SlowBearDigger

Hey yall! Papa Bear here!! gonna launch somethin huge, GOXMR!!!! ATTENTION!!! goxmr.click IS LIVE, UP AND RUNNIN!!!! Ah, yeah!! OpenSource: github.com/SlowBearDigger… You have two choices, you can use goxmr.click (you can audit and make sure there are no trackers and shit, if you find something let me know!) or host your own and make it work, that's it! The Sovereign Link-in-Bio for the Monero Ecosystem GGXMR is a digital identity platform and sovereign landing page, built with a Privacy-First philosophy. Lets any user create a public profile to centralize their networks, projects, and most importantly, receive donations in cryptos without relyin on centralized platforms that censor or track your data. 🛡️ Cutting-Edge Security and Authentication Zero Passwords, Zero Seeds: Uses WebAuthn (FIDO2). Forget vulnerable passwords or seed phrases. Log in with biometrics (FaceID/Fingerprint) or hardware keys (YubiKey). Total Hardening: Set up with Helmet security headers, strict Content Security Policy (CSP), and protection against brute force attacks and bots. No Admin Access: As a sovereign tool, no central database controlled by third parties. You're the only owner of your access. NOT EVEN I KNOW WHO'S USING IT 💰 Native Integration with Monero (XMR) Multi-Currency Ready: Visual and management support for XMR, BTC, LTC, ETH and more. 🎨 Cypherpunk Industrial Design Radical Aesthetic: Interface inspired by tactical terminals and industrial vibe with JetBrains Mono and Space Grotesk fonts. Total Customization: Users can upload their own banners and avatars, plus set accent colors and bios. QR Generator Pro: Dynamic and customizable QR code generator for instant payments. ⚙️ Technical Architecture (Sovereign Stack) Frontend: React + Vite + Tailwind CSS (Optimized for instant load). Backend: Node.js + Express (Robust and lightweight). Database: SQLite (Total portability; your "bank" is a simple file). Infrastructure: Optimized for secure server deploys and environments like Namecheap with reverse proxies. 🕊️ Open Source Philosophy 100% Transparent: Code is open and auditable. No Commissions: 0% fees on transactions. Donations go wallet to wallet without intermediaries. Anti-Censorship: Designed to be hosted by the user, eliminatin the risk of de-platforming. BTW PLEASE Keep in mind, that i am hosting this on my own server/hosting... not super powerful, bear with me while we upgrade this The future of digital identity in Monero is already sovereign! 🚀 #Monero #XMR #Privacy #Cypherpunk #OpenSource #WebAuthn #GoXMR if u like this, hit me with some xmr love on the site or bio addy... lets make it bigger! :p

@100xChaser Yeah there's been a nasty bug for a long time, called Microslop

bluetooth on windows just doesn't work jesus christ

@vikrantnyc @Microsoft Microslop is done Vik

so @Microsoft can't handle traffic?

@Joe_IO @notafbihoneypot Thank you I’ll start auditing it in 1 day, I’ll provide all findings with poc and recommendations

@SlowBearDigger @notafbihoneypot Yup I actually migrated to a singular repo too with public ci cd and artifacts to make everyone’s lives easier

Monero One will soon be my main wallet

@Joe_IO @notafbihoneypot Will do, GitHub repo still public, right?

@SlowBearDigger @notafbihoneypot Tremendous thanks. I would just ask to send me a list or report of your findings so I can fix anything that comes up first

@notafbihoneypot @Joe_IO Also can try to get more friends to audit it :)

@notafbihoneypot @Joe_IO @Joe_IO I can do the audit for free!

@Itsfoss Simple, they all woke.

I find it frustrating that none of these "guardians" of Linux and open source have reacted to the OS-level age verification law: - Linux Foundation - Open Source Initiative - Free Software Foundation - Software Freedom Conservancy

@MaLucasBC @HathorNetwork Hello!, thank you. I'll dm you a bit later

@SlowBearDigger @HathorNetwork We have many malicious cases like this in immunefi. I'm setting up a victim group and collecting more details of the cases. Although it's just started, do you want to join us?

As I said back in February: I found a CRITICAL RCE in Hathor Desktop Wallet v0.34.0 (Immunefi #65067). @HathorNetwork closed it as “Out of Scope”. Immunefi banned me. After I kept spamming them via email + Discord they finally patched it quietly. No bounty. No thanks. No acknowledgement. Zero respect for whitehat work.

@LundukeJournal @notafbihoneypot Fuck, i know you're behind this.

Debian Project Leader Election Underway: Only 1 Candidate, & She's Anti "(Cis)Male" The only candidate to lead Debian Linux says her primary goal is to have "more women (both cis and trans), trans men, and genderqueer people."

@intigriti Dev tools, curl, grep xd

what's your most used bug bounty tool? 😎

@PardonMyTake Well, meme is technically right, Venezuelans don't play American Football xD mostly Rugby and soccer/football

@immunefi Update, they're willing to pay low, for my finding, 1k aprox. i'll take it and close this chapter.

I also created a ISSUE on github describing this github.com/HathorNetwork/… So this just keeps being public and people know... To all the whitehat fellows, don't waste time on platforms like @immunefi because they don't care about you, and don't even think about sending reports to @HathorNetwork, they want you to work for free, closing your reports, fucking your reputation.

You're right, good intentions and no traditional "business model" for making money, it's not a VC startup chasing profits. But it has real utility, not only about big ass stonks and green graphs. theyre runnin' a guardian program supporting privacy advocates in communities worldwide where surveillance/censorship is heavy. Let's say is a good complement, i am super picky with crypto, but the fact they do good to community is enough to convince me, idk.

@SlowBearDigger @vikrantnyc @firoorg @cakewallet apparently good intention, but can't see any sustainable business model or reason to use the asset maybe i'm just too old

@vikrantnyc this is a good idea actually, our @firoorg frens have spark option to make transactions more private! @cakewallet could be the first wallet using firo with spark only ;)

@monerify @vikrantnyc @firoorg @cakewallet It is easier if you checked their X profile @firoorg

@SlowBearDigger @vikrantnyc @firoorg @cakewallet what communities? these markets are beyond 'the tech' why would i ever have to buy or use their token for example?

@monerify @vikrantnyc @firoorg @cakewallet It is a privacy coin, it was originally Zcoim, they use zkproof, and spark are their stealth addresses. Most importantly they’re doing wonders for communities all over the world where it’s needed.

@SlowBearDigger @vikrantnyc @firoorg @cakewallet what is firo, what is spark and why would anyone use it?

@ertugrulphp @injective @immunefi They don't give a fuck, they only pay or help researchers when a smart contract or huge money is on risk. they're afraid of researchers exploiting the thing... i had a similar experience x.com/SlowBearDigger…

The same kind of situation applies web2 as well on @injective. I found a valid issue, and the team actually fixed it. But after fixing it, they closed my report as “out of scope” According to @immunefi, if a reported vulnerability is fixed, the researcher should be rewarded+

Full PoC (malicious SVG + fake metadata server) was done on a private testnet fork, 100% compliant. Real world attack: attacker just mints the NFT on mainnet with bad SVG URL. Victim receives airdrop > opens NFTs tab ? game over. Recommendations (that they ignored for weeks): nodeIntegration: false + contextIsolation: true + sandbox: true Sanitize NFT media (only https/ipfs, CSP) If you use Hathor Desktop Wallet > update NOW. Whitehats deserve better than this treatment!!! @HathorNetwork @HathorCommunity @immunefi What’s your take? Are you going to stay silent? while your whitehats gets treated like worthless trash?

Exact impact (matches their Critical tier, up to $20,000): Seed/private keys exfiltrated Forced outgoing txs (drain everything) Persistent malware/keylogger Silent compromise the moment the NFT List loads They patched ONLY the PDF rendering here: github.com/HathorNetwork/… Still no bounty. Still no “thank you”.