techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.6K
active users

#comsec

0 posts0 participants0 posts today
Replied in thread

@reverseics Just do it like #Google #ProjectZero and tell them straight up in their face:

youtube.com/watch?v=F_XCDu6GQt4

I was nice once, now I won't! IDGAF what you need to do to fix it. Details will be public in 90 days. Go fuck yourselves!

And basically prepare everything to be ready in precisely to the second 90 days from the moment mail was sent to them.

This is nothing new what @doingfedtime shows here.

Obviously they need to fix that and work towards better security, including to enshure #Tor #Browser doesn't reset it's #SecuritySettings on reboot, because if people made the concious decision to block all #JavaScript then they that should be at least respected!

Continued thread

In jedem Falle sollte mensch niemals und unter keinen Umständen irgendwem seine [echten] Personalien Mitteilen oder gar nen Perso-Foto bzw. Selfie schicken!

  • Es gibt sehr, sehr wenige die wirklich sowas verlangen dürfen [bspw. #Autovermietung] oder gar müssen [siehe #Banken] aber die werden i.d.R. einen persönlich hereinbestellen [bspw.: Autovermietung machts bei Schlüsselübergabe] oder seriöse Lösungen [bspw.: #POSTIDENT] nutzen. Auf jeden Fall wird kein Händler³ im Internet sowas verlangen!

Alles andere führt nur zu #Identitätsdiebstahl und #Identitätsmissbrauch wo entsprechende Opfer dann z.T. als Beschuldigte*r in tausenden Fällen dann gearscht ist...

³[Selbst nicht beim legalen Waffenkauf! Da wird stattdessen ne Kopie der WBK samt Nummer verlangt weil der Kauf wird quasi in Echtzeit gemeldet und ohne passenden Voreintrag im System ist auch kein Erwerb möglich!...]

Replied in thread

@cryptadamist @panigrc @finalstaticfox @dansup

Obviously that's another evidence of why #KYC IS THE ILLICIT ACTIVITY!...

  • That problem doesn't exist with #Monero as one cannot determine #transactions, #balances or link wallets by observing the #blockchain. Unlike with all those Shitcoins like #Bitcoin or #Ethereum!

  • So even if I had a Monero Wallet and even if you knew the wallet address, you cannot see what's on it or what transactions go in and out.

  • It's even more secure than #SEPA because thanks to #SWIFT & #FATCA the #IRS and #TreasuryDept. have bulk access to these systems and can basically see account balances in real time (when it comes to #US citizens! The rest they can approximate with bulk access to payment providers and intelligence).

So yeah, blame lack of #privacy, #secrecy, and #custody as well as #doxxing in the form of KYC under the false pretense of #AML for the rampant rise of #kidnappings and armed robberies of #shitcoin HODL'ers.

  • Obviously I do condemn such acts of violence as a matter of principle.

The fact that there are automated, idiot-proof tools like #chainalysis that enable statistical tracking and linking of transactions for everything except Monero is the problem.

  • Don't believe that such "AML compliance" tools are unique to the clients of said providers, because it's just connecting dots from public records. No warrant nor insiders nor MLAT needed.

IOW: OFC I'd have to expect getting robbed by organized crime if I were to post evidence of me sleeping on genuine gold bars.

Universeodon Social Media⚯ Michel de Cryptadamus ⚯ (@cryptadamist@universeodon.com)@kkarhan@infosec.space @panigrc@mastodon.social @finalstaticfox@pounced-on.me @dansup@mastodon.social the people i know who got home invasioned for their bitcoins got home invasioned way before there were any regulations involved
Continued thread

@BrodieOnLinux @torproject @guardianproject

At this point I'd like to ask when @EUCommission and other #regulators start #banning #StasiBook and other #GAFAM|s for their blatant actions as #OrganizedCrime to violate #privacy standards in the #EU and elsewhere?

infosec.space/@kkarhan/1147336

Cuz at this point the €32B fines at maximum are a joke.

Simply because this isn't a mere violation of #GDPR, #BDSG and other standards, but literal #malware that has been deployed against users in the wild...

  • Anything but actual prison sentences & arrest warrants against the persons responsible would be undue leniency.
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)The fact that #NSAbook is literally developing #Govware to track users and bypass #Android #sandbox as well as #tracking them regardless of #VPN, #Cookies or #IncognitoMode use or blockage. https://www.youtube.com/watch?v=LUtctMShGJw via @BrodieOnLinux@mstdn.social More to readup upon. https://redact.dev/blog/meta-yandex-localhost-tracking https://www.zeropartydata.es/p/localhost-tracking-explained-it-could #Spyware #InfoSec #ComSec #ITsec #OpSec #Malware #LocalhostTracking #Govware #StasiBook #Facebook #Meta
Replied in thread

@delta also #deltaChat natively supports #Proxies, #VPN|s and @torproject / #Tor so not only can people use it that way but also use any other bypass method.

  • Obviously, the classic #Sneakernet with people doing uucp with foreign mobile networks near borders works just as well...

I'd not be surprised if delta Chat is also used by #RimjinGang* and #38North** for a "contactless sneakernet" tho I am convinced they won't confirm or deny that for #OpSec, #InfoSec & #ComSec reasons alone...

  • I mean, both #Iran and #NorthKorea ain't #Iraq and #Syria where one could just take a phat satellite dish, strap an LTE stick or even external antennas on and just point it at turkish or lebanese radio towers near the border, as owning any satellite equipment in these places is a guarantee to get publicly executed for "espionage"...
en.wikipedia.orgUUCP - Wikipedia
Replied in thread

@afreytes +9001%

  • It's impossible to get #GDPR compliance with #GAFAMs' products!

  • It's impossible to get #ITsec, #InfoSec, #OpSec & #ComSec on a compliant level when a literal #Govware (#Windows) is being used.

  • I cannot work as #Linux Sysadmin unter WinShit just like a cardiologist can't perform a heart transplant just cutlery from a prison mess hall and NSAIDs and just like a nurse can't CPR a toddler with a pneumatic jackhammer!

#gdpr#gafams#ITSec
Replied in thread

@Cappyjax IDGAF about "passion". All I care about is the security of users!

Requiring any #PII like a #PhoneNumber is inacceptable when it comes to #ComSec, #InfoSec & #OpSec, espechally given @signalapp is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design.

  • There's a reason why #XMPP+#OMEMO and #PGP/MIME [both each over @torproject / #Tor] is the evidently superior and more secure approach, as being unable to "#KYC" a user is a matter of security...

Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. #Germany made it illegal starting 07/2017, so using any service that demands a phone numner is out of question)

  • And even if one can get an anonymous #SIM (with a phone number) or god forbid #eSIM, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used.

Obviously the devs of #Signal and @Mer__edith are well aware of this critical flaw, which is why I consider them to act as "useful idiots" or rather "controlled opposition" as #Signal could've been shutdown trivially by the #US Government or forced into banning users based off their #PhoneNumbers (they may call this "#sanctions #compliance" given they added a #Shitcoin - Wallet into Signal!)...

  • All the "but #Metadata" #FUD turns into #MarketingLies once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers.

Whereas with @monocles / #monoclesChat, @gajim / #gajim and @delta / #deltaChat and @thunderbird / #Thunderbird respectably I can not only use Tor, but do #SelfHosting for the entire #communications infrastructure (i.e. using an #OnionService = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown!

ilga.org/wp-content/uploads/20
infosec.space/@kkarhan/1146976

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@renardboy@mastodon.social @derekmorr@mastodon.social depends... Did you have to remotely onboard someone onto a secure communication stack whilst they are on the run from the authorities *and* blood relatives due to *"living while trans"* with a *literal "dead or alive" bounty on their head* whilst stuck in a besieged city that's being shelled? - Cuz I did... @signalapp@mastodon.world is evidently a solution appealing to #TechIlliterates with *dangerous 'semi-knowledge'* who are willing to accept a *"#TrustMeBro!"* by @Mer__edith@mastodon.world and #MoxieMarlinspike before her. - Using #Signal would've gotten said person tracked down and killed by the de-facto aithorities for merely having their phone # linked to that shite!
Replied in thread

@mshelton @freedomofpress @eff I did prepare peoples' devices for that in the past.

My suggestions:

0. Never assume you'll have any #HumanRights or #CivilRights. Always assume #TSA staff is looking for a reason to jail, deport, deny entry or shoot one on the spot.

1. Do not have data on them! #CPB will seize any storage media under threat of lethal violence! Use a #ThinClient-like device without any persistent storage. Keep anything important in your head or don't keep it at all.

2. Have someone to setup a #RemoteDesktop for you post-entry and enshure you've got a #SafeWord to indicate you're acting under duress, so they can redirect stuff to a inconspicuous system.

3. Have a #decoy system ready. CPB have full, unrestricted bulk access to all data from companies that are located, do business in or have an office within the #USA as per #CloudAct. So much so that they consider it "suspicious" if one doesn't have an #NSABook account.

4. Make shure all your devices are #clean. Get yourself new throwaway devices and don't trust them if you ever let them out of sight for a second!

5. Test your setup before you travel to the #US on a different system.

6. This applies to every single device from #SimCard to #Laptop. Assume that if authorities plug anything in them, they are irredeemably compromised!

7. Practise proper #ITsec, #InfoSec, #OpSec & #ComSec. Have proper contingencies and emergency contacts in place.