#sanitizing — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sanitizing, aggregated by home.social.
-
And here's the final #mastodon #online server's rendered logo for one to create a social badge. This is done as part of my data #migration efforts. Basically I was #sanitizing the #data into actual production usable ones into my local datahub.
You still need to comply with #Mastodon #trademark requirements here:
https://joinmastodon.org/branding
Check it out at:
1. https://github.com/ChewKeanHo/visuals-trademarks-mastodon-online-1200x630
-
For those on #mastodon #social servers, here are the rendered logo for one to create "social badge" and link to your profile. This is done as part of my data #migration efforts. Basically I was #sanitizing the #data into actual production usable ones into my local datahub.
You still need to comply with #Mastodon #trademark requirements here:
https://joinmastodon.org/branding
Check it out at:
1. https://github.com/ChewKeanHo/visuals-trademarks-mastodon-social-1200x630
-
Over the weekend, I re-drawn some #mastodon trademark logos based on https://joinmastodon.org/branding guidelines as part of my data #migration efforts. Basically I was #sanitizing the #data into actual production usable ones into my local datahub.
Check them out at:
1. https://github.com/ChewKeanHo/visuals-trademarks-mastodon-1200x1200
2. https://github.com/ChewKeanHo/visuals-trademarks-mastodon-1200x630 -
Jeffrey #Epstein 's brother says the #FBI is #sanitizing the #Epstein files and redacting " #politicians" #names before release ..
What did you expect.. ?
-
The #NewYorkTimes Faces #Backlash After #Sanitizing #Trump #Eugenics #Claim.
What was The New York Times thinking #whitewashing Trump’s #racist #remarks?
https://newrepublic.com/post/187039/new-york-times-nyt-trump-eugenics-claim
-
The #Microsoft report on the technical investigations for #Storm0558 key acquisition is a rather interesting read.
They of course can't and don't go into specifics about the nature of the key leakage. I'm totally guessing here, but it might be that the tooling Microsoft used to detect and sanitize the #keymaterial didn't identify the key in the specific key schedule form. Maybe a new #encryption cipher was used that uses a new key schedule format that the tooling didn't support, or the cipher implementation started to store the key schedule in a new, different way.
This incident is a good example on how attempts of #sanitizing logs, memory dumps and similar of sensitive information are a losing game. At best it can be considered best effort, there's always ways information can end up leaking out despite your best efforts in trying to identify it.
For critical systems the encryption key should only ever exists in a security enclave or HSM. That'd be the only way to ensure that the key cannot leak: It's nowhere in the memory to begin with.
-
The #Microsoft report on the technical investigations for #Storm0558 key acquisition is a rather interesting read.
They of course can't and don't go into specifics about the nature of the key leakage. I'm totally guessing here, but it might be that the tooling Microsoft used to detect and sanitize the #keymaterial didn't identify the key in the specific key schedule form. Maybe a new #encryption cipher was used that uses a new key schedule format that the tooling didn't support, or the cipher implementation started to store the key schedule in a new, different way.
This incident is a good example on how attempts of #sanitizing logs, memory dumps and similar of sensitive information are a losing game. At best it can be considered best effort, there's always ways information can end up leaking out despite your best efforts in trying to identify it.
For critical systems the encryption key should only ever exists in a security enclave or HSM. That'd be the only way to ensure that the key cannot leak: It's nowhere in the memory to begin with.
-
The #Microsoft report on the technical investigations for #Storm0558 key acquisition is a rather interesting read.
They of course can't and don't go into specifics about the nature of the key leakage. I'm totally guessing here, but it might be that the tooling Microsoft used to detect and sanitize the #keymaterial didn't identify the key in the specific key schedule form. Maybe a new #encryption cipher was used that uses a new key schedule format that the tooling didn't support, or the cipher implementation started to store the key schedule in a new, different way.
This incident is a good example on how attempts of #sanitizing logs, memory dumps and similar of sensitive information are a losing game. At best it can be considered best effort, there's always ways information can end up leaking out despite your best efforts in trying to identify it.
For critical systems the encryption key should only ever exists in a security enclave or HSM. That'd be the only way to ensure that the key cannot leak: It's nowhere in the memory to begin with.
-
The #Microsoft report on the technical investigations for #Storm0558 key acquisition is a rather interesting read.
They of course can't and don't go into specifics about the nature of the key leakage. I'm totally guessing here, but it might be that the tooling Microsoft used to detect and sanitize the #keymaterial didn't identify the key in the specific key schedule form. Maybe a new #encryption cipher was used that uses a new key schedule format that the tooling didn't support, or the cipher implementation started to store the key schedule in a new, different way.
This incident is a good example on how attempts of #sanitizing logs, memory dumps and similar of sensitive information are a losing game. At best it can be considered best effort, there's always ways information can end up leaking out despite your best efforts in trying to identify it.
For critical systems the encryption key should only ever exists in a security enclave or HSM. That'd be the only way to ensure that the key cannot leak: It's nowhere in the memory to begin with.
-
The #Microsoft report on the technical investigations for #Storm0558 key acquisition is a rather interesting read.
They of course can't and don't go into specifics about the nature of the key leakage. I'm totally guessing here, but it might be that the tooling Microsoft used to detect and sanitize the #keymaterial didn't identify the key in the specific key schedule form. Maybe a new #encryption cipher was used that uses a new key schedule format that the tooling didn't support, or the cipher implementation started to store the key schedule in a new, different way.
This incident is a good example on how attempts of #sanitizing logs, memory dumps and similar of sensitive information are a losing game. At best it can be considered best effort, there's always ways information can end up leaking out despite your best efforts in trying to identify it.
For critical systems the encryption key should only ever exists in a security enclave or HSM. That'd be the only way to ensure that the key cannot leak: It's nowhere in the memory to begin with.
-
#ChrisLicht’s departure marks the failure of his mandate — delivered from his corporate overlords, including #WarnerBrosDiscovery CEO #DavidZaslav — to recalibrate the network’s political sensibility toward the center. To the extent that anyone ever understood what that meant for actual #CNN broadcasts, it’s now clear that it meant #sanitizing the screen in deference to the #Republican front-runner.
A disaster, in other words. -
And you should return the favor by never posting unsanitized Twitter links to the #Fediverse either 🙂
I recommend you do a search for "IndyWeb POSSE" program. Which explains the philosophy behind only posting Fediverse links into the deprecated legacy silos, and never posting unsanitized links from places there like twitter into the Fediverse.
Basically, you do a disservice posting links in the Fediverse that lead people to the very monolithic, privacy disrespecting silos that they've already left behind.
Instead, if you even bother to use those deprecated legacy silo systems, post links bringing the people there at places like twitter to content that exists here in the Fediverse, thereby providing incentives to create accounts on Fediverse platforms like #Friendica, #FunkWhale, #MicroPub, #Mitra, #PeerTube, #Pixelfed, #Pleroma, #Soapbox, #Quanta, Etc., Thereby joining the Fediverse 👍
If you find that you really must post a link leading to one of the deprecated silos, then please consider #sanitizing such links. i.e., in the case of Twitter, you can use the very popular #Nitter by just replacing the "twitter .com" with "nitter .net" in the URL.
If you're on #Android, #Fedilab does this "automagically" for you if you have safe posting enabled.
If you're on desktop, there's a whole list of similar sanitation tools you can use for #Reddit, for example, by changing the domain in the URL to #Teddit .net and similar tools for #InstaSPAM, #Quora, and many others too. For #YouTube, you can use #Invidious.
A long list of these privacy protecting utilities is provided at:
And you can install Fedilab from F-Droid too:
You can also install the #UntrackMe app at F-Droid for generating safe links when not posting to the Fediverse - desks details are at three Fedilab website above.
I hope that helps!
#tallship #FOSS #ActivityPub #POSSE #Indyweb_POSSE #privacy #fdroid
⛵
.
-
The Big List of Naughty Strings Helps Find Those User Input Problems - Any software that accepts user input must take some effort to sanitize incoming da... - https://hackaday.com/2022/09/10/the-big-list-of-naughty-strings-helps-find-those-user-input-problems/ #biglistofnaughtystrings #softwaredevelopment #sanitizing #userinput #strings #testing #xss #qa
-
The Big List of Naughty Strings Helps Find Those User Input Problems - Any software that accepts user input must take some effort to sanitize incoming da... - https://hackaday.com/2022/09/10/the-big-list-of-naughty-strings-helps-find-those-user-input-problems/ #biglistofnaughtystrings #softwaredevelopment #sanitizing #userinput #strings #testing #xss #qa