Tinker @tinker@infosec.exchange

@tinker @uranther Exactly this. A lot of times, it’s hindsight, which would be too late

There are still only a few viable mitigations for “person with thumb drive”, none which are particularly appealing if you want to preserve that access for folks who really need it

Meanwhile, a fly on the wall is worth 20,000x its weight in gold, but only when used the right time

@tinker Today, I was at a Public Storage facility and noting some similarities and attuning to their #PhysSec.

One technique they use that seems applicable to #infosec is the multiple uses of a keycode at the external entrance, internal entrance, and elevator; that's followed by one cylinder lock and possibly another padlock.

Every time you have to authenticate to reach the next deepest layer.

@bob So the Linux Technical Advisory board is comprised entirely of men and includes representatives of surveillance capitalists Facebook and Google.

@cosullivan I should consider the offerings on @tinker ‘s site. He has a few lovely tutorials on using bash to skim data on Linked in, which after studying had me understand nicely the potentials and uses of grep for economizing mayhem, etc.

Remote Code Execution in Alpine Linux https://justi.cz/security/2018/09/13/alpine-apk-rce.html

Finally, I am slowly moving from the proprioatery #Medium platform to the much more interesting looking #Plume.

Very excited to expand #fediverse content!

A few stats about the beta launch:
- the announce at Medium/Hackernoon has been accessed more than 50,000 times
- https://e.foundation website is receiving visits from most of countries in the world.
/e/ is global, people want more privacy in their digital life.

For those interested in leaving Apple and Google, and reconquer their privacy, the first beta of /e/ is here for download and testing! Happy flashing.

#/e/Foundation #privacy #android #google #apple

https://medium.com/@gael_duval/leaving-apple-google-e-first-beta-is-here-89e39f492c6f

So Alpine Linux has a pretty serious set of vulnerabilities because

- It doesn’t download packages over TLS, making them prone to MitM. Which on its own isn’t terrible but it also...

- Doesn’t check hashes before extracting to root (!)

- And uses custom gzip code which is vulnerable to arbitrary code execution (!!)

#Infosec

https://justi.cz/security/2018/09/13/alpine-apk-rce.html

I actually built a little toy service (that I will also eventually open source) which converts any RSS feed to an ActivityPub actor that you can subscribe to in Mastodon (or any other AP-compatible client).

Play with it if you like! It is SUPER rough and most feeds end up horribly rendered in Mastodon but it's still kinda cool to see it work: https://bots.tinysubversions.com/convert/

@tinker famous last words before sirens go off in the distance, a small fire starts smoking and someone is sitting in a corner sobbing?

My top 10 people who's toots I favorite are:

@cypnk (46)
@tildetown (37)
@m455b (30)
@tinker (27)
@TheGibson (24)
@selfsame (20)
@dansup (20)
@emsenn (19)
@Siphonay (18)
@RussSharek (16)

I guess these should be my #FFED #FollowFridayEveryDay

Found these numbers with this tool:

https://t5.codesections.com/

Great work @codesections !