GNU/r000t @r000t@ligma.pro
I'm a Python developer, a comedian, and a FOSS proponent. A clown with a technical background. But above all else, I'm an Ekko one-trick. He means the whole world to me.
If I don't reply, I'm probably cancelled on your instance. Try a different one.
I shitpost, and I protect Ekko. This is my purpose.
Joined Mar 2019
In 3 days it's gonna look like
A cloud of dust appears before you,
Akihara the Cool Guy here, stepping in for Doulikemudkipz, who was filling in for JenkinsJinkies.
Any way we can get a complete metabolic panel? Here's instructions on how to get to a clinic....
Attach the blood test results and images of your most recent head CT to this ticket. Thanks so much!
Excelsior!
Akihara, Riot Games Support
( ु⁎ᴗ_ᴗ⁎)ु.。oO It's not rape if she can't say no ( ु⁎ᴗ_ᴗ⁎)ु.。oO
"Hi, your game railroads people into a starter mission, complete with an X button to close out of it which does nothing. It's preventing me from giving you money."
>Greetings Summoner! It would be epic gamer of you to submit logs from the iOS app. Here's instructions on how to do it from Windows XP --CoolDude98 "May your sword always be shiny and true"
"Any way we can behave like adults? Me clearing cookies and cache won't fix this, you need to push an update that lets people back out of the starter mission."
GNU/r000t
boosted
@splitshockvirus @icedquinn @p Another fun fact is that, while the domain was taken over, there were no DNS records for the backend services that all of the Tesla cars talk to.
Hundreds of thousands of $45,000+ vehicles were temporarily made into paperweights. You couldn't start the car, lock/unlock the doors, or use the infotainment system. If you were inside the vehicle, you were trapped.
One phone call by an unskilled actor.
Still wanna buy a self-driving car from Elon?
If a company says "The breach occurred as the result of a social engineering campaign against our support staff," you're almost tempted to think it was inevitable, that the support staff wasn't 100% to blame for the breach.
If you mentally replace it with "The breach happened after someone called our support staff and asked very nicely for access," you begin to understand that it was totally avoidable and anybody stupid enough to fall for it is criminally negligent.
Stop calling it "social engineering", that makes it sounds like a complex operation carried out by a skilled actor.
It's "calling and asking nicely", which properly frames how easy it is to do. You call and ask nicely for access to the account, and you get it. Sometimes, you have to ask more than once.
I've updated the DRM-free collection of videos featuring Ekko to include the Wild Rift teaser that went out yesterday.
btw, the upper class wants you to separate everyone you know into buckets like "commie" and "nazi"
It's how they keep your effort and action focused on attacking your neighbor instead of the upper class.
My boomer grandmother told me "You should give up on the computer thing and just get a job at $localGroceryChain; Everyone who graduates high school knows what you know on a computer."
So I smiled, nodded, and let the stupid person who hasn't worked since the 1970s just be wrong.
Massive Compatibility.
That's a goal of mine. It means I work to be compatible with *everyone* who would want to be compatible with me. Even if they aren't compatible with each other.
Sometimes, that means smiling, nodding, and just fucking letting stupid people be wrong.
@p Can I get your unbiased opinion on https://infosec.exchange/@r000t/108289206367192784 ?
I can forward you the entire ticket if you want.
GNU/r000t
boosted
Liberate
The people that you hate
Elon Musk lost control of his email, and thus, his Twitter account, because of a single phone call made to a domain registrar.
If it can happen to the richest person on earth, it can happen to you.
"Email compromise is not part of our threat model" is unacceptable from a billion dollar company.
GNU/r000t
boosted
Throwback to when Elon Musk (the guy selling you self driving cars) namedropped r000tles because infosec is super super hard.
A kid's barbershop called Discord.
GNU/r000t
boosted
> The retained Option (Option E) builds on Option D, and requires providers to also detect grooming, in addition to known and new CSAM.
discord is finished
discord is finished
GNU/r000t
boosted
"A 2FA bypass is not a bug because you'd need to know the username and password to use it"
uhhhhh folks what do you think 2FA is for?
GNU/r000t
boosted
Riot Games 2FA implementation is inherently broken: The same code can be used multiple times.
The code is also emailed to you, and email is known to be an insecure channel. You do not have the option to use your own TOTP application to generate login codes.
Riot Games responded to a report saying that the system is "working as intended"
Lesson? Phish Riot accounts. They will do nothing to stop you.
Also, HackerOne is an absolute fucking joke.
HackerOne is a fucking joke.
I'm triple checking that nobody's gonna get pissed off if I disclose what I found, but if it's being called "not threatening", I just don't see the problem.
I'm a Python developer, a comedian, and a FOSS proponent. A clown with a technical background. But above all else, I'm an Ekko one-trick. He means the whole world to me.
If I don't reply, I'm probably cancelled on your instance. Try a different one.
I shitpost, and I protect Ekko. This is my purpose.
Joined Mar 2019
