Show newer

So today she proceeded by once again attacking the researchers and criticizing journalists who were asking her about the security vulnerability, restating that it didn't exist.

Show thread

And she claims that @DI_Security@twitter.com researchers publicly called her a transphobe. Not sure what this is about, I could only find a tweet by @daeken@twitter.com who appears to have no relation to the researchers. Judging by the way @salltweets@twitter.com responded she thinks otherwise.

Show thread

She says that they should have emailed technical department directly – yet from a brief look I cannot find the corresponding email address anywhere. From experience, emailing technical support about vulnerabilities is a bad idea. So Twitter is a valid way to approach a company.

Show thread

From that point on, things went only downhill. @salltweets vehemently denied the existence of any security issues, claiming that the whole thing is a harassment campaign – despite not having received any details. She sent them a DM but apparently blocked the account later.

Show thread

According to the researchers, they were first ignored when they attempted to report the issue. Eventually, they received a response but not the kind they hoped for. Not sure why they had to state their disagreement with @salltweets@twitter.com’s views, but it clearly rubbed her the wrong way.

Show thread

Several people from the Mozilla community felt that I’m building up a conspiracy theory here. That’s not the case, I’m actually quite certain that people are acting with good intentions. Unfortunately, that doesn’t automatically mean that we’ll be happy with the results. Updated my article:

Show thread

Ouch, typo in the image – 1.81 * 10^19, not 1.81 * 10^20. Also, it's 2.9 J/s, not 29. The end result is correct, I forgot to correct a mistake for intermediate steps. ☹️

Show thread

There are articles floating around on the company NDB about to produce battery-sized nuclear generators. As with any “revolutionary breakthrough” you might want to take a closer look. I did a rough calculation what kind of output a power source based on C-14 decay can produce.

I always wonder what kind of algorithm is at work analyzing data, taking great amounts of personal information and deducing all those bogus things about me. For most part, this is very intransparent, but at least with deduced languages it's slightly more obvious. 1/6

Wow, I knew of course that was running some really aggressive marketing campaigns... But now they are apparently spamming random bloggers because of links to MDN for browser extensions information.

For reference, the article in question is palant.info/2015/10/15/using-w.

It seems that I'm done with the illustration for next Monday's article. We'll have another "secure browser" to pick apart in a week.

theregister.com/2020/06/24/bit got thoroughly confused by Bitdefender announcement claiming that the vulnerability resides in the SAFEPAY browser. No, a malicious website doesn't need to be opened in this browser, the exploit works from any browser as my post clearly states.

Show thread

gbhackers.com/vulnerability-in on the other hand appears to be based on my blog post and Bitdefender announcement only. But it somehow manages to misattribute my statements to Bitdefender while also mangling my other statements in an attempt to avoid placing them in quotation marks.

Show thread

I think the crown so far goes to androidrookies.com/bitdefender which is a confusing mix of Wikipedia info, my article and bleepingcomputer.com/news/secu without any of the sources named. Some of my statements are marked as quotes, others are simply part of the text. And parts are just weird.

Show thread

And then one only needs to enable this reporter in ~/.config/urlwatch/urlwatch.yaml.

Don't forget to set DISPLAY=:0 when running urlwatch via cron!

Show thread

Luckily, adding a reporter is fairly simple. One can create a ~/.config/urlwatch/hooks.py script, e.g. with the contents below (using kdialog command line tool to display a message).

Show thread

And - yes, I can totally see how this error message can make someone despair. Crazy enough, I actually remember moving TSRs into high memory. 😀

Show thread

I did try going through their support channel as well but got the reply below. I guess that outsourced their support to some country far away...

Show thread

What a time to be alive. Nigerian princes no longer want to transfer money, they are now in the business of selling face masks.

Fancy phishing approach: rather than spam a suspicious phishing URL, send people a link to a Google Docs document. Make that document look like a download page and long enough that the Google footer disappears below the fold. The "here" link points to a malicious URL of course.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.