I'm gonna go to a Starbucks~~ see if I can flush out the new article today ^_^

So is trending on Masto :P

I think the most important thing for (especially technically apt) people to understand about InfoSec is how terrible humans are at isolating aspects of our life.

If you're on FB, they can probably infer your more "sensitive" info.

Working on a slightly controversial article about responsible disclosure :P

Daily reminder to be REALISTIC about security. Ain't nobody setting up Bitmessage or X-Raying their Novena boards to send nudes

Ok hi tech journalists, if some software/hardware organization/corporation releases a patch for Meltdown in their products, PLEASE don't report that as "a patch for meltdown and spectre" unless Spectre is ALSO patched. Thank you.

Much more secure because hex sets don't have a lot of lookalikes, and you can allow diverse vanity names in non-security sensitive contexts

Show thread

There's a trend to use unique numbers/hex-codes instead of usernames for identification. This is a good trend IMO

Show thread

Or something like that. There's more than one way to season tofu.

Show thread

Just use friggin Unicode and do uniqueness checks on similar/identical characters

Show thread

Going "heck people who use other languages" is a very bad way to patch your crappy username security policies.

Backwards compatibility is the root of all evils. All this unicode mess we experience? Wouldn't be an issue if we stopped trying to make computers backwards compatible with humans. Oh wait...

Humans are the source of most infosec issues in social media. The solution, obviously, is to remove humans from social media!


A piece of software strongly discouraging you from compiling from source is VERY sketch.

This thatoddmailbox.github.io/2018/ wouldn't have worked if people compiled the code themselves.

Also, trusting non-reproducible binaries from untrusted distributors is a bad idea. It doesn't matter if the software is open source in that case.

This is the official Mastodon of tofusec.me, an InfoSec blog ran by @alana .

This account will talk about InfoSec stuffs ^_^.


The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!