten years every one will have telekinesis" and it'll be a headline with no skepticism.

Besides being an actual Nazi, he also has been wrong about everything for a decade. We aren't on mars, the hyperloop is a single-lane tunnel in one city, AI is still broken, and DOGE somehow added cost while reducing services.

He's an idiot. Stop quoting him like anything he says is meaningful.

KevinMar 2
GentleMan GefMar 1
Maybe today IS a good day to die with a friend...
KevinMar 1
islieb?Jul 11, 2025
KevinFeb 25
LibreOfficeFeb 24
We've been on X/Twitter for many years, but it's time to reduce our activity there and instead promote Mastodon as our main social media channel now. So we've done just that: https://x.com/LibreOffice/status/2026204949760131158 – Welcome to all our new followers here 😊
LibreOffice (@LibreOffice) on X

Hello, world! 👋 From now on, Mastodon is our preferred social media channel. It's an open source, decentralised platform – not controlled by tech giants. Follow us here: https://t.co/KZpwR61V5R

X (formerly Twitter)