Sam @acetum@infosec.exchange
Ex-MD turned CS student. Aspiring web developer.
Last exam of the semester. Done!
So after a couple meetings and going through more of the links, including the GPG response, etc.
My thoughts on the #efail vuln:
1) The core requirement is that an attacker needs to get ahold of an encrypted email first. This is axiomatic. This is the thing that they need to decrypt.
The attacker can do either by:
a) Sniffing the encrypted email in transit
b) Stealing the encrypted email at rest.
Favorite less, boost more.
Don't let them know what you're against, but what you're for.
Brief survey of #encryption chat apps I've looked into:
Signal: gold standard, heavily reviewed, metadata quite private, but requires your phone number.
Wire: equivalent to Signal on messaging, less private around metadata, but can use a username. I prefer Wire.
WhatsApp: equivalent to Signal on messaging, but Facebook has and uses metadata.
Telegram: rolled their own crypto, not at all hard to find trustworthy cryptographers calling their work out. Not sure what their state is in 2018 but 2015 was bad.
I'm not a big FB user. Hardly ever post there. Mostly use it because it has become the ubiquitous means of communication. For example, the gym I train BJJ at only communicates schedule changes using FB. My last 2 jobs posted scheduling info using it.
Been doing some reading and according to FB the facial recognition template is supposed to be deleted when the feature is turned off.
On the other hand, every picture is scanned with recognition algorithm. The opt-out only stops notification not necessarily the information being processed and stored.
Maybe the only remedy is to #deleteFacebook
Something weird happened yesterday. I got a FB notification on my phone lock screen that the page for a local venue had published 4 pictures of me.
I have the FB "face recognition" setting turned off. I wasn't tagged in any of those pictures. There were pictures of me published on that page as I had attended an art show there that morning.
Anyone know of the face recognition feature being on even though explicitly turned off?
Why have a password on your lock screen if it shows a hint that is your actual password?
Hello, I’m an ex-academic which means my main skills are giving presentations about nothing and writing papers about nothing.
I’m also an Infosec Guy currently working with automotive systems. Trying to upskill beyond my current niche. IDK what a Mimikatz is but it sounds fluffy.
oh my god 500 characters i-dont-know-what-to-do-with-my-hands.gif
Here we go. Inaugural dumpster fire!
Now that's a first: Email received stating I was being removed from list because I hadn't opened recent emails they sent.
Sure beats having to mash the unsubscribe button.
I published:
#DeleteFacebook: Perspective from a platform that doesn’t put democracy in peril
still more school/diploma stuff Show more
Venting about school stuff. Show more
But Brain, what would AnarchoBSD even look like!? 
Happy Data Privacy Day everyone! We’ve decided to dedicate the entire week to this issue and to talk about control, data protection, surveillance, and identity.
More here: https://t.co/SnvcHHQ6kN #dpd18 #dataprivacyweek https://t.co/kUynoEwOpT
CSS Show more
"
This year especially there’s an uncomfortable feeling in the tech industry that we did something wrong, that in following our credo of “move fast and break things”, some of what we knocked down were the load-bearing walls of our democracy."
If you care one bit about what tomorrow's internet is going to look like, please go and read Maciej Ceglowski's great talk about how we can "Build a better monster":
I have a web server class starting tomorrow and I already have a ton of nginx questions.
New semester starts tomorrow.
