Notices by Micah Lee (micahflee@mastodon.social)

I'm fascinated by this Microsoft commercial https://www.youtube.com/watch?v=8gw0rXPMMPE

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks https://thehackernews.com/2019/04/email-signature-spoofing.html

OnionShare 2 adds anonymous dropboxes, supports new Tor addresses, and is translated into a dozen new languages https://micahflee.com/2019/02/onionshare-2/

GPG Sync 0.3 is out and it now fully complies with the draft "Distributing OpenPGP Keys with Signed Keylist Subscriptions" internet standard! Check it out https://code.firstlook.media/gpg-sync-v0-3

A new leak site, Distributed Denial of Secrets, is about to publish 175GB of leaked Russian emails and documents from "politicians, journalists, bankers, folks in oligarch and religious circles, nationalists, separatists, terrorists operating in Ukraine" https://www.thedailybeast.com/this-time-its-russias-emails-getting-leaked

Do you want to contribute to the next major version of OnionShare? Try out OnionShare 2.0.dev2, report bugs, and help translate it into your language https://micahflee.com/2018/12/do-you-want-to-contribute-to-the-next-major-version-of-onionshare/

The lawyer of refugee families that Edward Snowden hid out with in Hong Kong says he and his clients have been targeted with "what appears to be a broad campaign of harassment and intimidation, the full scope of which has never before been reported" https://nationalpost.com/feature/canadian-lawyer-says-he-and-his-refugee-clients-have-been-targeted-since-hiding-edward-snowden

Hacking Team Hacker Phineas Fisher Has Gotten Away With It

Leaked court documents show that Italian authorities have no idea who hacked the government spyware maker Hacking Team, and a judge ruled the investigation should be shut down.
https://motherboard.vice.com/en_us/article/3k9zzk/hacking-team-hacker-phineas-fisher-has-gotten-away-with-it

@lapingvino @tuxicoman

What part of Signal isn't open source? Here is the server code https://github.com/signalapp/Signal-Server

Signal doesn't have a business model. It's not a business, it's a non-profit funded by a billionaire. It doesn't have ads, sell (or collect) data, etc.

One thing I appreciate about the Signal project is they don't make claims about security that aren't true.

Projects like bitmessage are great, but really need to prioritize UX if they want to be accessible outside of a tiny niche.

Really interesting Twitter thread about how radical the Sears catalog was and it's role in fighting white supremacy during Jim Crow https://twitter.com/louishyman/status/1051872178415828993?s=19

Check it, I just released a new version of passphraseme: https://github.com/micahflee/passphraseme

Now you can make diceware passphrases uses wordlists scraped from Game of Thrones, Harry Potter, Star Trek, and Star Wars.

pip3 install passphraseme

Bloomberg now has a follow-up story claiming that an unnamed "major U.S. telecommunications company" discovered a malicious implant in an Ethernet port on a server manufactured by Supermicro https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom

@HerraBRE Do you think the journalists' sources were lying to them? Or that the journalists are simply making it up?

They have a lot of sources, and the information is very specific and can be checked, for example this paragraph. I'd be very surprised if this didn't go through a massive fact-checking process.

It definitely might not be completely accurate reporting or the full picture, but I also don't think it's plausible that it's just made up