Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.9K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#pwned

0 posts0 participants0 posts today
Public
Jan Katins

Yay, another time #pwned. Thank $whoever for password managers and generated password. And I guess the rest is probably burned in other places (I have a Impressum in my personal website), but damn, if I wanted/needed that hidden...

Also: 2019, that's 4+ years of possible abuse.

Email from "have I been pwned" from the latest breach which affects me.
Replied in thread
Public
Kevin Karhan :verified:

@ditol @samueljohn @linuzifer

THIS is where I disagree...

You may think it's elitist, but if people are too lazy to learn even fundamentals like how to use #Tails then maybe they should just not do #tech at all?

  • Like: We expect people to show at the every least theoretical proficiency in terms of #TrafficCode and #VehicleSafety in +every juristiction I'm aware of* and literally mandated #DrivingLicense|s for that reason.

I'll gladly teach #TechIlliterates but I won't waste my time on people that spread disinfo...

It's 2024: @tails_live / @tails has been out for over a decade and there are a shitload of guides ranging from written documentation to Zoomer-friendly TikTok-Style shorts on how to get started.

FOR THE LAST TIME:

*STOP MAKING EXCUSES TO JUSTIFY ESCALATING COMMITMENT TO EVIDENTLY BAD SOLUTIONS!"

Whereas with #SelfCustody of all the keys as well as #ReproduceableBuilds and real #decentralization, this would be evidently impossible even if all the devs wanted to comply honestly and not just because they could be held at gunpoint.

  • #Signal is not your friend. It's merely a tax-exempt "non-profit" corporation, and corporations are explicitly nobodys friend - espechally when they demand #PII like phone numbers for useage.

Compare that to #monocles where you do pay like €2 p.m. but in return get #standard #protocols like #IMAP, #SMTP & #XMPP and can pay anonymously and not have to provide any PII whatsoever!

  • And unlike #Signal they ain't dependent on #VC funding and #grant money to keep the lights on.

Make of that what you will, but just like allowing flatearthers to roam freely without caretaker supervision doesn't make the world less round, so won't the facts change about #ITsec, #InfoSec, #OpSec & #ComSec.

Because all #centralized, #SingleVendor & #SingleProvider solutions are bad, and if they don't even allow for #SelfCustody then they are just a #grift to #scam tech-illiterates that don't know and/or don't care!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Attached: 1 image @Catweazle@vivaldi.net @baeuchle@chaos.social @Linux@kitty.social @torproject@mastodon.social @Vivaldi@vivaldi.net Claiming that ["[...] Mullvad is as private as Tor [...]"]( https://social.vivaldi.net/@Catweazle/113344664983833218 ) disqualified your for any future discussion. - If you can't distinguish between a #VPN and #Tor then you are either *criminally incompetent* or *acting as a #UsefulIdiot* by *spreading #FUD and known #disinfo*, which *can get people killed* who believe this bs! I'll set you some timeout, so you can think about it and apologize in due time! #thxbye #EOD #next
#thxbye#EOD
Replied in thread
Public
Kevin Karhan :verified:

@forthy42 @fj #pwned!
infosec.space/@kkarhan/1132927

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@HackyScientress@chaos.social @zl2tod@mastodon.online @fj@mastodon.social [Remember]( https://infosec.space/@kkarhan/113292730929150231 ): - #Wiretapping *is* the illicit activity! And yes, AFAICT this applies to *all* #Telcos which have to provide *"#LawfulInterception"* #Backdoors if not put #Govware in their core systems. - And yes, speaking as an insider, this can happen in.any juristiction where said #API|s and systems are mandatory. So like *all* #EU / #EFTA & #G20 members! - I've yet to hear of any nation that doesn't demand such tech to be installed capable of both targeted and/or #BulkSurveillance. -Just because laws demand a #judge to sign a #warrant doesn't mean said judge is actually in control or able to prevent someone from using it without theor permission!
Public *
Kevin Karhan :verified:

@marcan nodds in agreement #Apple doesn't need to have backdoors in Hardware when their entire #iCould is backdoored and can be weaponized to brick devices.

  • OFC similar functionality can be achieved with #CompuTrace on #amd64-based #Laptops (i.e. #ThinkPads) and compared to that, #AMT + #ManagmentEngine is trivial to #exploit and should be considered real #backdoors (abeit "well meaning" in the sense of remote provisioning of entire fleets of devices, but still allowing to bypass the OS and offering DMA access to the CPU, so basically "#pwned")...

Either way, these are not inherent to the used #Silicon, but entirely #Firmware-based.

  • AMT for example requires a "#Intel #vPro" configuration with Intel-made Ethernet NICs (i.e. i2xx & i3xx - Series) with a Q- or C-series Chipset & supporting #UEFI, so most Systems with cheap #Realtek-NICs aren't exploitable straight-away, and even then it requires certain settings to work, so not an easy "#Pwn2Own" style exploitability...
YouTubeHow Tim Cook Surrendered Apple to the Chinese GovernmentBy The Hated One
#intel#vpro#uefi
ExploreLive feeds
About