Karan Saini
@karansaini.com
hacker, researcher. blog at karansaini.com
New Delhi
New Delhi
Reposted by Karan Saini
VPN vendors have huge budgets to advertise on your favorite podcasts.
We don't have marketing for the IETF, browser and OS security teams, CAs (Let's Encrypt), CDNs, researchers, open source authors, website builders, digital rights activists...
We made the web secure and didn't tell anyone.
We don't have marketing for the IETF, browser and OS security teams, CAs (Let's Encrypt), CDNs, researchers, open source authors, website builders, digital rights activists...
We made the web secure and didn't tell anyone.
Man-in-the-middle attacks on Public WiFi networks haven't been a realistic threat in a decade. Almost all websites use encryption by default, and anything of value uses HSTS to prevent attackers from downgrading / disabling encryption. It's a non issue.
They are useful to prevent man in the middle attacks where someone uses a pineapple to spoof a public wifi signal.
December 20, 2024 at 3:46 AM
VPN vendors have huge budgets to advertise on your favorite podcasts.
We don't have marketing for the IETF, browser and OS security teams, CAs (Let's Encrypt), CDNs, researchers, open source authors, website builders, digital rights activists...
We made the web secure and didn't tell anyone.
We don't have marketing for the IETF, browser and OS security teams, CAs (Let's Encrypt), CDNs, researchers, open source authors, website builders, digital rights activists...
We made the web secure and didn't tell anyone.
Reposted by Karan Saini
NEW: Cybersecurity experts, who work with human rights defenders and journalists, agree that Apple is doing the right thing by sending notifications to victims of mercenary spyware — and at the same time refusing to forensically analyze the devices.
“These notifications have been a game changer."
“These notifications have been a game changer."
Why Apple sends spyware victims to this nonprofit security lab | TechCrunch
Cybersecurity experts, who work with human rights defenders and journalists, agree that Apple is doing the right thing by sending notifications to victims of mercenary spyware — and at the same time r...
techcrunch.com
December 20, 2024 at 2:24 PM
NEW: Cybersecurity experts, who work with human rights defenders and journalists, agree that Apple is doing the right thing by sending notifications to victims of mercenary spyware — and at the same time refusing to forensically analyze the devices.
“These notifications have been a game changer."
“These notifications have been a game changer."
Reposted by Karan Saini
The @phrack.org 72 CFP horny emojipasta has hit the chats
December 18, 2024 at 7:25 PM
The @phrack.org 72 CFP horny emojipasta has hit the chats
Reposted by Karan Saini
It took quite a while hunting through newspaper archives, but this is what Joseph Popp actually looked like when he was arrested. Weird that someone considered the grandfather of ransomware is so poorly documented. Sources online get the date of his death wrong & the spelling of his middle name too.
December 19, 2024 at 11:00 AM
It took quite a while hunting through newspaper archives, but this is what Joseph Popp actually looked like when he was arrested. Weird that someone considered the grandfather of ransomware is so poorly documented. Sources online get the date of his death wrong & the spelling of his middle name too.
Reposted by Karan Saini
Reposted by Karan Saini
White House official: 8 US telecom providers hacked by Chinese
www.cnn.com/2024/12/04/p...
www.cnn.com/2024/12/04/p...
White House official: 8 US telecom providers hacked by Chinese | CNN Politics
US officials believe Chinese hackers breached at least eight US telecommunications providers in their quest to spy on top US political figures as part of a hacking campaign that has affected dozens of...
www.cnn.com
December 4, 2024 at 9:31 PM
White House official: 8 US telecom providers hacked by Chinese
www.cnn.com/2024/12/04/p...
www.cnn.com/2024/12/04/p...
Reposted by Karan Saini
Reposted by Karan Saini
This is your reminder that DMs here are _not encrypted_. They're not even really part of ATProto.
It's on the roadmap, but that's not the case now. DMs are centralized and unencrypted. Behave accordingly.
It's on the roadmap, but that's not the case now. DMs are centralized and unencrypted. Behave accordingly.
November 22, 2024 at 5:29 PM
This is your reminder that DMs here are _not encrypted_. They're not even really part of ATProto.
It's on the roadmap, but that's not the case now. DMs are centralized and unencrypted. Behave accordingly.
It's on the roadmap, but that's not the case now. DMs are centralized and unencrypted. Behave accordingly.
Reposted by Karan Saini
I know this is in the Drop I just posted, but y'all really need to try out ATFile — github.com/electricduck...
It lets you upload & download arbitrary files to Bluesky's Blob storage (or any ATptodo PDS).
The Blobs don't show up in your timeline, they just "exist".
Store your MP3 collection!
1/2
It lets you upload & download arbitrary files to Bluesky's Blob storage (or any ATptodo PDS).
The Blobs don't show up in your timeline, they just "exist".
Store your MP3 collection!
1/2
GitHub - electricduck/atfile: 📦➔🦋 Store and retieve files on the ATmosphere
📦➔🦋 Store and retieve files on the ATmosphere. Contribute to electricduck/atfile development by creating an account on GitHub.
github.com
November 20, 2024 at 8:22 PM
I know this is in the Drop I just posted, but y'all really need to try out ATFile — github.com/electricduck...
It lets you upload & download arbitrary files to Bluesky's Blob storage (or any ATptodo PDS).
The Blobs don't show up in your timeline, they just "exist".
Store your MP3 collection!
1/2
It lets you upload & download arbitrary files to Bluesky's Blob storage (or any ATptodo PDS).
The Blobs don't show up in your timeline, they just "exist".
Store your MP3 collection!
1/2
Reposted by Karan Saini
NEW: The U.S. government has announced charges against five alleged hackers who targeted several companies stealing millions of dollars in crypto, and corporate data.
DOJ says the hackers are part of the infamous Scattered Spider cybercrime group.
techcrunch.com/2024/11/20/u...
DOJ says the hackers are part of the infamous Scattered Spider cybercrime group.
techcrunch.com/2024/11/20/u...
US charges five accused of multi-year hacking spree targeting tech and crypto giants | TechCrunch
The five alleged hackers are accused of stealing millions of dollars in crypto, and corporate data from several victims all over the world.
techcrunch.com
November 20, 2024 at 7:48 PM
NEW: The U.S. government has announced charges against five alleged hackers who targeted several companies stealing millions of dollars in crypto, and corporate data.
DOJ says the hackers are part of the infamous Scattered Spider cybercrime group.
techcrunch.com/2024/11/20/u...
DOJ says the hackers are part of the infamous Scattered Spider cybercrime group.
techcrunch.com/2024/11/20/u...
Reposted by Karan Saini
as a gamer ive eliminated thousands of moo deng like creatures for their various parts . Ive completed countless quests using their pain
November 14, 2024 at 5:49 AM
as a gamer ive eliminated thousands of moo deng like creatures for their various parts . Ive completed countless quests using their pain
What is being done about caller ID spoofing in India? My piece for the Text and Context section in The Hindu today.
July 29, 2024 at 5:29 PM
What is being done about caller ID spoofing in India? My piece for the Text and Context section in The Hindu today.
This project now catalogues over 10,000 websites known to be blocked on the ACT Fibernet network. 4,226 new hostnames were added since the last update in June. github.com/qurbat/block...
GitHub - qurbat/blocked-hosts: A periodically updated list of websites known to be blocked in India
A periodically updated list of websites known to be blocked in India - GitHub - qurbat/blocked-hosts: A periodically updated list of websites known to be blocked in India
github.com
December 31, 2023 at 5:03 PM
This project now catalogues over 10,000 websites known to be blocked on the ACT Fibernet network. 4,226 new hostnames were added since the last update in June. github.com/qurbat/block...
BharOS was touted as an indigenously developed secure and private mobile operating system. But is it? My piece for The News Minute from today. www.thenewsminute.com/news/what-bh...
What BharOS, India’s ‘homegrown’ answer to Android, says about our credulity
In a development that has sparked outrage among India's free and open source software communities, it has come to light that India's much-hyped ‘indigenously de
www.thenewsminute.com
October 20, 2023 at 7:01 PM
BharOS was touted as an indigenously developed secure and private mobile operating system. But is it? My piece for The News Minute from today. www.thenewsminute.com/news/what-bh...
The Supreme Court has dismissed a petition requesting for the source code of Electronic Voting Machines to be made public. The court stated that publishing the source code would make EVMs vulnerable. This line of reasoning is fallacious and ill-informed. m.thewire.in/article/law/...
SC Refuses to Hear Plea Seeking Audit into Source Code of Software Used in EVMs
A three-judge Bench, headed by Chief Justice D.Y. Chandrachud, disallowed the petition on the grounds that making the source code public would make the machines vulnerable to hacking.
m.thewire.in
September 25, 2023 at 10:38 AM
The Supreme Court has dismissed a petition requesting for the source code of Electronic Voting Machines to be made public. The court stated that publishing the source code would make EVMs vulnerable. This line of reasoning is fallacious and ill-informed. m.thewire.in/article/law/...
It turns out that you can pass an arbitrary datetime value for the 'createdAt' parameter when creating a new post. I've linked a post of mine below with a datetime value of 1970-01-01T00:00:00.000Z. The datetime value appears to have been offset to January 1, 1970, 5:30 AM, Indian Standard Time.
?
September 20, 2023 at 7:51 PM
It turns out that you can pass an arbitrary datetime value for the 'createdAt' parameter when creating a new post. I've linked a post of mine below with a datetime value of 1970-01-01T00:00:00.000Z. The datetime value appears to have been offset to January 1, 1970, 5:30 AM, Indian Standard Time.
Twitter (X) seems to no longer display a notice for when a given post has been blocked at the request of the Government. Instead, a nondescript notice is shown, simply reading "This Post is unavailable."
September 19, 2023 at 3:20 PM
Twitter (X) seems to no longer display a notice for when a given post has been blocked at the request of the Government. Instead, a nondescript notice is shown, simply reading "This Post is unavailable."
Reposted by Karan Saini
this site needs a badge i can pay $8 a month for to trick people into thinking I am a Mod
August 13, 2023 at 5:23 PM
this site needs a badge i can pay $8 a month for to trick people into thinking I am a Mod
starting something new
August 27, 2023 at 1:27 PM
starting something new
Reposted by Karan Saini
more like a SMUGshot! siri please send when official headshot released. siri please dim lights and set alarm for 9:30 am.
August 24, 2023 at 11:51 PM
more like a SMUGshot! siri please send when official headshot released. siri please dim lights and set alarm for 9:30 am.
Reposted by Karan Saini
if you are a stupid ass reddit poster from fucking reddit me and my crazy friends will put you in a head lock
August 16, 2023 at 6:48 PM
if you are a stupid ass reddit poster from fucking reddit me and my crazy friends will put you in a head lock
Indian movies vilifying Muslims spark fear ahead of polls https://tribune.com.pk/story/2431004/indian-movies-vilifying-muslims-spark-fear-ahead-of-polls
Indian movies vilifying Muslims spark fear ahead of polls
Critics accuse recent movie releases of peddling lies and amplifying divisive narratives ahead of national elections
tribune.com.pk
August 16, 2023 at 7:07 PM
Indian movies vilifying Muslims spark fear ahead of polls https://tribune.com.pk/story/2431004/indian-movies-vilifying-muslims-spark-fear-ahead-of-polls
Reposted by Karan Saini
Zero statements from the Biden admin about India technically exporting* defense equipment to Russia. Quite disappointing.
*Russia is calling it "re-importing".
*Russia is calling it "re-importing".
August 16, 2023 at 12:44 PM
Zero statements from the Biden admin about India technically exporting* defense equipment to Russia. Quite disappointing.
*Russia is calling it "re-importing".
*Russia is calling it "re-importing".