@fs0c131y's Threads
"I just discovered this guy existed [..] He is reckless and his methods on how to report vulnerabilities is unethical"
You have no idea of what I'm doing. Keep your insults for you hater.
FYI:
1. I'm always trying to contact the company and give them a chance to fix their shit
You have no idea of what I'm doing. Keep your insults for you hater.
FYI:
1. I'm always trying to contact the company and give them a chance to fix their shit
2. Someone who found a vulnerability is free to do what he want to do with it. Life is not black and white
3. With my "unethical" methods, I found and help fixed bugs in big Android apps from everywhere, impacting millions of persons
4. I also raised awareness about cybersecurity
3. With my "unethical" methods, I found and help fixed bugs in big Android apps from everywhere, impacting millions of persons
4. I also raised awareness about cybersecurity
5. Fuck you
<Thread> As the problem has been fixed, I can disclose the security issue I found in one of the Vatican app.
The app "El Camino del Corazón" is just a webview for a website called caminodelcorazon.church
1/
The app "El Camino del Corazón" is just a webview for a website called caminodelcorazon.church
1/
I opened the app and saw in the network requests that caminodelcorazon.church was based in @wordpress.
Thanks to @_WPScan_ I quickly scanned the website and... oopsie the registration on their website was enabled: caminodelcorazon.church/web/wp-login.p…
2/
Thanks to @_WPScan_ I quickly scanned the website and... oopsie the registration on their website was enabled: caminodelcorazon.church/web/wp-login.p…
2/
So I entered my username and my email to create a new profile
3/
3/
L’opacité dans laquelle tout ceci se déroule est insupportable. La menace sécuritaire n’est ici qu’un prétexte afin de servir les intérêts économiques de certains industriels. C’est votre liberté ici qui s’en va, tout cela sans le moindre débat public. lemonde.fr/pixels/article…
Tout ceci, légitime encore plus l’action qui est la mienne. Nous avons besoin de personnes pour informer et expliquer ces technologies et les dangers qu’elles comportent.
Prenons du recul et regardons ce qui se fait dans le monde depuis quelques années. Voulons nous demain manifester avec des parapluies comme à Hong Kong afin d’éviter la reconnaissance faciale?
My new website is online 😀 Feedback is more than welcome! fs0c131y.com
Thank you all for your feedbacks! I did some modifications:
- I added more articles in the Press page
- Resize the images in the Press page
- Set the page titles
- Remove the custom.css reference
- Improve the CVEs page
I hope I'm good for now 😅
- I added more articles in the Press page
- Resize the images in the Press page
- Set the page titles
- Remove the custom.css reference
- Improve the CVEs page
I hope I'm good for now 😅
I added a favicon 😅
1. @DevFestToulouse is a developer conference held in Toulouse. I analysed the tweets made with the word DevFestToulouse during the period 09/26 - 10/06.
2. In total:
- 603 tweeted
- 994 RT
- 74 Quotes
- 603 tweeted
- 994 RT
- 74 Quotes
3. The most influential twittos were:
- @DevFestToulouse
- @fs0c131y
- @CPUprogramme
- @stack_labs
- @ilaborie
- @AXILEO1
- @JimmyRobz
- @sebi2706
- @noel_mace
- @speekha
- @DevFestToulouse
- @fs0c131y
- @CPUprogramme
- @stack_labs
- @ilaborie
- @AXILEO1
- @JimmyRobz
- @sebi2706
- @noel_mace
- @speekha
1. Nous sommes passé de « Belle pièce de désinformation » à « ce qui me gêne dans cet article »... Ce n’est pas sérieux, surtout quand on est VP de la @cnnum.
Reprenons un peu les faits et débattons lieu de dire des bêtises
Reprenons un peu les faits et débattons lieu de dire des bêtises
2. A aucun moment l’article ne dit ou n’induit ça. Relisez le. Oui la France est une des premières à mettre en place ce type de système en Europe. Oui ça déclenche des peurs qui doivent être entendu. Non ce n’est pas obligatoire. Mais...
1. Bonjour M Babinet,
Il va falloir réviser ses devoirs à la @CNNum avant de crier à la fake news. Cette app existe bien, elle s’appelle #AliceM et elle est faite par @Place_Beauvau. Elle a même était annoncé publiquement par le Ministère de l’Interieur. Je l’ai...
Il va falloir réviser ses devoirs à la @CNNum avant de crier à la fake news. Cette app existe bien, elle s’appelle #AliceM et elle est faite par @Place_Beauvau. Elle a même était annoncé publiquement par le Ministère de l’Interieur. Je l’ai...
2. ...en ce moment même, littéralement installé sur mon tel... Je bosse sur le sujet depuis un moment, je vous invite a faire de même. Je serai ensuite ravie d’échanger avec vous sur le sujet.
Cordialement
Cordialement
PS: La technologie derrière #AliceM est made in USA et son développement a été financé par une entité du gouv américain. Je peux évidemment le démontrer techniquement.
1. Few days ago, I published this job offer. Someone thought, it can be smart to upload « a shell » instead of his CV
2. Instead of his CV, he uploaded this obfuscated php file pastebin.com/qm90vkZ7
3. After decoding you get this file pastebin.com/bVmxRJq7
I'm responding to my DMs right now, if I forget you ping me again
I spent the last hour to answer DMs, this is what happen when I don't handle my messages for 5 days
Thank you all for your very messages! You are the best!
1. During my last talk someone in the audience asked me if I was optimistic. Are you optimistic? Do you think the future will be better?
My answer is a clear no, let me explain why
My answer is a clear no, let me explain why
2. Public interest is not a thing for #infosec sector. Business is everywhere. A conference organizer told me recently: "We have difficulty to find people who want to talk and have nothing to sell"
3. There is a lot of money in this sector and everybody is trying to get a part of it. As said during the @defcon talk of @schneierblog, public interest should be one of the major concern of the #infosec sector.
What. The. Fuck. The transcript of the conversation between Trump and Zelenskyy games-cdn.washingtonpost.com/notes/prod/def…
Keep in mind, there is a disclaimer at the beginning of the memo: « Not a verbatim transcript of a discussion »
They discussed during 30 minutes
Je suis sur Paris aujourd’hui et demain. Si vous voulez discuter et / ou boire un verre, envoyez moi un DM!
La tristesse du temps parisien. Vous savez qu’il fait beau dans le reste du monde 😄?
Suite à mon 1er tweet, j’ai reçu une dizaine de messages. J’ai pas encore eu le temps de répondre désolé. Malheureusement ma journée est complète, mais je serai dispo demain matin pour un café (avant 10h)
1. Dans l'application Android #Alicem, la solution d'identité numérique Française aka "The French #Aadhaar", on trouve un système de démo de @Gemalto appelé "Utopia eGovernment Services". En plus, d'avoir un nom "inopportun", il possède un petit pb de sécurité
3. Apache Tomcat 9.0.0.M9 est loin d'être la dernière version, la version actuelle étant 9.0.26. D'après le changelog disponible sur le site d'Apache, elle date du 2016-07-12: tomcat.apache.org/tomcat-9.0-doc…
<Thread>
1. Two days ago, I started a new game called #AadhaarSafari. The game is simple. Find #Aadhaar cards available publicly. You receive bonus point if the cards are stored on a governmental website. Ofc, everyone can play, feel free to send me your findings by DM.
1. Two days ago, I started a new game called #AadhaarSafari. The game is simple. Find #Aadhaar cards available publicly. You receive bonus point if the cards are stored on a governmental website. Ofc, everyone can play, feel free to send me your findings by DM.
2. The goal of this game is remove these #Aadhaar cards from the public Internet and raise awareness around the need of protecting such personal documents. The goal is not to publish personal user data #AadhaarSafari
1. Tonight, my kid's teacher presented us a new website. This is a new trend, this website is used to publish photos of what kids are doing during the day, homework or news.
In 1 hour, I managed to get:
- children's names
- children's date of birth
- children's photos
In 1 hour, I managed to get:
- children's names
- children's date of birth
- children's photos
2. Of course, I also managed to get:
- parent's names
- parent's photos
- parent's names
- parent's photos
3. All the photos are stored in a bucket, no authentication needed...
1. Do you remember the skids who DDOS Wikipedia few days ago? Their Twitter account @UKDrillas has been suspended
3. Today, they updated the message saying « New Twitter up » but guess what?
Don’t engage with haters, with negative people in general. They are waiting your responses, they literally live for their little fights. Their hate don’t deserve any exposure.
Instead, we should all promote good people and the awesome work done by them.
Instead, we should all promote good people and the awesome work done by them.
Imo, the good answer to haters is almost always the block. Without interaction, they lose their fight, the only reason of their existence.
And this is ok. You have the right to block people. You are not running away. You choose your battle. By blocking people you decide that their little fights doesn’t deserve your time
What a suspense!
They are waiting the final confirmation but no signal so far
It doesn’t seems good :/
« Google’s post [...] creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case. » apple.com/newsroom/2019/…
Nothing technically changed, this is a communication war folks, that’s all. You can keep the drama for something else.
Google and Apple are 2 kids fighting in a playground
Official reaction of Geomeo, the company behind @cops_eye: « No software developing team available today. Can't react to your question »
BUT
- They restrict the access to the database
- The app is no more available on the PlayStore
Hey @cops_eye, the mugshots are STILL PUBLIC!
BUT
- They restrict the access to the database
- The app is no more available on the PlayStore
Hey @cops_eye, the mugshots are STILL PUBLIC!
Lol their deleted their twitter account too
Few seconds after this tweet, they deleted their Firebase instance…
What a joke…
The Indian government shouldn’t work with such amateurs
What a joke…
The Indian government shouldn’t work with such amateurs
Yesterday, thanks to the #ZAO app I created a video with my face on Sheldon Cooper. This morning, I deleted the video in the app (no more available in « My Creation » tab)
Guess what? #ZAO is not deleting your video. The video is still available online: zao.momocdn.com/zaovideo/BA/03…
Guess what? #ZAO is not deleting your video. The video is still available online: zao.momocdn.com/zaovideo/BA/03…
On @Weibo #Zao wrote:
« 4. If you choose to delete your data or account, "ZAO" will follow correct legal procedures to ensure the deletion of relevant data. »
They lied.
« 4. If you choose to delete your data or account, "ZAO" will follow correct legal procedures to ensure the deletion of relevant data. »
They lied.
Tic tac, tic tac, ...
7 hours after his deletion, my video is still available online
zao.momocdn.com/zaovideo/BA/03…
7 hours after his deletion, my video is still available online
zao.momocdn.com/zaovideo/BA/03…
It’s time for a thread about #ZAO, the new Chinese app which blew up since Friday. The app is accessible only to Chinese people for the moment but I managed to get an account ;)
This "AI facial" app allows you to add your face on predefined clip.
1/n
This "AI facial" app allows you to add your face on predefined clip.
1/n
Let’s start by the beginning, as far as I can see, #ZAO is NOT uploading your camera roll to their servers.
Yes, they upload the photo you use to create the deep fake to their server (which makes sense)
2/n
Yes, they upload the photo you use to create the deep fake to their server (which makes sense)
2/n
As said this morning and during the #FaceApp episode, for privacy reasons, don’t upload your face to a random app.
Yes, this is cool but once your face is uploaded you lose your rights on it. They can do whatever they want
3/n
Yes, this is cool but once your face is uploaded you lose your rights on it. They can do whatever they want
3/n
France: We will create #Alicem a super secure digital identification program, hire “la crème de la crème”. We are better than India, we will do better.
Me *laughing reading the question asked by their developer on StackOverflow*: And you expect me to believe you?
Me *laughing reading the question asked by their developer on StackOverflow*: And you expect me to believe you?
I never interact with her, who is she 🤔? What I did to be blocked? We live in a weird world.
I totally understand the value of the block function against someone offensive to you, I do it all the time. But I still don’t understand the « pro active block » 🤔
Meh 🤷♂️
