bugshiv is a user on infosec.exchange. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Remote follow

bugshiv @bugshiv@infosec.exchange

43 Toots
9 Following
37 Followers
Toots Toots and replies Media
Pinned toot
bugshiv @bugshiv

if I am ever forced to move accounts, I will be able to provide the input for this checksum

cc3421bcbd40da9e6fe6c8c2aaa998ce6daebb2b5e24a81500f330d349b2b58e

Pinned toot
bugshiv @bugshiv

time

Fresh path in the making.

infosec, bug hunting, netsec privacy & programming are my game.

Pinned toot
bugshiv @bugshiv

ad100551b0e184b7d665dc1c680badc1f6e704aca0a8182262c1d6cfe2d7dbd7

bugshiv boosted
!hannah 🦄(@infosec.exchange) @superruserr

Drink all the booze.
Hack all the things.

youtube.com/watch?v=FoUWHfh733

bugshiv @bugshiv

Great, now protonmail doesn't even allow email verification on further account creation. It's donation or SMS from here.

bugshiv @bugshiv

I picked up programming to be better at infosec, programming itself sucked me in for years.

Now I'm tired of software and revisiting my prime interests.

bugshiv @bugshiv

infosec.exchange local timeline is much more low volume than I expected

bugshiv @bugshiv

Any opinions on briarproject.org/?

bugshiv @bugshiv

> Despite what you have heard from the media, the Internet is NOT
all about TCP port 80

bugshiv @bugshiv

Throwback

Read the original announcement

nmap.org/p51-11.html

bugshiv boosted
Micah Lee 🔑 @micahflee@mastodon.social

@bugshiv @Wolf480pl nope I haven't, but it would be a worthwhile research project. I'd have to learn a lot more about smartphone hardware and forensics. The only phone I've left behind in untrusted places like hotel rooms has been one running Haven

bugshiv @bugshiv

Matrix + riot.im has so much potential - the only drawback is their way of handling e2e crypto device verification & chat UI.

bugshiv @bugshiv

I don't like keybase for two reasons:

1.They by default want you to keep your PGP key with them online.
2. They want you to use their keys & crypto vs PGP

bugshiv @bugshiv

The fediverse is really small, it's surprising how many accounts that I recognize interacted with me already.

bugshiv @bugshiv

if I am ever forced to move accounts, I will be able to provide the input for this checksum

cc3421bcbd40da9e6fe6c8c2aaa998ce6daebb2b5e24a81500f330d349b2b58e

bugshiv boosted
Wolf480pl @Wolf480pl@niu.moe

@bugshiv @micahflee
So it boils down to whether the question he wanted to answer was "Do the evil agents physically tamper with people's devices?" or "Am I targeted?".

bugshiv @bugshiv

There are two natural paths to progress as a programmer:

1. Pick up farming, because all software is terrible.
2. Get into infosec, because f*** all software.

bugshiv @bugshiv

Any other only users in the fediverse?

bugshiv @bugshiv

It would be devastating for the web if any government ruled email to require similar registration as mobile numbers get now in the EU.

bugshiv @bugshiv

Everyone should try creating an anonymous online identity at least once.

This has been the default in the 90s - it's becoming more challenging every second.

To fight for one has to notice it's being taken away. We are being boiled like frogs, wake up and see what changed.

bugshiv @bugshiv

AAAAAAAA can represent a very frustrated user, or someone trying to exploit your service.

bugshiv @bugshiv

I'm surprised he didn't try a honeypot phone. Mobiles are a much bigger target now than laptops.

Most droids don't get timely patching & can be attacked remotely - would love to see someone carry one in a similar experiment.

theintercept.com/2018/04/28/co

bugshiv @bugshiv

protonmail also defaulted to requiring secondary verification, they gave choice of sms, phone, donation.

Interestingly, they blocked most of the temporary mail generating services - but not all of them.

infosec.exchange powered by Mastodon