|
Royce Williams
@
TychoTithonus
Anchorage, AK - where tweets are mine alone; I block in bulk, pls let me know @ false positives (see link)
|
|
Just doing my undue diligence. ISP vet, security demi-boffin, password hashing enthusiast (Team @hashcat), AK license plate taxonomist(!) He.❤️:⚛👨👩👧🛡🙊🗽😼💻✏🎥🍦🌶🍫
|
|
|
10.206
Tweetovi
|
3.399
Pratim
|
1.481
Osobe koje vas prate
|
| Tweetovi |
| Royce Williams proslijedio/la je tweet | ||
|
Kyle Puckhaber
@puckmine
|
5 h |
|
Check out the latest episode of the @CypherCon Podcast with password cracker extraordinaire @winxp5421. We talk stroller wi-fi pentesting, DEFCON's Crack Me if You Can with @CynoPrime and tips on creating easy to remember, hard to crack passwords. podcast.cyphercon.com/podcast/episod…
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
23 h |
|
I know, right? The more I think about it, the better it gets. So much subtlety, so much attention to detail.
|
||
|
|
||
| Royce Williams proslijedio/la je tweet | ||
|
Jon Oberheide
@jonoberheide
|
4. velj |
|
Whoa, what? @googlephotos? pic.twitter.com/2cZsABz1xb
|
||
|
|
||
| Royce Williams proslijedio/la je tweet | ||
|
Daniel Bilar
@daniel_bilar
|
3. velj |
|
The-Eye: online archivists launch OA directory of 5200 scientific studies on #coronavirus from 1968-2020 that anyone can download w/o encountering a paywall
["illegal, but it's also a moral imperative"] the-eye.eu/public/Papers/…
#ncov2019
|
||
|
|
||
| Royce Williams proslijedio/la je tweet | ||
|
Nic Losby
@Blurbdust
|
3. velj |
|
whynotsecurity.com/blog/teamviewe…
Teamviewer has been storing user passwords encrypted with AES, not hashed, in the registry accessible to low privilege users on the machine. This works for versions dating back from at least as far back as 2012 to the latest version.
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
3. velj |
|
It took me a while to grok why - it'll likely take you less time. :) It totally makes sense in retrospect.
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
3. velj |
|
Nice find, Aaron!
(Side note for those following along at home: if you pre-hash bcrypt to address its 72-char max, do *not* use an unsalted hash - attacker can ID pre-cracked/well-known hashes - & also speed up attack on remaining hashes. h/t @jmgosney for 1st noting this)
|
||
|
|
||
| Royce Williams proslijedio/la je tweet | ||
|
Aaron (Okuyo) Toponce 🕉️
@AaronToponce
|
3. velj |
|
Reddit hashes passwords with bcrypt, but does not pre-hash. This means Reddit passwords longer than 72 characters are truncated.
github.com/reddit-archive…
As a result, only passphrases using the EFF short #2 list are problematic:
reddit.com/r/security/com…
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
3. velj |
|
(Appears to have been transient - back up and working at this writing)
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
3. velj |
|
@JHSPH_CHS Your data that was previously publicly available at
gisanddata.maps.arcgis.com/apps/opsdashbo…
... is now prompting for JHU credentials. Is this by design, or something transient?
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
3. velj |
|
|
||
|
Royce Williams
@TychoTithonus
|
3. velj |
|
Observe the responses to the original tweet, and see what you can detect:
twitter.com/Jeep/status/12…
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
3. velj |
|
PSA: Many accounts reacting to popular tweets are bots or trolls, either seeking engagement karma or pushing agendas.
Here you can see how many of the accounts responding to the Jeep Bill Murray ad are ones I'd either already blocked (gray bar), or ID's by BotSentinel (red text) pic.twitter.com/iOmVFYj56q
|
||
|
|
||
| Royce Williams proslijedio/la je tweet | ||
|
OLAY
@OlaySkin
|
29. sij |
|
|
||
|
Royce Williams
@TychoTithonus
|
3. velj |
|
on my way
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
2. velj |
|
@cperciva, have you seen @eerimoq's detools? "Binary delta encoding in Python 3 and C, based on daemonology.net/bsdiff/, with the following differences:"
github.com/eerimoq/detools
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
2. velj |
|
When trying to explain how security can be improved by reducing complexity, I think about "@BDHA's Lazer" (by @mjdominus) a lot:
"Any sufficiently advanced software is indistinguishable from malice."
blog.plover.com/misc/bdhas-laz… pic.twitter.com/1LQeA293rN
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
2. velj |
|
Setting up a VPN connection through McMurdo: $9/month
The look on the SOC team's faces when they see Antarctica in the location fields in the SIEM: priceless twitter.com/malcomvetter/s…
|
||
|
|
||
| Royce Williams proslijedio/la je tweet | ||
|
Matt Parker
@standupmaths
|
2. velj |
|
A lot of tweets about #PalindromeDay miss that 02 February 2020 is a palindrome in USA, UK and ISO formats; it is a palindrome day of the year (33) and there are a palindrome of days left in the year (333).
This will never happen again. More details here: youtu.be/4fE_sXZjxng pic.twitter.com/GD7zh50DPH
|
||
|
|
||
|
Royce Williams
@TychoTithonus
|
1. velj |
|
That is indeed groovy.
|
||
|
|
||