Badness Cryptography Software Security Technology Vulnerability

On The Toxicity of Zed A. Shaw

Boycott Zed Shaw’s writing. (With bonus zero-days in his work.)

Badness Online Privacy Technology Vulnerability

Masks Off for

The server for is hosted at Read on to learn how I discovered this.

Badness Software Security Vulnerability

EduTech Spyware is Still Spyware: Proctorio Edition

Spyware written for educational institutions to flex their muscles of control over students and their families when learning from their home computer is still, categorically, spyware. Depending on your persuasion, the previous sentence sounds like either needless pedantry, or it reads like tautology. But we need to be clear on our terms. Educational spyware is […]

Cryptocurrency Vulnerability

Kerlissions – Trivial Collisions in Iota’s Hash Function (Kerl)

Historical Context of Iota’s Hash Functions Once upon a time, researchers discovered that the hash function used within the Iota cryptocurrency (Curl-P), was vulnerable to practical collisions. When pressed about this, the Iota Foundation said the following: In response to this research, the Iota developers threatened to sue the researchers. Iota replaced Curl-P-27 with a […]

Cryptography Vulnerability

Learning from LadderLeak: Is ECDSA Broken?

A paper was published on the IACR’s ePrint archive yesterday, titled LadderLeak: Breaking ECDSA With Less Than One Bit of Nonce Leakage. The ensuing discussion on /r/crypto led to several interesting questions that I thought would be worth capturing and answering in detail. What’s Significant About the LadderLeak Paper? This is best summarized by Table […]

Furry Fandom Online Privacy Vulnerability

How to De-Anonymize Scam/Knock-off Sites Hiding Behind CloudFlare

Update (2021-01-09): There’s a newer blog post that covers different CloudFlare deanonymization techniques (with a real world case study). Furry Twitter is currently abuzz about a new site selling knock-off fursuits and illegally using photos from the owners of the actual fursuits without permission. Understandably, the photographers and fursuiters whose work was ripped off by […]

Humor Software Security Vulnerability

Why Server-Side Input Validation Matters

Update (2020-04-29): Twitter has fixed their oversight. Anyone who set their custom gender to a long volume of text, should still have it set to a long volume of text. The original article follows after the separator. I was recently made aware of a change to Twitter, which exposes a new Gender field. If you’ve […]