Notices by Tinker ☀️ (tinker@infosec.exchange), page 2

For an attacker to sniff an encrypted email in transit (a), the attacker can get it either:
i) In a targeted Man-in-the-Middle attack
ii) As a systemic attacker (e.g. NSA, GCHQ, Compromised ISP, etc)

A couple things make this difficult:
- Many encrypted emails using S/MIME are sent within a corporate enterprise and never leave the perimeter. (You'd have to breach the corporate perimeter)
- Emails are often protected via TLS in transit. (either need to break TLS or attack the endpoint)

#efail

So after a couple meetings and going through more of the links, including the GPG response, etc.

My thoughts on the #efail vuln:

1) The core requirement is that an attacker needs to get ahold of an encrypted email first. This is axiomatic. This is the thing that they need to decrypt.

The attacker can do either by:
a) Sniffing the encrypted email in transit
b) Stealing the encrypted email at rest.

Much like #UbuntuTouch was picked up by the community under the alias UBPorts, it looks like #FirefoxOS was picked up by the community under the alias B2GOS.

B2GOS doesn’t appear to be maintained, but the build scripts are there. It also looks like a private company forked the code further and calls it #KaiOS (used on some Nokia smart/feature phones).

#UBPorts
- @Ubports
- https://ubports.com/

#B2GOS
- https://wiki.mozilla.org/B2G

#DIY #Phone #FOSS

NPR article posted today (May 1st) mentions Mastodon! They link to joinmastodon.org (not mastodon.social) which is great!

“As Facebook Shows Its Flaws, What Might A Better Social Network Look Like?”

#Mastodon #News

https://www.npr.org/sections/thetwo-way/2018/05/01/607361849/as-facebook-shows-its-flaws-what-might-a-better-social-network-look-like

Seriously. Fuck Microsoft. Fuck the justice system that allowed this.

The man was actually (and hopefully will continue) making a difference as it relates to ewaste, built-in obsolescence, et al.

#Ewaste #FOSS #Lundgren

This is why I only use & support Free & Open Source Software in my personal life. This man is going to prison. Prison.

"A California man who built a sizable business out of recycling electronic waste is headed to federal prison for 15 months after a federal appeals court in Miami rejected his claim that the “restore disks” he made to extend the lives of computers had no financial value, instead ruling that he had infringed Microsoft’s products to the tune of $700,000."

https://www.washingtonpost.com/amphtml/news/true-crime/wp/2018/04/24/recycling-innovator-eric-lundgren-loses-appeal-on-computer-restore-discs-must-serve-15-month-prison-term/?noredirect=on

Now here's a con! Social Engineer a personal nurse to send vials of blood so that you can forge a DNA signature!

WHERE'S YOUR BIOMETRIC MFA GOD NOW?!?!?!

HT to Tails Hon1nbo! #SocEng
http://www.tmz.com/2018/04/05/stan-lee-stolen-blood-for-sale-black-panther-comic-books

If you’re in #Dallas #Texas tonight, come join me at the Dallas Hackers Association!

#Hacking #Locksport #CTF #FireTalks

More info here: https://www.dallashackers.com

The Corporation behind and the Admins of Twitter can see your “Private Messages”

The Corporation behind and the Admins of Facebook can see your “Private Messages.”

The Admins of Mastodon can see your Direct Messages. They aren’t private.

With Mastodon, you can spin up your own instance and be your own Admin.

Ultimately, don’t use any of these tools for actual private messages. Use Signal, Matrix/Riot or another end to end encrypted messaging tool.

Anyone here at the #SANS #ICSSummit ?

Need to find food.

What do you call a hacker that’s past their prime?

- Obso1337

#HackerDadJoke #Hacking

When speaking to folks about leaving Windows and adopting #FOSS OS’s like Linux, the biggest roadblock to leaving is the lack of a viable office suite.

LibreOffice is at the forefront to providing that.

Not gonna lie... this is funny...

(I still don’t tell prospective users that we call it a ‘toot’... I just call it a post.)

In Layer 8, the user, a human, dies. As they die, they decompose back into base parts. They become the Physical. They become Layer 1. And, thus, the circle is complete.

This is the OSI Layer Model.

#Infosec #Computing #Life #Universe #Everything

I love open sourced phones. I’m working on a (longterm.. when I can get to it) project on a phone using RPi’s. I love seeing other similar projects.

Here’s one. Says the code will be open source, but I can’t find a repo yet. But, good for watching.

https://fossbytes.com/pitalk-smartphone-raspberry-pi/amp/

Observed: Working Payphone. Outskirts of Abilene, TX, USA
#2600

Oh Eris. Wow. Mudge posted a link to this. This is intense. I can’t download the python script linked in the post yet. If anyone grabs it, let me know:

#Hacking #InfoSec

http://archive.is/PQAnU

For many the tradeoff for Security is Convenience.

For me the tradeoff for Security is Control.

iOS takes control of the device away from the user, but has arguably the best phone security.

Not sure that I like that...

#InfoSec