3·
1 day agoIt literally just takes a slightly different domain name. Lots of infosec pros have been phished when not paying attention
Natanael
Cryptography nerd
Fediverse accounts;
Natanael@slrpnk.net (main)
Natanael@infosec.pub
Natanael@lemmy.zip
Lemmy moderation account: @TrustedThirdParty@infosec.pub - !crypto@infosec.pub
@Natanael_L@mastodon.social
Bluesky: natanael.bsky.social
- 0 Posts
- 77 Comments
Joined 1 month ago
Cake day: January 18th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Passkeys use unique keys per site for that reason
TOTP codes can be phished, hardware security keys and passkey can’t
Google Chrome on PC can let you verify from the phone to unlock passkeys
TOTP can be phished remotely, passkeys / hardware security keys can’t (need to get malware into the users’ computer instead)
The synchronization part is the annoying part. And when you have multiple accounts on one site you can end up with multiple passkeys for it.
They’re using the same standard as FIDO2 / WebAuthn hardware security keys. The protocol is phishing resistant, unlike TOTP and similar one time code solutions.
I prefer the physical ones, because they’re easy to organize. Passkey synchronization can be annoying.
1·2 days agoThe scaling attack specifically can make a photo sent to you look innocent to you and malicious to the reviewer, see the link above
If finances also are separate it can be very quick
84·2 days agoOf course a group of people could use violence to oppress other people. But then you no longer have anarchy.
The irony is that the amount of coordination needed to protect anarchism would no longer be called anarchism
You will always end up recreating some form of organizations to manage resources. The best you can do is ensure those organizations are structured with accountability to make sure they’re fair to everybody
There’s basically ideologues versus hateful people versus indifferent sociopaths (overlap is common)
I consider political ideologues and “technocrats” and extremely pedantic rule-following bureaucrats to be different flavors of ideologues (has a specific worldview they try to enforce / uphold)
1·2 days agoI had Guinea pigs too. I’d slap down their little front paws on the keyboard to type
1·2 days agoWe don’t know if spacetime loops around or is infinite or has an expanding boundary. Best we got for reference is the cosmic background radiation, but it doesn’t tell us about any center
Yeah so here’s the next problem - downscaling attacks exists against those algorithms too.
Also, even if those attacks were prevented they’re still going to look through basically your whole album if you trigger the alert
Apple had it report suspected matches, rather than warning locally
It got canceled because the fuzzy hashing algorithms turned out to be so insecure it’s unfixable (easy to plant false positives)
14·5 days agoJudges can deputize if necessary
Found the alt for swiftonsecurity
https://github.com/bluesky-social/atproto/tree/main/packages/bsky
The old design was built to scale to a few million users. The new backend is revised to handle ~hundreds of millions. They’ll releasing bits and pieces at a time.
That’s literally no different from a regular password manager or having a 2FA TOTP code app set up for it