Crypto News<p>Major Breach Study Reveals Widespread Leaks of Bank Statements, SSNs, and Crypto Keys - A new study has revealed the extent of sensitive information leaked through ransomware at... - <a href="https://cryptonews.com/news/major-breach-study-reveals-widespread-leaks-of-bank-statements-ssns-and-crypto-keys/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cryptonews.com/news/major-brea</span><span class="invisible">ch-study-reveals-widespread-leaks-of-bank-statements-ssns-and-crypto-keys/</span></a> <a href="https://schleuss.online/tags/securitybreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitybreach</span></a> <a href="https://schleuss.online/tags/altcoinnews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>altcoinnews</span></a> <a href="https://schleuss.online/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://schleuss.online/tags/privatekey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privatekey</span></a></p>
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome
Administered by:
Server stats:
4.6Kactive users
techhub.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#privatekey
1 post · 1 participant · 0 posts today
Hacker News<p>Is Anybody Using This Private Key</p><p><a href="https://isanybodyusingthisprivatekey.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">isanybodyusingthisprivatekey.c</span><span class="invisible">om/</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivateKey</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/DigitalPrivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalPrivacy</span></a></p>
Crypto News<p>New ESP32 Chip Flaw Lets Hackers Steal Bitcoin Keys from Popular Wallets - Key Takeaways:</p><p>ESP32 chips expose crypto wallets and IoT devices to silent attac... - <a href="https://cryptonews.com/news/crypto-wallets-using-chinese-made-esp32-chip-vulnerable-to-private-key-theft-report/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cryptonews.com/news/crypto-wal</span><span class="invisible">lets-using-chinese-made-esp32-chip-vulnerable-to-private-key-theft-report/</span></a> <a href="https://schleuss.online/tags/bitcoinhardwarewallets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitcoinhardwarewallets</span></a> <a href="https://schleuss.online/tags/blockchainnews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blockchainnews</span></a> <a href="https://schleuss.online/tags/privatekey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privatekey</span></a> <a href="https://schleuss.online/tags/esp32chip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>esp32chip</span></a></p>
Erik van Straten<p>Public key cryptografie voor leken</p><p>Het is een beetje behelpen met "ASCII graphics", maar in <a href="https://www.security.nl/posting/884482/Public+keys+voor+leken" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/884482/Pub</span><span class="invisible">lic+keys+voor+leken</span></a> probeer ik, ook aan minder digitaal vaardigen, uit te leggen hoe asymmetrische cryptografie werkt.</p><p>Doe er uw voordeel mee, want deze techniek is een belangrijk fundament van de steeds verder digtaliserende maatschappij.</p><p>U leert hoe een digitale handtekening werkt en wat een digitaal certificaat is.</p><p>Veel te weinig mensen begrijpen dat goed, en dat bemoeilijkt een fatsoenlijke discussie over deze technieken enorm.</p><p>Big tech is de lachende derde: zij maximaliseren hun winsten terwijl alle risico's voor uw rekening komen.</p><p><a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/EchtVanNepKunnenOnderscheiden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EchtVanNepKunnenOnderscheiden</span></a> <a href="https://infosec.exchange/tags/NepVanEchtKunnenOnderscheiden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NepVanEchtKunnenOnderscheiden</span></a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NepWebsites</span></a> <a href="https://infosec.exchange/tags/BankHelpdeskFraude" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BankHelpdeskFraude</span></a> <a href="https://infosec.exchange/tags/OnlineOplichting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnlineOplichting</span></a> <a href="https://infosec.exchange/tags/EDIW" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EDIW</span></a> <a href="https://infosec.exchange/tags/EUDIW" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EUDIW</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/BasisKennis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BasisKennis</span></a> <a href="https://infosec.exchange/tags/Encryptie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryptie</span></a> <a href="https://infosec.exchange/tags/Cryptografie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptografie</span></a> <a href="https://infosec.exchange/tags/DigitaleVaardigheden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitaleVaardigheden</span></a> <a href="https://infosec.exchange/tags/PublicKeyCryptografie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PublicKeyCryptografie</span></a> <a href="https://infosec.exchange/tags/AsymmetrischeCryptografie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AsymmetrischeCryptografie</span></a> <a href="https://infosec.exchange/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivateKey</span></a> <a href="https://infosec.exchange/tags/PubliekeSleutel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PubliekeSleutel</span></a> <a href="https://infosec.exchange/tags/PrivateSleutel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivateSleutel</span></a></p>
Crypto News<p>ZKSync Admin Wallet Compromised, $5M Stolen - An admin wallet for layer-2 blockchain ZKsync was compromised on Tuesday with the hacker ... - <a href="https://www.coindesk.com/business/2025/04/15/zksync-admin-wallet-compromised-usd5m-stolen" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">coindesk.com/business/2025/04/</span><span class="invisible">15/zksync-admin-wallet-compromised-usd5m-stolen</span></a> <a href="https://schleuss.online/tags/privatekey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privatekey</span></a> <a href="https://schleuss.online/tags/zksyncera" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zksyncera</span></a> <a href="https://schleuss.online/tags/finance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>finance</span></a> <a href="https://schleuss.online/tags/hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hack</span></a></p>
Steve Dustcircle 🌹<p><a href="https://masto.ai/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> and <a href="https://masto.ai/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivateKey</span></a> <a href="https://masto.ai/tags/Theft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Theft</span></a> Made Attackers Most <a href="https://masto.ai/tags/Money" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Money</span></a> in 2024 </p><p><a href="https://cryptonews.com/news/phishing-private-key-theft-top-crypto-attacks-in-2024/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cryptonews.com/news/phishing-p</span><span class="invisible">rivate-key-theft-top-crypto-attacks-in-2024/</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.hackingand.coffee/@hon1nbo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hon1nbo</span></a></span> <span class="h-card" translate="no"><a href="https://digipres.club/@foone" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>foone</span></a></span> yeah, but all these things would essentially necessitate <em>a fundamentally incompatible</em> <a href="https://infosec.space/tags/Fork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fork</span></a> of the <a href="https://infosec.space/tags/USB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USB</span></a> standard, creating <a href="https://infosec.space/tags/costs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>costs</span></a>, <a href="https://infosec.space/tags/fragmentation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fragmentation</span></a> and lessen the likelyhood of success.</p><ul><li>Not to mention it'll require significant investments in <a href="https://infosec.space/tags/UserAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UserAwareness</span></a>, <a href="https://infosec.space/tags/Training" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Training</span></a> and would still have some issues...</li></ul><p>I gues a sort-of <em>"Secure HID Port"</em> that mandates proper authentification and does full <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> from the Keyboard Matrix / Pointing Device controller up is an option, but you'd have to expect state-sponsored attackers willing to do <a href="https://www.youtube.com/watch?v=RyW0lXnoFOA" rel="nofollow noopener" target="_blank"><em>"Kamikaze" Hacks</em></a>...</p><ul><li>There's like a <a href="https://www.youtube.com/watch?v=U7VwtOrwceo&t=4m5s" rel="nofollow noopener" target="_blank">long talk</a> by <a href="https://infosec.space/tags/TonyChen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TonyChen</span></a> from <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> explaining how they secured the <a href="https://infosec.space/tags/XboxOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XboxOne</span></a>.</li></ul><p><a href="https://infosec.space/tags/TLDW" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLDW</span></a>: <a href="https://www.youtube.com/watch?v=U7VwtOrwceo&t=11m2s" rel="nofollow noopener" target="_blank">It requires custom silicon and a hard root of trust</a>…</p><ul><li>And as we saw with <a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoldenKeyBoot</span></a> all it takes is a single <a href="https://infosec.space/tags/leak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>leak</span></a> of a <a href="https://infosec.space/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivateKey</span></a> and that entire system is fucked!</li></ul><p><a href="https://infosec.space/@kkarhan/113716442182953660" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1137164</span><span class="invisible">42182953660</span></a></p>
Crypto News<p>Clipper DEX says recent $450K hack wasn’t caused by private key leak - A $450,000 hack on Clipper was likely from a withdrawal vulnerability, n... - <a href="https://cointelegraph.com/news/clipper-dex-clarifies-hack-not-private-key-leak" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cointelegraph.com/news/clipper</span><span class="invisible">-dex-clarifies-hack-not-private-key-leak</span></a> <a href="https://schleuss.online/tags/cryptohacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptohacks</span></a> <a href="https://schleuss.online/tags/privatekey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privatekey</span></a> <a href="https://schleuss.online/tags/exchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exchange</span></a> <a href="https://schleuss.online/tags/clipper" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>clipper</span></a> <a href="https://schleuss.online/tags/hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hack</span></a> <a href="https://schleuss.online/tags/leak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>leak</span></a> <a href="https://schleuss.online/tags/dex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dex</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://transfem.social/@puppygirlhornypost2" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>puppygirlhornypost2</span></a></span> <span class="h-card" translate="no"><a href="https://social.vlhl.dev/users/navi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>navi</span></a></span> And whilst it's easy to blame <a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoldenKeyBoot</span></a>, a leaked <a href="https://infosec.space/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivateKey</span></a> that was impossible to be removed, the problem is that <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> is architecturally <em>"insecure-able"</em> because any changes necessary to make this not a problem would inherently mean the end for Windows as it's known to most.</p><ul><li>In fact, <em>everything</em> is done <em>better</em> by <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> on the <a href="https://infosec.space/tags/Desktop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Desktop</span></a> for almost two decades, which is why classic <a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> isn't a thing on Linux systems.</li></ul><p>Shure, you get some <a href="https://infosec.space/tags/Cryptojacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptojacking</span></a> and some <a href="https://infosec.space/tags/CMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CMS</span></a>|es like <a href="https://infosec.space/tags/WordPress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WordPress</span></a> that are constantly being attacked but generally, the way <a href="https://infosec.space/tags/updates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>updates</span></a> and <a href="https://infosec.space/tags/distribution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>distribution</span></a> of <a href="https://infosec.space/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> works on Linux Distros for the most part is completely antithetical to Windows.</p><ul><li>And that's how we got <a href="https://www.stickycomics.com/computer-update/" rel="nofollow noopener" target="_blank">this realistic scenario</a></li></ul><p>And anything <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> could do at this point if they weren't <em>horny for money</em> but avtually cared is to <em>scrap Windows</em> and instead invest into <a href="https://infosec.space/tags/Wine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wine</span></a> to ease the transition...</p>
Daniel Böhmer<p>Why is everyone using <a href="https://ieji.de/tags/base64" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>base64</span></a> to encode their private SSH keys to store them in masked variables in <a href="https://ieji.de/tags/GitLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitLab</span></a> CI?! 🤔</p><p>⚠️ GitLab cannot effectively mask your private key in CI logs if you only give it a base64-encoded version of it!</p><p>Instead I found a solution that stores the *original* private key format from <a href="https://ieji.de/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a> in a one-line CI variable and recreates the begin/end markers for a valid OpenSSH identity file with commands inside the CI.</p><p><a href="https://stackoverflow.com/a/79124959/498634" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">stackoverflow.com/a/79124959/4</span><span class="invisible">98634</span></a></p><p><a href="https://ieji.de/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a> <a href="https://ieji.de/tags/CICD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CICD</span></a> <a href="https://ieji.de/tags/privatekey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privatekey</span></a></p>
Tarnkappe.info<p>📬 Criminal Assets Bureau: Zugriff auf 378 Mio. USD in Bitcoin-Wallets verwehrt<br><a href="https://social.tchncs.de/tags/DarkCommerce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DarkCommerce</span></a> <a href="https://social.tchncs.de/tags/Krypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Krypto</span></a> <a href="https://social.tchncs.de/tags/Bitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bitcoin</span></a> <a href="https://social.tchncs.de/tags/CliftonCollins" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CliftonCollins</span></a> <a href="https://social.tchncs.de/tags/CriminalAssetsBureau" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CriminalAssetsBureau</span></a> <a href="https://social.tchncs.de/tags/Irland" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Irland</span></a> <a href="https://social.tchncs.de/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivateKey</span></a> <a href="https://social.tchncs.de/tags/Wallet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wallet</span></a> <a href="https://sc.tarnkappe.info/84ffe3" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sc.tarnkappe.info/84ffe3</span><span class="invisible"></span></a></p>
Crypto News<p>Wirex Pay launches non-custodial crypto payments - Wirex Pay introduces its modular chain for payments, enhancing security ... - <a href="https://cointelegraph.com/news/wirex-launches-pay-app-non-custodial-crypto-payments" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cointelegraph.com/news/wirex-l</span><span class="invisible">aunches-pay-app-non-custodial-crypto-payments</span></a> <a href="https://schleuss.online/tags/non" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>non</span></a>-custodialwallets <a href="https://schleuss.online/tags/cryptopayments" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptopayments</span></a> <a href="https://schleuss.online/tags/blockchain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blockchain</span></a> <a href="https://schleuss.online/tags/privatekey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privatekey</span></a> <a href="https://schleuss.online/tags/mastercard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mastercard</span></a> <a href="https://schleuss.online/tags/wirexpay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wirexpay</span></a> <a href="https://schleuss.online/tags/ethereum" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ethereum</span></a></p>
Crypto News<p>Defi Platform Delta Prime Loses $4.9 Million in Hack - According to Cyvers, Delta Prime, the decentralized finance (defi) platform, lost ... - <a href="https://news.bitcoin.com/defi-platform-delta-prime-loses-4-9-million-in-hack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.bitcoin.com/defi-platform</span><span class="invisible">-delta-prime-loses-4-9-million-in-hack/</span></a> <a href="https://schleuss.online/tags/decentralizedfinance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralizedfinance</span></a> <a href="https://schleuss.online/tags/maliciouscontract" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>maliciouscontract</span></a> <a href="https://schleuss.online/tags/newsbyte" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newsbyte</span></a>-3 <a href="https://schleuss.online/tags/privatekey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privatekey</span></a> <a href="https://schleuss.online/tags/newsbytes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newsbytes</span></a> <a href="https://schleuss.online/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a></p>
Tarnkappe.info<p>📬 Dark Skippy: Angriff kapert Hardware-Wallet-Schlüssel<br><a href="https://social.tchncs.de/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSicherheit</span></a> <a href="https://social.tchncs.de/tags/Krypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Krypto</span></a> <a href="https://social.tchncs.de/tags/Blockchain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blockchain</span></a> <a href="https://social.tchncs.de/tags/DarkSkippy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DarkSkippy</span></a> <a href="https://social.tchncs.de/tags/HardwareWallet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareWallet</span></a> <a href="https://social.tchncs.de/tags/Nonce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nonce</span></a> <a href="https://social.tchncs.de/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivateKey</span></a> <a href="https://social.tchncs.de/tags/SeedPhrase" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SeedPhrase</span></a> <a href="https://sc.tarnkappe.info/1161e0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sc.tarnkappe.info/1161e0</span><span class="invisible"></span></a></p>
parvXtl<p><a href="https://tech.lgbt/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureBoot</span></a> is completely broken on 200+ models from 5 big device makers: Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway, 20240725,<br>by Dan G,<br><a href="https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/</span></a></p><p>public perpetuation of test platform key <a href="https://tech.lgbt/tags/privateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privateKey</span></a> marked <a href="https://tech.lgbt/tags/DoNotShip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DoNotShip</span></a> <a href="https://tech.lgbt/tags/DoNotTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DoNotTrust</span></a>, of <a href="https://tech.lgbt/tags/AMI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AMI</span></a> corp, via centralized source code repository host <br><a href="https://tech.lgbt/tags/Binarly" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Binarly</span></a> corp<br><a href="https://tech.lgbt/tags/temporaryIsPermanent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>temporaryIsPermanent</span></a></p>
Crypto News<p>MicroStrategy to launch Bitcoin-based decentralized ID solution - MicroStrategy has already built an application on “MicroStrategy Orange”... - <a href="https://cointelegraph.com/news/microstrategy-bitcoin-decentralized-identity-solution" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cointelegraph.com/news/microst</span><span class="invisible">rategy-bitcoin-decentralized-identity-solution</span></a> <a href="https://schleuss.online/tags/bitcoinforcoporationsconference" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitcoinforcoporationsconference</span></a> <a href="https://schleuss.online/tags/microstrategyorange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microstrategyorange</span></a> <a href="https://schleuss.online/tags/digitalsignatures" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>digitalsignatures</span></a> <a href="https://schleuss.online/tags/orangeforoutlook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>orangeforoutlook</span></a> <a href="https://schleuss.online/tags/microstrategy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microstrategy</span></a> <a href="https://schleuss.online/tags/michaelsaylor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>michaelsaylor</span></a> <a href="https://schleuss.online/tags/privatekey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privatekey</span></a> <a href="https://schleuss.online/tags/publickey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>publickey</span></a> <a href="https://schleuss.online/tags/github" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>github</span></a></p>
Isu 🐲<p><a href="https://mastodon.online/tags/Tagesschau" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tagesschau</span></a>, 20-Uhr-Ausgabe: Ist da tatsächlich ein nutzbarer privater Schlüssel abgebildet? 🧐 Der ist doch sicher noch mit einem Passwort geschützt, oder?</p><p><a href="https://mastodon.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.online/tags/privatekey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privatekey</span></a></p>
Erik van Straten<p>EvS infosec Myth#0: Authentication</p><p>MYTH:</p><p>1) Authentication: prove that you are you.</p><p>Factors: 1 or more (MFA, 2=2FA) of:<br>2.a) Something you know;<br>2.b) Something you have;<br>2.c) Something you are.</p><p>MAY BE MISUNDERSTOOD AS:</p><p>1) supplying full name + birth date.</p><p>2.a) 1 + 1 = 10 (in binary notation);<br>2.b) Kitchen;<br>2.c) Nerd.</p><p>TYPICAL WEAK USE CASE:</p><p>1) Supplying your SSN to verify your identity: this is IDENTIFICATION, not authentication aka VERIFICATION of identity: typical serving side stupidity, extremely misunderstood, causing lots of misery (identity fraud).</p><p>———— OR ————<br>2.a) Password: 12345<br>2.b) Phone number + OTP via SMS.</p><p>———— OR ————<br>2.a) Password: qwerty<br>2.b) TOTP-app with secrets not being backed up, or using insecure / privacy unfriendly cloud backups [5].</p><p>AUTHENTICATION SHOULD HAVE BEEN COMMUNICATED AS, FROM THE START:</p><p>1) Authentication: PREVENT IMPERSONATION [1], [2], [3], [4].</p><p>2) "MFA HAD FAILED" [5] (Microsoft, already in 2019). Reason: an ESSENTIAL REQUIREMENT of EACH FACTOR is that it cannot be easily obtained by an attacker (e.g. intercepted, copied, guessed, stolen etc.).</p><p>2.a) A strong (not predictable, not guessable, not brute forceable and not deducible via OSINT) secret that only YOU and MAX. 1 OTHER PARTY know, transported only via reliable, CLEARLY IDENTIFIED server-authenticated, E2EE connections. With more than a few accounts, normal humans will be unable to remember strong passwords (preferable solution in [5]);</p><p>2.b) Physical device with an "HSM" in your possession with strong anti-attacker-access measures in place;</p><p>2.c) "Neural hash" of biometrics (usually weak because your biometrics are not a secret), stored in (and never leaving) a strongly protected "HSM" (see 2.b), transported from the scanner to the "HSM" in a secure manner.</p><p>Plus, less often mentioned:</p><p>2.d) "Passport" / digital certificate issued by TTP: typically strong if the provisioning infrastructure (such as PKI) is highly trustworthy. Theft of passports and unwanted copying of private keys must me made as hard as possible. A scan or photocopy of a passport MUST be considered worthless w.r.t. authentication (as knowledge of PII such as an SSN);</p><p>2.e) Location: weak (easily spoofable).</p><p>CONCLUSION<br>A safer internet mandates that we stop oversimplifying complicated matters.</p><p>EXAMPLES / MORE INFO:</p><p>[1] <a href="https://english.defensie.nl/topics/travel-documents/identity-fraud-and-safe-airports" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">english.defensie.nl/topics/tra</span><span class="invisible">vel-documents/identity-fraud-and-safe-airports</span></a><br>Note: this page contains a lie, at least in NL: "Making a photocopy of your identity document is prohibited by law". The Dutch government even provides a free app that may obfuscate "sensitive" parts of ID documents in order to create "secure" copies (idiots):<br><a href="https://www.government.nl/topics/identity-fraud/question-and-answer/how-do-i-make-a-secure-copy-of-my-id-with-the-kopieid-app" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">government.nl/topics/identity-</span><span class="invisible">fraud/question-and-answer/how-do-i-make-a-secure-copy-of-my-id-with-the-kopieid-app</span></a></p><p>[2] In Dutch: <a href="https://www.security.nl/posting/792391/Authenticatie+en+impersonatie" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/792391/Aut</span><span class="invisible">henticatie+en+impersonatie</span></a></p><p>[3] <a href="https://infosec.exchange/@ErikvanStraten/111943593509649252" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/111943593509649252</span></a></p><p>[4] *NOT* Trump: <a href="https://twitter.com/realDonaldTrump/status/890617797956456448" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">twitter.com/realDonaldTrump/st</span><span class="invisible">atus/890617797956456448</span></a></p><p>[5] <a href="https://infosec.exchange/@ErikvanStraten/111989393380873096" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/111989393380873096</span></a></p><p><a href="https://infosec.exchange/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://infosec.exchange/tags/impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>impersonation</span></a> <a href="https://infosec.exchange/tags/identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identity</span></a> <a href="https://infosec.exchange/tags/identityFraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identityFraud</span></a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://infosec.exchange/tags/factors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>factors</span></a> <a href="https://infosec.exchange/tags/OTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTP</span></a> <a href="https://infosec.exchange/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a> <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOTP</span></a> <a href="https://infosec.exchange/tags/Authenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authenticator</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/passwordManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordManager</span></a> <a href="https://infosec.exchange/tags/passwordManagers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordManagers</span></a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/SSN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSN</span></a> <a href="https://infosec.exchange/tags/BSN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSN</span></a> <a href="https://infosec.exchange/tags/passport" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passport</span></a> <a href="https://infosec.exchange/tags/eID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eID</span></a> <a href="https://infosec.exchange/tags/ElectronicPassport" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ElectronicPassport</span></a> <a href="https://infosec.exchange/tags/rickroll" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rickroll</span></a> <a href="https://infosec.exchange/tags/KopieID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KopieID</span></a> <a href="https://infosec.exchange/tags/PKI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PKI</span></a> <a href="https://infosec.exchange/tags/certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificates</span></a> <a href="https://infosec.exchange/tags/privateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privateKey</span></a> <a href="https://infosec.exchange/tags/publickeycryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>publickeycryptography</span></a></p>
Teri Radichel<p>Do you know where your certificates reside when you use AWS ACM with a “Trusted Enclave”?<br>~~<br>I was surprised at what I discovered when digging into the details<br>~~<br><a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AWS</span></a> <a href="https://infosec.exchange/tags/ACM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACM</span></a> <a href="https://infosec.exchange/tags/Certificate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certificate</span></a> <a href="https://infosec.exchange/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://infosec.exchange/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivateKey</span></a> </p><p><a href="https://medium.com/cloud-security/do-you-know-where-your-certificates-reside-when-you-use-aws-acm-with-a-trusted-enclave-e924eb1fdd45" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/cloud-security/do-y</span><span class="invisible">ou-know-where-your-certificates-reside-when-you-use-aws-acm-with-a-trusted-enclave-e924eb1fdd45</span></a></p>
Crypto News<p>Ethereum Wallet Drainer Steals $60M in Six Months - Hackers that stole more than $60 million worth of crypto in six months are using a piece ... - <a href="https://www.coindesk.com/business/2023/11/13/ethereum-wallet-drainer-steals-60m-in-six-months/?utm_medium=referral&utm_source=rss&utm_campaign=headlines" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">coindesk.com/business/2023/11/</span><span class="invisible">13/ethereum-wallet-drainer-steals-60m-in-six-months/?utm_medium=referral&utm_source=rss&utm_campaign=headlines</span></a> <a href="https://schleuss.online/tags/privatekey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privatekey</span></a> <a href="https://schleuss.online/tags/finance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>finance</span></a> <a href="https://schleuss.online/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a> <a href="https://schleuss.online/tags/wallet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wallet</span></a> <a href="https://schleuss.online/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a> <a href="https://schleuss.online/tags/hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hack</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload