Discover and read the best of Twitter Threads about #MITM

Most recents (3)

โš ๏ธ A browser extension is always a double-edged sword.

In general, there isn't much to disagree with in what @panosmek has written in this fantastic thread, but here are few additional thoughts:

๐Ÿงต๐Ÿ‘‡ [1/13]
[2/13] Browser extensions in and of themselves can easily be the source of #exploits.

So, rather than securing your #browser session, increasing your #privacy, or acting as a warning tool before signing transactions, it may turn out to be your worst enemy.
[3/13] โ€” Attack Vectors โ€”

๐Ÿง There are merely two malicious concepts that will be exploited by #hackers to harm you while using #browser extensions:

๐Ÿ”ธ Supply-Chain attack
๐Ÿ”ธ Man-in-the-middle attack
Read 14 tweets
[1/๐Ÿงต] A brief #thread on how to properly download and verify your newest #IOTA #Firefly Windows version. ๐Ÿ˜‰ Source: https://block-builders.de/iota-wallet-firefly-jetzt-
[2/10] You might be wondering why @iota doesn't allow you to download & upgrade the version via the client.

To be honest, this would definitely improve usability (#UX), but it would also need the user to trust the DL content.

That is precisely what we do not want with #crypto. Source: https://firefly.iota.org/
[3/10] Who knows whether the network path from #github to your PC wasn't intercepted and a man in the middle (#MITM) replaced your downloaded program with a slightly different one.

To ensure that the program you are installing is the one meant for you, verify the #hashes. ๐Ÿ‘€ Source: https://dev.to/pixiumdigital/cyber-security-introduc
Read 11 tweets
On facebook's data privacy. I have never installed facebook or instagram on my android test phone yet zuckerberg and co won't leave me alone. How do i know, because i proxied web traffic through a mitm tool and caught fb sending data about my phone to its data centers. Here's how
Facebook leverages its sdk installed across diverse apps to create and maintain profiles of consumers even if they don't use any of its apps. In my case, the culprit is an English Premier League app. Data sent to facebook datacenters includes phone orientation in 3d space - x,y,z
Battery stats, rooted/non-rooted, GDPR applicability - no in my case, my location, app with fb sdk, time, phone model, consent status - of course this rides on consent granted to app with fb sdk. Sneaky imho, among other data points. Where is all this data sent to,
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!