Discover and read the best of Twitter Threads about #netsec

Most recents (8)

You're job CAN be your life but it doesn't have to be.

I enjoy my job, I'm good at my job, but I do it so I can support my family.
Can Apple and Android get their emoji game in order? I'm getting sick of seeing crossed out boxes
It's odd how often accepting people comes with stipulations.
Read 1019 tweets
Secure cloud storage is mostly a lie until cryptographic splitting becomes the default standard. en.wikipedia.org/wiki/Cryptogra…

#netsec #security #privacy #future #soon #cloud #evolve #adapt
The major cloud storage platforms will push back against this necessary step forward. Cryptographic Splitting inherently reduces each cloud provider's revenue stream by pitting them with-and-against their competitors. And the end user comes out on top.
The basics of it:
-DataX is encrypted on the user end.
-Every other byte splits off (goes into either FileA or FileB. Like: A-B-A-B-A-B-A-...).
-Both resulting files are then, again, encrypted.
-FileA is stored within Amazon's Cloud.
-FileB is stored within Microsoft's Cloud.
Read 6 tweets
#netsec people,

Something western/allied forces could probably benefit from, but could never actually ask for, is "cover" material coming from regular internet folk who have never had actual contact with them or related training.

Noise for the adversary to wade through.
The good guys/gals cannot request it. The request alone creates a trail that can be followed. The request would possibly then lead to legal complications and headaches. And there would always be a risk of accidentally making such a request to a covert adversary, which is bad bad.
So, "let's give them enough and on time."

The name of the game is overlapping wordplay enticement which becomes a time wasting blackhole for the curious adversary of Democracy.

Be Charybdis.
Read 3 tweets
#netsec thought-

These days it always feels bad to when you have to download any compiled executable. Even if you're paranoid and validate the download with a signature/hash from the publisher (when available), you're still relying on the integrity of that displayed string...
So, here's the idea: It should become standard baseline practice that, whenever a precompiled executable must be downloaded:
1. the to-be-downloaded "package" should be encrypted on the server side,
2. sig/hash/checksum then calculated and communicated to the client downloader.
3. Then the download of the encrypted package happens (after the validation sig/hash specific to that unique one-time-key-encrypted package has been communicated).
4. Only after successful download and verification against hash, then the decrypt key should be sent.
Read 6 tweets
I have one half of a cool #netsec idea. Need someone to come up with the other half.
I've recently registered a domain name similar to "i1l1il11llii1li11l11i11ili1i1l1il11llii1li11l11i11ili1liil1...com".
The idea being that this is a url which will never be typed out manually.
The domain is simply too long and has randomly sequenced similar characters. Depending on font, the characters could be indistinguishable.
So, knowing that any visitors to that site will have either copied/pasted the domain or clicked a link, what kind of extra specialness could be done or details gleaned via logic?
Read 4 tweets
(#netsec) Help me play devil's advocate and poke holes in this.
The theoretical idea is that privacy-focused proxies could consider sending out duplicated response traffic in addition to sending real response packets back to real requester.
This would multiply the efforts necessary to trace a connection back to the real source, and would have a frustrating effect on oppressive regimes while also providing additional layers of plausible deniability for end users.
I've broken it down into simple form in these two masterpiece illustrations.

The webserver never needs to know the IP address of the real requester and anyone taking logs off the proxy now has additional dead-end paths to chase (whether it's two decoy paths or a hundred).
Read 5 tweets
#netsec related concept/idea: Anyone know of a framework in which each containerized microservice depends on a checksum value of other neighboring containers?
This would be an anti-tampering/anti-exploitation technique where, if anything changes in a mission critical service, everything around it breaks, outside connections are killed, and it is all immediately regenerated with replacement containers set to the known-good state.
Self-regenerating segment clusters to guarantee integrity across a wide chain of interacting microservices.
Read 3 tweets
#Netsec question regarding Dropbox and other similar bigname file sync/storage platforms:
What do you suppose the odds are that monitoring the response time of rapid, dynamic, low kb file uploads could result in piecing together larger already-existing files in other accounts?
Because, for example, Dropbox reportedly does a sort of hidden backend de-duplication trick where if an already-uploaded file has a hash matching a new upload, the new one simply results in the second account being assigned "access" to the stored copy (but can't affect original).
This function makes me curious if there is a potential unforeseen downside as a result of:
backend de-duplication + stream chunking + varying response times based on if there is an existing previous upload + uploading a massive amount of individual "chunks".
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!