toad.social

Erik van Straten<a href="https://infosec.exchange/@aria" class="u-url mention" rel="nofollow noopener" target="_blank">@aria</a> : nice to meet you!Not meaning to be blunt, but *please* prepend links with https:// instead of http://.Let me know if you'd like me to explain why! <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/httpVShttps" class="mention hashtag" rel="nofollow noopener" target="_blank">#httpVShttps</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/HttpRedirect" class="mention hashtag" rel="nofollow noopener" target="_blank">#HttpRedirect</a> <a href="https://infosec.exchange/tags/Wifi" class="mention hashtag" rel="nofollow noopener" target="_blank">#Wifi</a> <a href="https://infosec.exchange/tags/EvilTwin" class="mention hashtag" rel="nofollow noopener" target="_blank">#EvilTwin</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a>

Kevin Karhan :verified:<a href="https://infosec.exchange/@VXShare" class="u-url mention" rel="nofollow noopener" target="_blank">@VXShare</a> <a href="https://myside-yourside.net/@StarkRG" class="u-url mention" rel="nofollow noopener" target="_blank">@StarkRG</a> <a href="https://social.zerojay.com/@jay" class="u-url mention" rel="nofollow noopener" target="_blank">@jay</a> <a href="https://infosec.exchange/@vildis" class="u-url mention" rel="nofollow noopener" target="_blank">@vildis</a> <a href="https://infosec.exchange/@vxunderground" class="u-url mention" rel="nofollow noopener" target="_blank">@vxunderground</a> OFC, if their corporate firewall didn't blocklist your domain, most <a href="https://infosec.space/tags/MITM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MITM</a>-based "<a href="https://infosec.space/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetworkSecurity</a>" solutions and "<a href="https://infosec.space/tags/EndpointProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#EndpointProtection</a>" will checksum files and instantly yeet them into the shadow realm.<ul><li>Researchers should OFC only run those said malware only for research purposes and on <a href="https://infosec.space/tags/airgapped" class="mention hashtag" rel="nofollow noopener" target="_blank">#airgapped</a>, sanctioned systems but they need to get their hands on them in the first place.</li></ul>And lets be honest: Like with chemistry and medicine, one wants to have a supplier that isn't shady af but actually transparent. <ul><li>The "alternative" would be to go into some "dark corners" and risk getting something else entirely.</li></ul>

Erik van Straten<a href="https://infosec.exchange/@relishthecracker" class="u-url mention" rel="nofollow noopener" target="_blank">@relishthecracker</a> : that's make belief."Wow, asymmetric encryption, even quantum-computer-proof", "military-grade", etcetera.Right after logging in using a passkey with an unbreakably protected private key, the website sends a session cookie (or similar) to the browser - which is NOT protected like private keys. If a website (like most of them) does not log you out if your IP-address changes, such a cookie is nearly as bad as a password. And fully if the cookie never expires.Therefore:1️⃣ Even if attackers cannot copy private keys: if the user device is sufficiently compromised (i.e. on Android, running an accessibility service), they can take over all of the user's accounts;2️⃣ If the user's browser is compromised, attackers can copy session cookies and use them to obtain access to accounts the user logs in to;3️⃣ An AitM (Attacker in the Middle) using a malicious website can copy/steal authentication cookies. Such AitM-attacks are possible in at least the following cases if either:• A malicious third party website manages to obtain a fraudulently issued certificate (examples: <a href="https://infosec.exchange/@ErikvanStraten/112914050216821746" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/112914050216821746</a>);• An attacker obtains unauthorised write access to the website's DNS record;• An attacker manages to obtain access to a server where a "dangling" (forgotten) subdomain name points to, *AND* the real authenticating server (RP) does not carefully check for allowed subdomains (see <a href="https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580" rel="nofollow noopener" translate="no" target="_blank">https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580</a>);4️⃣ The server is compromised or has a rogue admin: the attacker can add their passkey's public key to your account, or replace your public key with theirs (note that passkey pubkeys are not encapsulated by certificates issued by trusted issuers, stating who owns the public key).Phishing using fake websites is probably the number one problem on the internet. *THE* major advantage of passkeys is that they make phishing attacks VERY HARD.Indeed, if your device is sufficiently compromised, the risk of all of your passwords being stolen if you use a password manager is BIG.However, as I wrote, if your device is sufficiently compromised, an attacker does not need access to your private keys in order to obtain access to your accounts.<a href="https://sigmoid.social/@oliversampson" class="u-url mention" rel="nofollow noopener" target="_blank">@oliversampson</a> <a href="https://cathode.church/@kaye" class="u-url mention" rel="nofollow noopener" target="_blank">@kaye</a> <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passkeys</a> <a href="https://infosec.exchange/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PasswordManagers</a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainNames</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cryptography</a> <a href="https://infosec.exchange/tags/MilitaryGrade" class="mention hashtag" rel="nofollow noopener" target="_blank">#MilitaryGrade</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/ATO" class="mention hashtag" rel="nofollow noopener" target="_blank">#ATO</a> <a href="https://infosec.exchange/tags/AccountTakeOver" class="mention hashtag" rel="nofollow noopener" target="_blank">#AccountTakeOver</a> <a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passwords</a> <a href="https://infosec.exchange/tags/SharedSecrets" class="mention hashtag" rel="nofollow noopener" target="_blank">#SharedSecrets</a> <a href="https://infosec.exchange/tags/AsymmetricCryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#AsymmetricCryptography</a> <a href="https://infosec.exchange/tags/SubDomains" class="mention hashtag" rel="nofollow noopener" target="_blank">#SubDomains</a> <a href="https://infosec.exchange/tags/DanglingSubDomains" class="mention hashtag" rel="nofollow noopener" target="_blank">#DanglingSubDomains</a>

Erik van Straten<a href="https://sigmoid.social/@oliversampson" class="u-url mention" rel="nofollow noopener" target="_blank">@oliversampson</a> <a href="https://cathode.church/@kaye" class="u-url mention" rel="nofollow noopener" target="_blank">@kaye</a> Primary passkeys advantage: • With some uncommon exceptions, you cannot (be persuaded to) log in to a phishing website with a (slightly) different domain name *USING A PASSKEY* (see below) - because software (not you) checks the domain name.Some passkeys disadvantages: • Typically you yourself do not have access to each passkey's private key (*)(usually you can't back them up/export them). Risks: vendor lock-in and losing access to accounts.• Because there's a risk of losing access to passkeys and thus to accounts, usually accounts can also be accessed using a rescue code - which renders them phishable again.• Implementation errors (both Apple and Android suffered from them, and probably still do - I did not check today).(*) For each new passkey, your device generates a unique complementary keypair. The public key is stored in your account on the server and is used to verify that your device has access to the complementary private key, which is kept secret. However, even if attackers do not have access to your private key(s), there are other ways for them to obtain access your account(s).A reasonable alternative to passkeys is using a password manager that "integrates" with the browser to verify the domain name of the site you're logging in to. Android and iOS "Autofill" provide such a bridge between password managers and browsers (without requiring browser plug-ins).<a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passkeys</a> <a href="https://infosec.exchange/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PasswordManagers</a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainNames</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a>

Erik van Straten<a href="https://infosec.exchange/@tychotithonus" class="u-url mention" rel="nofollow noopener" target="_blank">@tychotithonus</a> : thank you for responding. I'm not trying to be aggressive but to make the internet safer.In your original toot, you wrote: "It's comforting to know that I'm significantly protected from these attempts" while showing phishing messages.From <a href="https://blog.talosintelligence.com/how-are-attackers-trying-to-bypass-mfa/" rel="nofollow noopener" translate="no" target="_blank">https://blog.talosintelligence.com/how-are-attackers-trying-to-bypass-mfa/</a> (a year ago): "In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication (MFA) were involved in nearly half of all security incidents that our team responded to in the first quarter of 2024".From my own research I know that the number of phishing-sites is exploding. PhaaS makes it easy to take over accounts where weak MFA is used.The more people use weak MFA, the more of these sort of attacks we'll be seeing. IOW, the security of weak MFA (TOTP, SMS, number matching) will decrease over time (it does since Alex Weinert wrote this in 2019: <a href="https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124" rel="nofollow noopener" translate="no" target="_blank">https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124</a>).Furthermore, from the page referenced by you, <a href="https://meta.wikimedia.org/wiki/Steward_requests/Global_permissions#Requests_for_2_Factor_Auth_tester_permissions" rel="nofollow noopener" translate="no" target="_blank">https://meta.wikimedia.org/wiki/Steward_requests/Global_permissions#Requests_for_2_Factor_Auth_tester_permissions</a>: "Testing this service may result in the loss of your access and is not recommended for inexperienced users."TOTP effectively means a unique strong (server supplied) password per account that people can impossibly remember. A TOTP app simply is a disguised password manager.There have been lots of incidents where people lost access to multiple MFA-proteced accounts because they lost access to the shared secrets on their phones. Nobody tells people to make sure that backups are made of such secrets, let alone in a secure and privacy-respecting manner.Note: a lot of TOTP apps had serious security issues a couple of years ago, as documented by Conor Gilsenan et al. in <a href="https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan" rel="nofollow noopener" translate="no" target="_blank">https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan</a> (source: <a href="https://infosec.exchange/@conorgil/109542074585730853" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@conorgil/109542074585730853</a>). I doubt that things have significantly improved (Authy was really bad, and at the time, Google's app blocked backups of the shared secrets).Here's an, IMO, way better advice: use a password manager that checks the domain name. Use it to generate long random passwords, and make sure that it's (encrypted) database is backed up after every change you make.I wrote about the caveats of password managers in, for example, <a href="https://infosec.exchange/@ErikvanStraten/113022180851761038" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113022180851761038</a>.Recommending people to use TOTP because they use weak passwords is a bad idea IMO: you effectively make them use a password manager (which a TOTP app is, while it does not check domain names) instead of solving the primary problem: weak passwords.<a href="https://infosec.exchange/@conorgil" class="u-url mention" rel="nofollow noopener" target="_blank">@conorgil</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#TOTP</a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#WeakMFA</a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#Weak2FA</a> <a href="https://infosec.exchange/tags/ATO" class="mention hashtag" rel="nofollow noopener" target="_blank">#ATO</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/Evilginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#Evilginx</a> <a href="https://infosec.exchange/tags/PhaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhaaS</a>

Erik van Straten<a href="https://infosec.exchange/@tychotithonus" class="u-url mention" rel="nofollow noopener" target="_blank">@tychotithonus</a> : can you explain which protection(s) are provided by weak MFA? <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#TOTP</a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#WeakMFA</a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#Weak2FA</a> <a href="https://infosec.exchange/tags/ATO" class="mention hashtag" rel="nofollow noopener" target="_blank">#ATO</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/Evilginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#Evilginx</a>

Ay Papi 🔞 Parental Advisory<a class="u-url mention" href="https://www.minds.com/unit15" rel="nofollow noopener" target="_blank">@unit15</a> It's unfortunate that you're hosted on a <a class="hashtag" href="https://miniwa.moe/tag/cloudflare" rel="nofollow noopener" target="_blank">#Cloudflare</a> <a class="hashtag" href="https://miniwa.moe/tag/mitm" rel="nofollow noopener" target="_blank">#MITM</a> controlled and <a class="hashtag" href="https://miniwa.moe/tag/centralised" rel="nofollow noopener" target="_blank">#centralised</a> server. I would have loved to enhance the visibility of several of your posts

Insecurity Princess 🌈💖🔥"If your reports don't feel safe, they won't tell you" — This is one of the clearest and most important pieces of advice I've heard for managers.It's a perfect illustration of the "monster in the middle dilemma for navigating both social and organizational/authoritative power dynamics as a manager. Power dynamics are the monster in the middle — and if a manager doesn't actively work to mitigate that, they will fail to operate effectively as a manager. It's not something anyone can fix or prevent, it's an inevitable, inescapable aspect of the management threat model. <a href="https://infosec.exchange/tags/mitm" class="mention hashtag" rel="nofollow noopener" target="_blank">#mitm</a>

Erik van Straten<a href="https://hachyderm.io/@apicultor" class="u-url mention" rel="nofollow noopener" target="_blank">@apicultor</a> wrote:"Much like with Webauthn, that's not how it works. You can't just capture and replay it."WebAuthn is TOFU (there is a reason that phishing domain names such as • mypasskey[.]info • passkeysetup[.]com exist). In WebAuthn a unique asymmetric key pair is bound to (part of the) domain name. AitM attacks are possible if an attacker illegitimately obtains a certificate for the domain name (examples can be found in <a href="https://infosec.exchange/@ErikvanStraten/112914050216821746" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/112914050216821746</a>).EDIW is in no way comparable to WebAuthn, among other reasons because:1) It's not even TOFU: it does not remember.2) AFAIK EDIW "relying party authentication" is optional.<a href="https://noc.social/@hlindqvist" class="u-url mention" rel="nofollow noopener" target="_blank">@hlindqvist</a> <a href="https://infosec.exchange/tags/EDIW" class="mention hashtag" rel="nofollow noopener" target="_blank">#EDIW</a> <a href="https://infosec.exchange/tags/EUDIW" class="mention hashtag" rel="nofollow noopener" target="_blank">#EUDIW</a> <a href="https://infosec.exchange/tags/eID" class="mention hashtag" rel="nofollow noopener" target="_blank">#eID</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener" target="_blank">#DVcerts</a> <a href="https://infosec.exchange/tags/DomainValidation" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainValidation</a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener" target="_blank">#BrowsersSuck</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/RP" class="mention hashtag" rel="nofollow noopener" target="_blank">#RP</a> <a href="https://infosec.exchange/tags/RelyingParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#RelyingParty</a> <a href="https://infosec.exchange/tags/RelyingPartyAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#RelyingPartyAuthentication</a>

Erik van Straten<a href="https://chaos.social/@zhenech" class="u-url mention" rel="nofollow noopener" target="_blank">@zhenech</a> : you are mistaken.You DID successfully browse to <a href="https://www.brother-usa.com" rel="nofollow noopener" translate="no" target="_blank">https://www.brother-usa.com</a>. Your browser had a succesful https connection to mentioned domain, without certificate errors.<a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLS</a> <a href="https://infosec.exchange/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#E2EE</a>

MatrixHello, readers and followers. Last week, feeling rather bored, I decided to write a small <a href="https://github.com/if-you-want-peace-prepare-for-war/decentraliseFediverse" rel="nofollow noopener" target="_blank">script</a> to assist in identifying centralised servers within the fediverse. This is particularly useful as the fediverse is intended to be free, open, and decentralised, in order to safeguard democracy, free speech, and, most importantly, to protect democracy and human freedom, which are <a href="https://kb.mypdns.org/articles/MPDNS-A-2" rel="nofollow noopener" target="_blank">fundamental human rights and online privacy</a>. At this stage, the script identifies centralised and privacy-invasive servers operating on the <a href="https://matrix.rocks/tags/MITM" rel="nofollow noopener" target="_blank">#MITM</a> networks of AWS, CloudFlare, and Azure (Microsoft). By now, we should all be aware that these networks are detrimental to privacy, as they do everything possible to identify you for the purpose of collecting your <a href="https://kb.mypdns.org/articles/MTX-A-79" rel="nofollow noopener" target="_blank">Personally Identifiable Information (PII)</a>, fingerprinting your browsers, and censoring the internet for those who refuse to be part of the walled garden. The results from running the collection of previously connected servers to my fediverse instance are as in the file attached <a href="https://matrix.rocks/tags/fediverse" rel="nofollow noopener" target="_blank">#fediverse</a> <a href="https://matrix.rocks/tags/freespeech" rel="nofollow noopener" target="_blank">#freespeech</a> <a href="https://matrix.rocks/tags/decentralization" rel="nofollow noopener" target="_blank">#decentralization</a> <a href="https://matrix.rocks/tags/cloudflare" rel="nofollow noopener" target="_blank">#cloudflare</a> <a href="https://matrix.rocks/tags/crimeflare" rel="nofollow noopener" target="_blank">#crimeflare</a> <a href="https://matrix.rocks/tags/infosec" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://matrix.rocks/tags/privacy" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://matrix.rocks/tags/azure" rel="nofollow noopener" target="_blank">#azure</a> <a href="https://matrix.rocks/tags/aws" rel="nofollow noopener" target="_blank">#aws</a> <a href="https://matrix.rocks/tags/amazon" rel="nofollow noopener" target="_blank">#amazon</a> <a href="https://matrix.rocks/tags/onlineprivacy" rel="nofollow noopener" target="_blank">#onlineprivacy</a> <a href="https://matrix.rocks/tags/privacymatters" rel="nofollow noopener" target="_blank">#privacymatters</a> <a href="https://matrix.rocks/tags/democracy" rel="nofollow noopener" target="_blank">#democracy</a> <a href="https://matrix.rocks/tags/protectdemocracy" rel="nofollow noopener" target="_blank">#protectdemocracy</a>

Kevin Karhan :verified:<a href="https://mastodon.neilzone.co.uk/@neil" class="u-url mention" rel="nofollow noopener" target="_blank">@neil</a> OFC it isn't technically feasible wothout <a href="https://infosec.space/tags/MITM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MITM</a>'ing every connection and even then if people do proper <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#E2EE</a> they can still do nefarious shit.<ul><li>The problem are what people do to other people, not that they use the Internet for it!</li></ul>

Erik van StratenPublic key cryptografie voor lekenHet is een beetje behelpen met "ASCII graphics", maar in <a href="https://www.security.nl/posting/884482/Public+keys+voor+leken" rel="nofollow noopener" translate="no" target="_blank">https://www.security.nl/posting/884482/Public+keys+voor+leken</a> probeer ik, ook aan minder digitaal vaardigen, uit te leggen hoe asymmetrische cryptografie werkt.Doe er uw voordeel mee, want deze techniek is een belangrijk fundament van de steeds verder digtaliserende maatschappij.U leert hoe een digitale handtekening werkt en wat een digitaal certificaat is.Veel te weinig mensen begrijpen dat goed, en dat bemoeilijkt een fatsoenlijke discussie over deze technieken enorm.Big tech is de lachende derde: zij maximaliseren hun winsten terwijl alle risico's voor uw rekening komen.<a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener" target="_blank">#DVcerts</a> <a href="https://infosec.exchange/tags/EchtVanNepKunnenOnderscheiden" class="mention hashtag" rel="nofollow noopener" target="_blank">#EchtVanNepKunnenOnderscheiden</a> <a href="https://infosec.exchange/tags/NepVanEchtKunnenOnderscheiden" class="mention hashtag" rel="nofollow noopener" target="_blank">#NepVanEchtKunnenOnderscheiden</a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#NepWebsites</a> <a href="https://infosec.exchange/tags/BankHelpdeskFraude" class="mention hashtag" rel="nofollow noopener" target="_blank">#BankHelpdeskFraude</a> <a href="https://infosec.exchange/tags/OnlineOplichting" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnlineOplichting</a> <a href="https://infosec.exchange/tags/EDIW" class="mention hashtag" rel="nofollow noopener" target="_blank">#EDIW</a> <a href="https://infosec.exchange/tags/EUDIW" class="mention hashtag" rel="nofollow noopener" target="_blank">#EUDIW</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/BasisKennis" class="mention hashtag" rel="nofollow noopener" target="_blank">#BasisKennis</a> <a href="https://infosec.exchange/tags/Encryptie" class="mention hashtag" rel="nofollow noopener" target="_blank">#Encryptie</a> <a href="https://infosec.exchange/tags/Cryptografie" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cryptografie</a> <a href="https://infosec.exchange/tags/DigitaleVaardigheden" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitaleVaardigheden</a> <a href="https://infosec.exchange/tags/PublicKeyCryptografie" class="mention hashtag" rel="nofollow noopener" target="_blank">#PublicKeyCryptografie</a> <a href="https://infosec.exchange/tags/AsymmetrischeCryptografie" class="mention hashtag" rel="nofollow noopener" target="_blank">#AsymmetrischeCryptografie</a> <a href="https://infosec.exchange/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivateKey</a> <a href="https://infosec.exchange/tags/PubliekeSleutel" class="mention hashtag" rel="nofollow noopener" target="_blank">#PubliekeSleutel</a> <a href="https://infosec.exchange/tags/PrivateSleutel" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivateSleutel</a>

ADMIN magazineThe developers of the mitmproxy tool describe it as the Swiss army knife for debugging, testing, data protection analysis, and penetration testing HTTP(S) connections. Holger Reibold shows you how mitmproxy can be a useful addition to your security toolbox. <a href="https://www.admin-magazine.com/Archive/2025/85/Traffic-analysis-with-mitmproxy?utm_source=mlm" rel="nofollow noopener" translate="no" target="_blank">https://www.admin-magazine.com/Archive/2025/85/Traffic-analysis-with-mitmproxy?utm_source=mlm</a> <a href="https://hachyderm.io/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://hachyderm.io/tags/mitmproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#mitmproxy</a> <a href="https://hachyderm.io/tags/debugging" class="mention hashtag" rel="nofollow noopener" target="_blank">#debugging</a> <a href="https://hachyderm.io/tags/testing" class="mention hashtag" rel="nofollow noopener" target="_blank">#testing</a> <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://hachyderm.io/tags/proxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#proxy</a> <a href="https://hachyderm.io/tags/MITM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MITM</a>

Kevin Karhan :verified:<a href="https://mk.absturztau.be/@Linux" class="u-url mention" rel="nofollow noopener" target="_blank">@Linux</a> <a href="https://infosec.space/tags/ClownFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#ClownFlare</a> is literally a <a href="https://infosec.space/tags/ValueRemoving" class="mention hashtag" rel="nofollow noopener" target="_blank">#ValueRemoving</a> <a href="https://infosec.space/tags/RentSeeker" class="mention hashtag" rel="nofollow noopener" target="_blank">#RentSeeker</a> that <a href="https://infosec.space/tags/MITM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MITM</a>'s traffic to capture <a href="https://infosec.space/tags/Logins" class="mention hashtag" rel="nofollow noopener" target="_blank">#Logins</a> in <a href="https://infosec.space/tags/PlainText" class="mention hashtag" rel="nofollow noopener" target="_blank">#PlainText</a> & also acts as <a href="https://infosec.space/tags/RogueISP" class="mention hashtag" rel="nofollow noopener" target="_blank">#RogueISP</a> hosting everything from <a href="https://infosec.space/tags/CSAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#CSAM</a> to <a href="https://infosec.space/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercrime</a> and <a href="https://infosec.space/tags/Terrorism" class="mention hashtag" rel="nofollow noopener" target="_blank">#Terrorism</a>.<ul><li>There is no legitimate reason to use <a href="https://infosec.space/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a> for anything!</li></ul>

Ay Papi 🔞 Parental Advisory<a class="u-url mention" href="https://www.minds.com/aussie55" rel="nofollow noopener" target="_blank">@aussie55</a> Charlee Fraser Photo: Isa Sanchez<a class="hashtag" href="https://miniwa.moe/tag/cloudflarefree" rel="nofollow noopener" target="_blank">#cloudflareFree</a> unlike <a class="hashtag" href="https://miniwa.moe/tag/minds" rel="nofollow noopener" target="_blank">#minds</a>, which is yet another <a class="hashtag" href="https://miniwa.moe/tag/fediverse" rel="nofollow noopener" target="_blank">#fediverse</a> server controlled by <a class="hashtag" href="https://miniwa.moe/tag/cloudflare" rel="nofollow noopener" target="_blank">#cloudflare</a>. <a class="hashtag" href="https://miniwa.moe/tag/mitm" rel="nofollow noopener" target="_blank">#mitm</a> <a class="hashtag" href="https://miniwa.moe/tag/insecure" rel="nofollow noopener" target="_blank">#insecure</a> <a class="hashtag" href="https://miniwa.moe/tag/pii" rel="nofollow noopener" target="_blank">#PII</a> <a class="hashtag" href="https://miniwa.moe/tag/infosec" rel="nofollow noopener" target="_blank">#infosec</a> <a class="hashtag" href="https://miniwa.moe/tag/censorship" rel="nofollow noopener" target="_blank">#censorship</a><ul><li>Stay away from CrimeFlare <a href="https://kb.mypdns.org/articles/MTX-A-73" rel="nofollow noopener" target="_blank">https://kb.mypdns.org/articles/MTX-A-73</a></li><li>Fundamental Human Rights and Online Privacy <a href="https://kb.mypdns.org/articles/MPDNS-A-2" rel="nofollow noopener" target="_blank">https://kb.mypdns.org/articles/MPDNS-A-2</a></li></ul>

Ay Papi 🔞 Parental Advisory<a class="u-url mention" href="https://www.minds.com/aussie55" rel="nofollow noopener" target="_blank">@aussie55</a> <a class="hashtag" href="https://miniwa.moe/tag/nudephotography" rel="nofollow noopener" target="_blank">#nudephotography</a> <a class="hashtag" href="https://miniwa.moe/tag/nudeartphotography" rel="nofollow noopener" target="_blank">#nudeartphotography</a> <a class="hashtag" href="https://miniwa.moe/tag/nudeartist" rel="nofollow noopener" target="_blank">#nudeartist</a> <a class="hashtag" href="https://miniwa.moe/tag/femaleform" rel="nofollow noopener" target="_blank">#femaleform</a> <a class="hashtag" href="https://miniwa.moe/tag/bodyart" rel="nofollow noopener" target="_blank">#bodyart</a> <a class="hashtag" href="https://miniwa.moe/tag/artnude" rel="nofollow noopener" target="_blank">#artnude</a> <a class="hashtag" href="https://miniwa.moe/tag/artisticnude" rel="nofollow noopener" target="_blank">#artisticnude</a> <a class="hashtag" href="https://miniwa.moe/tag/nudebeauty" rel="nofollow noopener" target="_blank">#nudebeauty</a> <a class="hashtag" href="https://miniwa.moe/tag/womeninnudeart" rel="nofollow noopener" target="_blank">#womeninnudeart</a> <a class="hashtag" href="https://miniwa.moe/tag/eroticart" rel="nofollow noopener" target="_blank">#eroticart</a> <a class="hashtag" href="https://miniwa.moe/tag/cloudflarefree" rel="nofollow noopener" target="_blank">#cloudflareFree</a> unlike <a class="hashtag" href="https://miniwa.moe/tag/loforo" rel="nofollow noopener" target="_blank">#loforo</a>, which is a centrtalized <a class="hashtag" href="https://miniwa.moe/tag/cloudflared" rel="nofollow noopener" target="_blank">#cloudflared</a> controlled. <a class="hashtag" href="https://miniwa.moe/tag/mitm" rel="nofollow noopener" target="_blank">#mitm</a> <a class="hashtag" href="https://miniwa.moe/tag/insecure" rel="nofollow noopener" target="_blank">#insecure</a><ul><li><a href="https://kb.mypdns.org/articles/MTX-A-73" rel="nofollow noopener" target="_blank">https://kb.mypdns.org/articles/MTX-A-73</a></li><li><a href="https://kb.mypdns.org/articles/MPDNS-A-2" rel="nofollow noopener" target="_blank">https://kb.mypdns.org/articles/MPDNS-A-2</a></li></ul>

Ay Papi 🔞 Parental Advisory<a class="u-url mention" href="https://sloshed.loforo.com" rel="nofollow noopener" target="_blank">@sloshed</a> <a class="hashtag" href="https://miniwa.moe/tag/nudephotography" rel="nofollow noopener" target="_blank">#nudephotography</a> <a class="hashtag" href="https://miniwa.moe/tag/nudeartphotography" rel="nofollow noopener" target="_blank">#nudeartphotography</a> <a class="hashtag" href="https://miniwa.moe/tag/nudeartist" rel="nofollow noopener" target="_blank">#nudeartist</a> <a class="hashtag" href="https://miniwa.moe/tag/femaleform" rel="nofollow noopener" target="_blank">#femaleform</a> <a class="hashtag" href="https://miniwa.moe/tag/bodyart" rel="nofollow noopener" target="_blank">#bodyart</a> <a class="hashtag" href="https://miniwa.moe/tag/artnude" rel="nofollow noopener" target="_blank">#artnude</a> <a class="hashtag" href="https://miniwa.moe/tag/artisticnude" rel="nofollow noopener" target="_blank">#artisticnude</a> <a class="hashtag" href="https://miniwa.moe/tag/nudebeauty" rel="nofollow noopener" target="_blank">#nudebeauty</a> <a class="hashtag" href="https://miniwa.moe/tag/womeninnudeart" rel="nofollow noopener" target="_blank">#womeninnudeart</a> <a class="hashtag" href="https://miniwa.moe/tag/eroticart" rel="nofollow noopener" target="_blank">#eroticart</a> <a class="hashtag" href="https://miniwa.moe/tag/cloudflarefree" rel="nofollow noopener" target="_blank">#cloudflareFree</a> unlike <a class="hashtag" href="https://miniwa.moe/tag/loforo" rel="nofollow noopener" target="_blank">#loforo</a>, which is a centrtalized <a class="hashtag" href="https://miniwa.moe/tag/cloudflared" rel="nofollow noopener" target="_blank">#cloudflared</a> controlled. <a class="hashtag" href="https://miniwa.moe/tag/mitm" rel="nofollow noopener" target="_blank">#mitm</a> <a class="hashtag" href="https://miniwa.moe/tag/insecure" rel="nofollow noopener" target="_blank">#insecure</a><ul><li><a href="https://kb.mypdns.org/articles/MTX-A-73" rel="nofollow noopener" target="_blank">https://kb.mypdns.org/articles/MTX-A-73</a></li><li><a href="https://kb.mypdns.org/articles/MPDNS-A-2" rel="nofollow noopener" target="_blank">https://kb.mypdns.org/articles/MPDNS-A-2</a></li></ul>

Recent searches

Search options

Administered by:

Server stats:

#mitm