@cendyne@furry.engineer
@cendyne@furry.engineer avatar

cendyne

@cendyne@furry.engineer

#cryptography and cloud infrastructure naga #infosec #appsec
Not into internet fun money

This profile is from a federated server and may be incomplete. Browse more on the original instance.

cendyne, to random
@cendyne@furry.engineer avatar

AI content will answer any and every question with high confidence

cendyne, to security
@cendyne@furry.engineer avatar

JWT, the gift that keeps on giving.

https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/

cendyne,
@cendyne@furry.engineer avatar

@duco @Archivist

cendyne, to random
@cendyne@furry.engineer avatar

Researching / reimplementing a WIP to do registration for Fur Squared next year. This time with modern payment processing.

It is not as simple as getting a nonce anymore and charging it, if you want to support 3DS verification.

The state diagram I drew while figuring this redirect + back channel webhook stuff out feels like OpenID Connect. It is uncanny how the "secure" primitives of web browsing identity is a bunch of redirects and sometimes with back channels.

cendyne,
@cendyne@furry.engineer avatar

@Paxxi that part is intact. I refer to the whole story of what the client goes through to satisfy a transaction from any payment method.

ryanc, to random

New level of phone tree evil: "press a key every 60 seconds to remain on hold or your call will be dropped".

cendyne,
@cendyne@furry.engineer avatar

@ryanc @KayOhtie This is a horrific timeline

cendyne,
@cendyne@furry.engineer avatar

@ryanc It just occurred to me. This is a lot like the stale issue bot on github.

cendyne, to random
@cendyne@furry.engineer avatar

The use case for AI is to spam

cendyne, to random
@cendyne@furry.engineer avatar

Really?
Like I know people are getting acclimated to their windows start menu showing ads. But a soap dispenser?

cendyne, to random
@cendyne@furry.engineer avatar

Watched the Mario movie

My first thoughts were: The US CSB has educated me on the dangers of entering constrained spaces, especially pipes

My last thoughts were: wow that was a lot of references and nostalgia. It felt like a mass produced cookie: enjoyable in the moment, and forgotten after.

I guess that's what summer movies are supposed to be?

cendyne,
@cendyne@furry.engineer avatar

@anthracite oh no Obama has all the chaos emeralds

(Kids watching this twenty years from now): wtf why are you laughing

cendyne, to random
@cendyne@furry.engineer avatar

Imagine if Google supported anything for a decade

BlurTheFur, to random
@BlurTheFur@meow.social avatar

Spoons have been depleted, but I'll be going to the symphony later this evening, and that's always an energy boost 💙

cendyne,
@cendyne@furry.engineer avatar

@miunau @BlurTheFur you couldn't help yourself, could you.

soatok, to random
@soatok@furry.engineer avatar

Furry memes be like: "Call a bottom cute to get a secure password"

Meanwhile: https://gist.github.com/soatok/bf85a7e65f98213da0712be11ce35b1b

cendyne,
@cendyne@furry.engineer avatar

@soatok jjjjjx.h.xchjjixpp..kttknjknibijghcdpiyiecen

cendyne, to random
@cendyne@furry.engineer avatar

A debate that begins with "what if the vendor runs in us-east-1 and they go down" falls on its face when we only run in us-east-1

cendyne, to random
@cendyne@furry.engineer avatar

Someone wants me to die tomorrow by sending an 8th meeting with no prior notice or context

cendyne,
@cendyne@furry.engineer avatar

... I just dodged a 9th meeting tomorrow

I need a new job

cendyne,
@cendyne@furry.engineer avatar

@philpem the WFH culture has optimized out lunch on two days of the week

cendyne,
@cendyne@furry.engineer avatar

@philpem @itsOasus "lunch and learns" smh

cendyne, to random
@cendyne@furry.engineer avatar

Last public release of openssl 1.1.1

Time for Amazon to move 1000000 microservices to a newer version

cendyne,
@cendyne@furry.engineer avatar

@feld as you can imagine, just because there is a better maintained internal alternative does not mean the historic swamp of code, which has high turnover, had priority to migrate to another dependency in ways that may break the functionality of its customers.

cendyne,
@cendyne@furry.engineer avatar

@feld I know second hand that it is still in use and FIPS is part of it

cendyne, to random
@cendyne@furry.engineer avatar

Love to find masters thesis papers that plagiarize Microsoft documentation. Exact match on "The Length field in a TLV triplet identifies the number of bytes encoded in the Value field" in "Digital Certificates and Threshold Cryptography" from 2013.

cendyne, to DEFCON
@cendyne@furry.engineer avatar

Domain fronting — a surprise feature or defect where requests can come in for one host (over TLS) while the request (over HTTP) is for another — enables censorship circumvention in and obscures traffic by malware used against Ukraine.

Charles Miller shared his research in probing for domain fronting hosts at DEF CON's Crypto and Privacy village

Within is a summary of his presentation and a reflection on encrypted SNI, security through intentional design, and the reality that censorship circumvention requires dishonest behavior to succeed.

https://cendyne.dev/posts/2023-09-08-domain-fronting-through-azure-and-cloudflare.html

cendyne, to random
@cendyne@furry.engineer avatar

"... but can you run kubernetes on a yubikey?"

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • slotface
  • ngwrru68w68
  • everett
  • mdbf
  • modclub
  • rosin
  • khanakhh
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • Youngstown
  • GTA5RPClips
  • InstantRegret
  • provamag3
  • kavyap
  • ethstaker
  • osvaldo12
  • normalnudes
  • tacticalgear
  • cisconetworking
  • cubers
  • Durango
  • Leos
  • anitta
  • tester
  • megavids
  • lostlight
  • All magazines
    •