r000t @r000t@infosec.exchange

@tom79
Is Pixelfed support planned?

Making a pixelfed instance literally just for my cat.

Friday night muthafucka.

Someone needs to tell "IBM X-Force" that LoserSquad was by no measure a hacktivist group. There was no moral or even political goal, half the children were literally going for fame.

Well, if there was ever an excuse for a brand new Ryzen build...

From the iOS 12.2 changelog:

Safari:
* Removes support for the expired Do Not Track standard to prevent potential use as a fingerprinting variable [...]

Which makes perfect sense, but is still pretty ironic.

>Telephant

Fuck, that's what Mastodon should have been called in the first place. It rolls off the tongue so much easier.

Like now I wanna (try and) make a Mastodon instance that breaks as many others as will interact with it, but I don't want people turning around and using that as evidence to call Mastodon insecure.

. @fribbledom's custom client gave me an idea.

We have https://badssl.com/, which is a set of (specifically) poorly configured SSL implementations that you can test whatever against.

How about a bad Mastodon instance? It would have super long toots, messed up unicode, "infinite" procedurally generated accounts/toots, etc.

Does anybody know if Wikipedia has any ongoing projects to update very very old screenshots? Potentially with updated versions of software and modern/no window decoration?

John McAffe walks onto the stage in a mock turtleneck. He's holding a manilla envelope.

"HI, yes, hello, thank you all for coming out and joining me for my keynote. Today we will be discussing the identity of famed Bitcoin creator Satoshi Nakamoto," John says.

The crowd goes wild.

"The true identity. Of Satoshi Nakamoto. Is," John continues, while opening the envelope. The crowd has fallen silent.

John flashes a mirror to the audience

"You. All of you are Satoshi Nakamoto. You always were."

Um also, so, like, um, in my Expanded Amazon Dystopia Comedy Toot Universe, Jeff Bezos looks like Urgot. Kinda.

But the legs are also Prime Lockers.

It's the year 2038 AD.

Roving Prime Death drones permanently neutralize all valued Prime Citizens above the age of 55. After a 30 second ad for human composting.

r000t still passive-aggressively closes tickets where the filer said "comp" when they meant computer.

r000t wishes the Prime Death drones could neutralize all people who shorten computer to "comp". After a 30 second ad for human composting.

At first glance, only his Twitch and Twitter got taken over.

But all of these other places also potentially fell to SMS account recovery:

Email
Corporate Email (BoomTV)
Discord
Steam (and other gaming platforms)
PayPal
Facebook/Instagram
Snapchat

If not properly configured, a Google account (and any associated YouTube channels) is also pwnt.

All that said, attackers seemed more interested in defacement than exfiltration. I'd even guess they made no attempt on the email.