Lmst
Login
superevr :donor:

Runs a bug bounty program.
Infosec enthusiast.

superevr :donor: boosted:
mandatory (@IAmMandatory)mandatory@infosec.exchange
2024-08-10

Cool article about the talk I did at DEFCON today :) wired.com/story/apple-prototyp

superevr :donor:superevr@infosec.exchange
2024-08-10

@mandatory excellent talk, great research!

superevr :donor:superevr@infosec.exchange
2024-06-10

@jamesthomson I don’t think recognizing it as OpenAI would have given Apple the brand protection people suggest it would have provided

superevr :donor:superevr@infosec.exchange
2024-06-10

@dgriffinjones only fair after you Sherlocked Erfon 😝

superevr :donor:superevr@infosec.exchange
2024-06-10

iPhone mirroring? The remote unlock sounds suss #wwdc

superevr :donor:superevr@infosec.exchange
2024-02-19

Wyze security incident. This is not how caching is supposed to work at all! theverge.com/2024/2/16/2407536

superevr :donor:superevr@infosec.exchange
2024-01-09

How it started
How it's going

superevr :donor:superevr@infosec.exchange
2024-01-07

So useless! Why doesn’t Safari on iOS just spoof the screen resolution properties so it can actually render the desktop website?

superevr :donor: boosted:
David Buchananretr0id@retr0.id
2023-12-19
I finally got around to explaining how I made this partial hash collision https://www.da.vidbuchanan.co.uk/blog/colliding-secure-hashes.html
A visualisation of two surprisingly similar sha256 hashes. Matching digits are green (12 at the start, 12 at the end, 7 in the middle), and nearby digits are yellow (5 of those). The full text is: sha256(retr0id_662d970782071aa7a038dce6) = 307e0e71a409d2bf67e76c676d81bd0ff87ee228cd8f991714589d0564e6ea9a, sha256(retr0id_430d19a6c51814d895666635) = 307e0e71a4098e7fb7d72c86cd041a006181c6d8e29882b581d69d0564e6ea9a
superevr :donor: boosted:
Brian Danger Hicksckape@teh.entar.net
2023-12-05

Employees $200
Royalties $150
Servers $800
Joe Rogan $200,000,000
Utility $150
someone who is good at the economy please help me budget this. my company is dying
arstechnica.com/culture/2023/1

superevr :donor: boosted:
Dare Obasanjocarnage4life@mas.to
2023-11-30
superevr :donor:superevr@infosec.exchange
2023-11-19

Is this what happens when you outsource the astroturfing of your YouTube comments section? What other explanation is there

superevr :donor:superevr@infosec.exchange
2023-11-15

Text message spam has gotten out of hand! Anyone else seeing this much?

superevr :donor:superevr@infosec.exchange
2023-10-27

@dgriffinjones @tuckerjj thanks, great job. I had to redownload it to get the changes . There’s still a bit of background static, but at least the music fades out

superevr :donor:superevr@infosec.exchange
2023-10-21

@atoponce what a boneheaded move. The costs of KV storage for free users is minimal, so it's dumb move by their board. Remember that LastPass's downfall was when they limited their free tier to a single device.

superevr :donor:superevr@infosec.exchange
2023-10-20

@jamesthomson I got so bored half way through recording myself I paused it. I came back a few days later and it wanted me to start all over again 😢​

superevr :donor:superevr@infosec.exchange
2023-10-19

@dangoodin There is a much older campaign around privnote. search for any misspelled combination of the word "privnote" for more examples. Secret notes from these sites are copied to Telegram channels for exploit, as confirmed by a few canary tokens.

prvinote, pirvnota, pirvnote, pirvnota, prinvote [dot com] to list just a few

superevr :donor:superevr@infosec.exchange
2023-10-19

Syncing with iCloud is weird

superevr :donor:superevr@infosec.exchange
2023-10-12

Having a great time volunteering at #HouSecCon

superevr :donor:superevr@infosec.exchange
2023-10-12

Offensive Security for Everyone #HouSecCon

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst