Tinker is a user on infosec.exchange. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Tinker @tinker@infosec.exchange

Ooh! infosec.exchange has 800 registered users!

Cheers to @jerry for keeping it up and running!

Tinker boosted

FYI, when sharing a link, check if the following are present in the URL

#sm.( followed by random string)

These are “engagement trackers” and they can reveal your source for the URL

Consider the #privacy implications if you include them. They’re not needed for the website you’re visiting to actually show you the content

Tinker boosted

#introductions I am a NixOS developer and prism-break.org maintainer who feels strongly about free software, hardware, and society.

Tinker boosted

We, you and I, have a chance to fix this. We, you and I, can rebuild and repair.

We can:
- Make user friendly (not user hostile) devices and software
- Write documentation
- Refuse to buy tech that *we* can render safe to use, but that the average user can't
- Support people that do things correctly financially whenever possible.

Tinker boosted

I’ve wanted to give up after every site was seized! I wanted to give up after my cc issue! I wanted to give up ..today! But instead, i told myself “I am worth it! I’m worthy of my desires, dreams, and hopes!” I have ppl that idek rooting for me & that is such a beautiful feeling to be in a community where you know you’re not alone! 💋

Tinker boosted

This is the most dystopian shit I've seen in a while:

Google and Microsoft are pushing websites to replace passwords with their fingerprint scans and facial recognition.


Tinker boosted

This shit pisses me off to no end.

Corporations working at lessening peoples security while increasing surveillance.

We had a working, standardized solution for the creation of TLS client certificates with <keygen> and SPKAC – and not only did those motherfuckers kill a good thing we had, they are actively trying to shovel a patently flawed and dangerous solution down everyones' throat.

Tinker boosted
ok, i uploaded all the karaoke songs to peertube, but i don't know how to link to the channel... here you can find it: https://peertube.video/videos/search?search=lain

Had a blast teaching at my friend’d group. Walked through what hacking into a corporation and person looks like. Then taught tools to prevent those hacks.

Had normal folks downloading and using password wallets, multifactor authentication, and Signal very quickly.

A couple deleted some choice public facebook and twitter posts :P

Oh my Eris!!!! @jerry ’s Defensive Security Podcast just posted!!!!

(I know who’s reading my bedtime story tonight!!! ::rolls tongue:: )


Today is home lab clean up day.

Then I’m teaching hacking and security to an adult hobbyist group (that isnt focused on hacking or security).

Strong breeze. Overcast. Birds are out and singing.

It’s a good day.

Tinker boosted

This also ignores the MASSIVE vulnerability from FB/Twitter apps.

Apps mean not only are you giving those companies your posts, but also your call logs, possibly SMS data, details of all the other apps on your phone, phone number, contact details, usage data, full social graph, detailed location data, ability to read phone storage, microphone access, access to your calendar, activity recognition (are you walking, driving etc), view network connections, etc etc


Tinker boosted

Hey here's something about the Fediverse that some people don't take into account:

I see on "hacker" "news" that there is currently discussion about Scuttlebutt and the very clever opinion is that oh no, distributed social is worse than FB/Twitter because nothing is stopping BigScaryCorp from scooping up all your public posts.

Ignoring the fact that you can very easily have a locked account or even one that has public AND non-public posts... 1/

Tinker boosted

Wait, what. Windows 10 sends info on USB devices plugged in directly to Microsoft?

And it does that using pure HTTP?

You gotta be kidding me.


Tinker boosted

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials.


Google Dork of the Day:

Sites with Trace.axd (e.g. (link: domain.com/Trace.axd) domain.com/Trace.axd) store all web requests here. Go through it. Cookies, Site Requests, etc.

Is it a login page?
- Look for POST requests! You will find Usernames and Passwords in the clear!

Tinker boosted
Tinker boosted

Regarding our recent outage. You can find an official statement below. The last documented time Cloudflare terminated services was when they terminated the account of a white supremacist website last year. We are waiting on answers.

Tinker boosted
Tinker boosted

Thanks to @tinker for speaking to and teaching my ethical hacking students last night! Hopefully those that aren’t involved in the local infosec/hacking community will now be more motivated to get involved.