BarbossHack

@P4mui J’avais acheté le Pixel 8, mais 300ms de latence sur la synchro labiale en bluetooth, je l’ai renvoyé pour un iPhone (je suis un peu pointilleux 😌)

Je me demande si certains utilisateurs iOS seraient prêt à retenter l'expérience Android Car pour énormément : soit ils ont utilisé une très vieille version d'Android soit un très mauvais smartphone pas cher avant d'économiser pour un iPhone.. ce qui du coup ne montre pas la vraie expérience Android

Too bad that @session_app doesn’t have PFS (yet) 🙃

@topjohnwu Nice! And which tool do you use to flash the firmware?

Let me introduce samloader-rs: • Inspired by the Python samloader project • Download Samsung firmware directly from Samsung servers • Support downloading with multiple connections • Decrypt the file on-the-fly, no separate decryption step github.com/topjohnwu/saml…

After purchasing my Z Trifold, I discovered the existing open source tooling for Samsung firmware downloading is quite lacking in features. I didn't find any existing open source tool that supports parallel download + on-the-fly decryption. So I decided to build my own!

It looks like no one is actually testing @telegram reproducible builds against Play Store APKs. I found errors in their bundle process, and their apkfrombundle script always returns "APK has difference!" (don't get me wrong: no backdoors, just a broken bundle process)

@OreoB1scuit @_B13ss3d_ But you will still need a jailbroken iPhone to decrypt the IPA downloaded with ipatool. If you find a way to do it, I'm interested.

@_B13ss3d_ Thanks

how you guys get IPA file without IPhone for bug bounty ?

@ProtonSupport @SIGNAL_RETURN @ProtonMail Your statement contradicts itself. I’m not sure which part to believe.

This headline is misleading. Proton did not provide any information to the FBI. The Swiss government received a legal request involving a case where a police officer was shot, and explosives were found during an incident in 2024. Assaulting a police officer is a severe criminal offense, often treated more seriously than regular assault, raising the bar for legal assistance in the world. Even then, only payment info was disclosed which is optional on the account; no emails, messages, or content. If anything, this case proves how little data Proton actually holds. For users who want maximum anonymity, we accept cash and crypto.

I've been vocally critic of @ProtonMail. Exposure of them doxing a user today made me rethink how we can use the leaps in cryptography to achieve truly private email without changing SMTP. We did it. Provably private mail is coming. No more single point of failure. 🫡💛

@0xtiago_ @ProtonSupport @MwangiEMaina @ProtonVPN @ProtonMail Source: Proton. proton.me/support/does-p…

@BarbossHack @ProtonSupport @MwangiEMaina @ProtonVPN @ProtonMail do you have any source for this?

Hey @ProtonVPN, @ProtonMail you have something to say about this? You handed private data to the swiss government who handed it over to the FBI. so much for the so-called privacy!

@0xtiago_ @ProtonSupport @MwangiEMaina @ProtonVPN @ProtonMail Nope, only the body and attachments.

@BarbossHack @ProtonSupport @MwangiEMaina @ProtonVPN @ProtonMail everything is encrypted on proton afaik

@ProtonSupport @MwangiEMaina @ProtonVPN @ProtonMail You didn’t even give the email headers (Subject, From) ? They are not encrypted.

The Swiss government received a legal request involving a case where a police officer was shot, and explosives were found during an incident in 2024. Assaulting a police officer is a severe criminal offense, often treated more seriously than regular assault, raising the bar for legal assistance in the world. No service can operate entirely outside the law, and Swiss law requires compliance with valid legal orders in serious criminal cases. What we can promise is that the legal bar in Switzerland is among the highest in the world, and our architecture ensures we have as little data as possible to hand over. Only payment info was disclosed, which is optional on the account, no emails, no messages, no content. If anything, this case proves how little data Proton actually holds. For users who want maximum anonymity, we accept cash and crypto.

@kemar74 Le Nom du Vent 🤩 Il faudrait que je le relise d’ailleurs 📖

Some golden art for today, to rinse the soul.

@bortzmeyer Mais dans le ClientHello ya pas que le SNI, ya aussi des tonnes de paramètres que le client envoie, et dont les gens (@Cloudflare) se servent pour faire du fingerprint TLS (ja3/ja4); du coup c’est aussi la fin du fingerprint TLS ?

RFC 9849: TLS Encrypted Client Hello Quand un client #TLS se connecte, il envoie en clair au serveur le nom utilisé, le #SNI. Ce #RFC fournit une solution, #ECH (Encrypted Client Hello), qu'on pourrait traduire par « salutation chiffrée ». bortzmeyer.org/9849.html

@Numerama C’est faux, vous devriez corriger votre article erroné 👍 « Les frais d’inactivité ne s’appliqueront pas aux clients présents avant le lancement de Sumeria » « les frais d’inactivité ne seront pas prélevés sur les comptes de type porte-monnaies Lydia » sumeria.eu/blog/non-class…

Rappel : il vous reste peu de temps pour fermer votre compte Lydia / Sumeria avant l'application des frais d'inactivité. Et non, désinstaller l'appli ne suffit pas à clôturer le dossier.

@Ced_haurus BreachForum (BF) c'est en fait BasicFit mais je peux pas le prouver 👀

Ce ne sont plus les boîtes qui vous informe d’une fuite de données mais les hackers eux-mêmes 😑 Et ils se paient le luxe de faire de la prévention. Tout va bien.

@OreoB1scuit Maybe @CorelliumHQ

✨ La Quête d’Ewilan débarque en série animée ! Fidèle adaptation du roman de Pierre Bottero, à découvrir dès maintenant sur France.tv et Okoo (France), Auvio (Belgique) et Play RTS (Suisse). 🌀 Propulsée dans le monde de Gwendalavir à seulement 13 ans, Camille voit son destin basculer et apprend la vérité sur ses origines. Cette sortie marque le tout premier chapitre de la collaboration entre Ankama Animations et Andarta Pictures. ❤

@BastiUi @DFintelligence Le violet en fondu ça fait trop site web Saas, le dernier ça fait trop roman policier, le blanc ne se démarque pas assez, le vert est génial 🟢

Voilà quelques idées de cover pour le livre de @DFintelligence, vous préférez laquelle ? PS : ce n'est pas le vrai titre du livre pour pas leak

@seblatombe C’est bien de donner une tribune à ces hackers pour qu’ils puissent se faire mousser 👍

⏰ À 9h, je publie un thread sur l’affaire Safran. Éléments exclusifs + réponses de la source qui revendique l’attaque.

@BastiUi En cache chez moi

??????

@aarshps @ArtemR @APKMirror @Cloudflare Isn’t this kind of high-quality residential proxy that uses browser stacks usually intended for smaller-scale operations such as web scraping or similar, rather than for running large-scale DDoS attacks?

@ArtemR @BarbossHack @APKMirror @Cloudflare JA4 is useless against high-quality residential proxies. They use real browser stacks, so the fingerprint is legitimate. Blocking it would result in massive false positives.

I thought I got pretty good at protecting @APKMirror from scraper and other malicious bot traffic using hundreds of tricks as part of our Enterprise @Cloudflare account, but this week the final boss has arrived - DDoS through residential proxies masking as real traffic. I love a new challenge though! This should be fun...