# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 196325
# self = https://watcher.sour.is?offset=150758
# next = https://watcher.sour.is?offset=150858
# prev = https://watcher.sour.is?offset=150658
@prologic
> Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔
As I understand it: The attacker was able to compromise the Google account of that employee. That would have been pretty been in and of itself. Due to this horseshit “sync” feature, though, the attacker was also able grab all those TOTP seeds that can be used to log in to other sites.
What’s unclear to me is how the attacker got to the *first* factor (probably a normal password). That was probably fished separately? And/Or that employee used the same password everywhere? 🤔
@prologic
> Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔
As I understand it: The attacker was able to compromise the Google account of that employee. That would have been pretty been in and of itself. Due to this horseshit “sync” feature, though, the attacker was also able grab all those TOTP seeds that can be used to log in to other sites.
What’s unclear to me is how the attacker got to the *first* factor (probably a normal password). That was probably fished separately? And/Or that employee used the same password everywhere? 🤔
[47°09′15″S, 126°43′22″W] 3802 days without news from Herve
@abucci Can you recommend one?
> Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one that’s been vetted.
I've been using Google Authenticator for years, but it never had this "sync" feature until recently 🤦♂️
@abucci Can you recommend one?
> Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one that’s been vetted.
I've been using Google Authenticator for years, but it never had this "sync" feature until recently 🤦♂️
@abucci Can you recommend one?
> Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one that’s been vetted.
I've been using Google Authenticator for years, but it never had this "sync" feature until recently 🤦♂️
🧮 USERS:1 FEEDS:2 TWTS:725 ARCHIVED:66913 CACHE:2312 FOLLOWERS:14 FOLLOWING:14
Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔
Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔
Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔
Wow !!! 😱 Those sneaky little shitheads!!! Google are unconspicious lying sons of notches 😢 When da fuq did they sneak this feature in?! I didn't even notice this was a thing from a recent upgrade of the app (Authenticator) 🤦♂️
Wow !!! 😱 Those sneaky little shitheads!!! Google are unconspicious lying sons of notches 😢 When da fuq did they sneak this feature in?! I didn't even notice this was a thing from a recent upgrade of the app (Authenticator) 🤦♂️
Wow !!! 😱 Those sneaky little shitheads!!! Google are unconspicious lying sons of notches 😢 When da fuq did they sneak this feature in?! I didn't even notice this was a thing from a recent upgrade of the app (Authenticator) 🤦♂️
Thanks, @movq!
When I went to the scout meeting this evening, I first saw a colorful sky, then a shooting star above our camp fire and finally a fairly new starlink chain of about 15 satellites or I don't know how many. There is only photographic evidence of one of these events.
'to ponder' is based on latin 'to weigh' - why are you pondering glass, you should be pondering tungsten
[47°09′30″S, 126°43′37″W] Transfer completed
How Google Authenticator made one company’s network breach much, much worse | Ars Technica
🤦♂
WHY are these big companies treated as though they are the be all and end all of infosec? These are rookie mistakes they're making, *at scale*.
> Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option.
Like, never ever put your multi-factor tokens into a single cloud storage location! The whole point of this being "multi" factor is that there is a separate, independent physical factor involved in the authentication process. If the authenticator app on your phone puts the tokens in the cloud, then it reduces the security that comes from having a second factor. This is basic stuff.
Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one that's been vetted.
How Google Authenticator made one company’s network breach much, much worse | Ars Technica
🤦♂
WHY are these big companies treated as though they are the be all and end all of infosec? These are rookie mistakes Google's making, *at scale*.
> Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option.
Like, never ever put your multi-factor tokens into a single cloud storage location! The whole point of this being "multi" factor is that there is a separate, independent physical factor involved in the authentication process. If the authenticator app on your phone puts the tokens in the cloud, then it reduces the security that comes from having a second factor. This is basic stuff.
Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one that's been vetted.
How Google Authenticator made one company’s network breach much, much worse | Ars Technica
🤦♂
WHY are these big companies treated as though they are the be all and end all of infosec? These are rookies errors they're making, *at scale*.
> Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option.
[47°09′31″S, 126°43′10″W] Carrier too weak
[47°09′46″S, 126°43′09″W] Bad satellite signal -- switching to analog communication
Pinellas County - Tempo: 6.68 miles, 00:08:51 average pace, 00:59:06 duration
tough but much more manageable as a steady run without breaking it in to intervals.
#running
[47°09′36″S, 126°43′18″W] Transfer aborted
@darch It's called "test in prod"™ 😅
@darch It's called "test in prod"™ 😅
@darch It's called "test in prod"™ 😅
Someone write something im bored
@prologic I had a peering to NNTP back in the day. That would be neat to setup.
@prologic I had a peering to NNTP back in the day. That would be neat to setup.
[47°09′11″S, 126°43′12″W] Transfer 75% complete...
@prologic Lyse broke it for the rest of us. 😂
@lumen Ahh good to know, so less likely to worry about 👌 (hijacking sessions that is)
@lumen Ahh good to know, so less likely to worry about 👌 (hijacking sessions that is)
@lumen Ahh good to know, so less likely to worry about 👌 (hijacking sessions that is)
@lyse 500 Internal Server Error for me 😢
@lyse 500 Internal Server Error for me 😢
@lyse 500 Internal Server Error for me 😢
@lyse Oh wow that's such a lovely shot! 👌
@lyse Oh wow that's such a lovely shot! 👌
@lyse Oh wow that's such a lovely shot! 👌
@abucci Time to build a modern NNTP with a decent interface? 🤔
@abucci Time to build a modern NNTP with a decent interface? 🤔
@abucci Time to build a modern NNTP with a decent interface? 🤔
Haha I can't wait for everything to be USB C 🤣
Haha I can't wait for everything to be USB C 🤣
Haha I can't wait for everything to be USB C 🤣
🧮 USERS:1 FEEDS:2 TWTS:724 ARCHIVED:66894 CACHE:2299 FOLLOWERS:14 FOLLOWING:14
Hahaha, @thecanine, well done! :'-D Great drawing, I like this style.
@movq That ain't tea bag.
Agreed, @eapl.me, that looks fairly clean. Much more tidied than the default theme. Good job, @darch, I like it. If you see some garbage requests in your access log, do not worry, they're coming from me. You gotta do some input validation and error handling. :-) (E.g. see ?list=twtxt.txt_.)
(I’m still waiting to have my next lesson. Dude’s busy as heck. 😂)
(I’m still waiting to have my next lesson. Dude’s busy as heck. 😂)
(I’m still waiting to have my next lesson. Dude’s busy as heck. 😂)
[47°09′04″S, 126°43′43″W] Transfer 50% complete...
@movq Lucky you, we didn't have any thunderstorms lately. But temps were somewhat passable. These storm chasers are a fun species. Taking it right to the next level. :-) I mean it is probably cool to see the thunderstorm from above or the inside. But better don't crash into the windows of other people.
@movq Da geht mir auch sofort das Messer im Hosensack auf.
[47°09′37″S, 126°43′06″W] Transfer 25% complete...
In the german language, we have the word “Gewaltphantasie”. If you don’t know what it means, here’s a demonstration: https://imgur.com/gallery/LhsjMKM Notice how you’re feeling after watching this? Yep, congratulations, you now have Gewaltphantasien!
In the german language, we have the word “Gewaltphantasie”. If you don’t know what it means, here’s a demonstration: https://imgur.com/gallery/LhsjMKM Notice how you’re feeling after watching this? Yep, congratulations, you now have Gewaltphantasien!
In the german language, we have the word “Gewaltphantasie”. If you don’t know what it means, here’s a demonstration: https://imgur.com/gallery/LhsjMKM Notice how you’re feeling after watching this? Yep, congratulations, you now have Gewaltphantasien!
Had a very surreal experience the other day.
We had another big thunderstorm. First of all, there was so much lightning again. 😳 Is this the new normal now?
I watched the show for a while. At some point, I saw red and green lights in the sky. Ah, an airplane, I thought. Then I noticed that it’s moving *downwards*. Is that thing crashing? Omg, it’s coming down! The thunderstorm was still going strong, so who knows, maybe this really was an accident. It went down faster and faster – and theeeen I noticed, wait, this is coming down very close to me, but I don’t hear anything.
It must have been a little drone. 🥴
Still, very confusing, the whole thing. 😅 And who in their right mind is standing on an open field in the middle of a thundersturm flying a drone? 😅
Had a very surreal experience the other day.
We had another big thunderstorm. First of all, there was so much lightning again. 😳 Is this the new normal now?
I watched the show for a while. At some point, I saw red and green lights in the sky. Ah, an airplane, I thought. Then I noticed that it’s moving *downwards*. Is that thing crashing? Omg, it’s coming down! The thunderstorm was still going strong, so who knows, maybe this really was an accident. It went down faster and faster – and theeeen I noticed, wait, this is coming down very close to me, but I don’t hear anything.
It must have been a little drone. 🥴
Still, very confusing, the whole thing. 😅 And who in their right mind is standing on an open field in the middle of a thundersturm flying a drone? 😅
Had a very surreal experience the other day.
We had another big thunderstorm. First of all, there was so much lightning again. 😳 Is this the new normal now?
I watched the show for a while. At some point, I saw red and green lights in the sky. Ah, an airplane, I thought. Then I noticed that it’s moving *downwards*. Is that thing crashing? Omg, it’s coming down! The thunderstorm was still going strong, so who knows, maybe this really was an accident. It went down faster and faster – and theeeen I noticed, wait, this is coming down very close to me, but I don’t hear anything.
It must have been a little drone. 🥴
Still, very confusing, the whole thing. 😅 And who in their right mind is standing on an open field in the middle of a thundersturm flying a drone? 😅
[47°09′18″S, 126°43′59″W] Sample analyzing complete -- starting transfer
[47°09′36″S, 126°43′56″W] Taking samples
[47°09′53″S, 126°43′33″W] 3800 days without news from Herve
@lyse Yeah true! Um not even sure how realistic hijacking's a session really is? 🤔
@lyse Yeah true! Um not even sure how realistic hijacking's a session really is? 🤔
@lyse Yeah true! Um not even sure how realistic hijacking's a session really is? 🤔