Feel like I’m destroying the dataset with QWERTY so I’ll wait until QWERTZ is available :)

What was the comment? That the source is untrustworthy? Why was it removed?

Login pages ;D

You need to check out public key cryptography and digital signatures. Those are the basics of Fido.

When the private key is bound to a device it is not possible to fake or steal it through conventional methods. Passwords are the weakest link and an easy target for attackers - passkeys basically solve that.

User adoption depends on implementation, but everything is easier than remembering a secure password or using a password manager for most people. There needs to be an easy and secure way to distribute passkeys across devices, and any backup mechanisms may be a weak point. In any case: still better than passwords.

I had a colleague at work years ago who did his Master’s thesis on network scanning. He ran a PoC in the company’s network and had all the printers print hundreds of pages.

We learned that printers suck and that we should always know our payloads and targets 😁

Check out openvas.

https://github.com/greenbone/openvas-scanner

I use Nessus professionally, they are somewhat similar. I can’t decide which one has the worse user interface.

I’m a big fan of hashcat for this use case myself! I route it through WS, however. I like being on the bleeding edge.

Jia Tan is most definitely not a person, just the publicly facing account of a group of people.

What is the trail of crumbs? Just some random email accounts?

This was in a big part a social engineering attack, so you can’t really avoid contact.

Caring about the technology of an app more than about its privacy is really strange to me, but you do you.

You can collaborate on WhatsApp or Signal as well, both messengers are using the end-to-end encrypted Signal protocol. Even in group chats. Telegram is not E2EE per default.

Of course, with WhatsApp Meta collects all your metadata so they have a very detailed network of basically all the people in this world… At least without all their messages.

Messages are only end-to-end encrypted if you use the Secure Messaging option. Otherwise everything passes the server in cleartext.

That means that anyone with access to those servers can read your messages.

Telegram is a security disaster.

They are not just middlemen, they control the entire sales platform - both buyer and seller.

Who is Ian?

Lawful means “following a code”, not “following the law”.

You literally send the message you report, that has nothing to do with breaking encryption.

That’s like me showing you a letter I don’t like and then accusing you of intercepting my mail, lmao.

You should first try reading it at all.

I’m not sure I follow you - if someone can compromise the key material on my phone that is protected by a different factor, then it doesn’t matter whether the 2FA is server-side or not, it’s compromised either way.

Since the other people don’t seem too helpful to you, we can gladly setup a meeting and see where it goes :) I don’t have exeprience in all these software like TrueNAS you’re using but I have a lot of experience in a lot of other things, so I’m sure I’ll be able to help!