Tinker @tinker@infosec.exchange
Tinkerer | Cypherpunk | Hacker
Need to rip something apart.
Hospital security: unsupervised & unlocked computers sitting in an open hallway. Screens showed names + medical data of patients... yuck 😷 https://t.co/zjsNYwSJmE
@tinker @thinkMoult @RyuKurisu I've got a Nexus 5 running the Ubports build right now, but it isn't my daily.
It is a little rough as they're transitioning to 16.04. But shows a lot of promise. If you're new to it, I would wait until after that transition to make a serious evaluation.
Now this is Social Engineering.
Stuttering John live records his vishing (voice phishing / conning over the phone) of the White House.
He actually gets in touch with President Trump on Airforce One.
#SocEng #SocialEngineering #InfoSec #Phishing #Vishing
http://stutteringjohnpodcast.libsyn.com/the-stuttering-john-podcast-4
Defensive Security Podcast Episode 220
https://defensivesecurity.org/defensive-security-podcast-episode-220/
#exploitkit #OPMBreach
#infosec
Once again an enormous database of personal info was left unprotected and open to the public. Why is this so hard for these companies with incredible wealth.
https://www.wired.com/story/exactis-database-leak-340-million-records/
@tinker Agreed, and that would be bad, but I did not perceive that slipperuy slope from reading the announcement -- unless I missed something?
Google does do a lot of good non-surveillance-y support & funding of #OpenSource stuff through #GSoC and their open source programs office. https://opensource.google.com/
Article Quote:
“We want to ensure that Google apps and services are available to everyone, whether they are using desktops, smartphones, or feature phones.” said Anjali Joshi, Vice-President, Product Management, Next Billion Users. “Following the success of the JioPhones, we are excited to work with KaiOS to further improve access to information for feature phone users around the world.”
Article Quote:
In addition to the investment, Google and KaiOS have also agreed to work together to make the Google Assistant, Google Maps, YouTube, and Google Search available to KaiOS users. These apps have been developed specifically for the KaiOS platform, which is entirely web-based, using open standards such as HTML5, JavaScript, and CSS.
There goes my hope for #KaiOS (a fork of FirefoxOS).
“Google Leads Series A Investment Round in KaiOS to Connect Next Billion Users”
https://www.kaiostech.com/google-leads-seriesa-investment-round-kaios-connect-next-billion-users/
@tinker importing from a torrent/magnet is planned. That would need to add a UDP/TCP/WebRTC client in PeerTube's server, so technically the base to make PeerTube servers seed over these protocols will be there, and implementing it is not out the question.
But the PeerTube web client can only do WebRTC. Don't expect them to seed back to non-WebRTC swarms anytime soon :/
It's #FollowFriday! Here are some #alternatives to follow:
@cloutstream CloutStream: An open source federated alternative to LinkedIn, just launched its new website
@Chocobozzz Chocobozzz: Lead developer of #PeerTube, the ethical alternative to YouTube
@Purism Purism: Makers of privacy-oriented computers and the upcoming Librem5 smartphone
@fdroidorg F-Droid: The open source alternative to Google Play
@krita Krita: Open source painting software aimed at artists and illustrators
I dont accept ads, or aggressive brand/s accts or paid toots (I’ve been approached) but I do support free & #opensource programs. We have some amazing creative orgs represented on the #Fediverse thru 
#Mastodon’s super-scalable #ActivityPub implementation.
If you havent tried them then you’re missing out (a-z). U have control over ur social & creative lives w #FLOSS
@Blender
#DarkTable
@GIMP 
@inkscape 
@Krita
@ubuntustudio
Others?
@tinker it gets even better /o\ checked the .bash_history file on the prod file -> mysql -u root -h IP -p
Remote connection to the mysql server is enabled and uess what's the pwd? "toor"!
I swear its the truth /o\
@tinker TLDR: no, not yet.
There is not yet an "import torrent/magnet" feature. And then there is the problem that, would the torrent share the same announced trackers, archive.org seeds over UDP/TCP, and not over WebRTC. And the peertube server is not a torrent client (yet?). It only exposes a WebSeed, so it wouldn't help archive.org.
Question concerning #Peertube :
I want to take old movies that are currently available on archive.org and make a classic movie Peertube instance.
But I don’t want to seed from scratch.
Since archive.org already seeds these movies, can I add their tracker info to my peertube instance? Share the load with archive.org?
(If there’s a better place to ask this question, than the public fediverse, let me know!”
That moment when your conducting a pentest, gain access to a development server but not the production one and then you try ssh user@serverIP and it works... #infosec
Reclaiming RSS
“Before Twitter, before algorithmic timelines filtered our reality for us, before surveillance capitalism, there was RSS: Really Simple Syndication … As we move away from the centralised web to the peer web, it’s time to rediscover, re-embrace, and reclaim RSS.”
The plot to Casablanca, but instead of Ilsa being married to a freedom fighter, she’s married to a high ranking Nazi.
I get lost in my sockpuppets sometimes. Like when I’m logged into a LinkedIn profile of a fake persona, I get into the InMails and recruiter DMs that I receive.
I get flattered that they want to hire my fake persona. I tweak my profile a bit to show off my best fake skills.
I coyly explain to the recruiters that I am not currently interested in a new opportunity, but that I’ll pass the job req to my fake friends and fake associates.
