Jeff Moss
@thedarktangent.defcon.social.ap.brid.gy
Founder of DEF CON & Black Hat. Member of the UK Gov Cybersecurity Advisory Board & The Council on Foreign Relations.
Working to get Hackers and […]
[bridged from https://defcon.social/@thedarktangent on the fediverse by https://fed.brid.gy/ ]
Working to get Hackers and […]
[bridged from https://defcon.social/@thedarktangent on the fediverse by https://fed.brid.gy/ ]
I hope next year some more projects move to #tor .onion space. With all the censorship and aggressive attempts to unmask domain name and site owners it feels like he pressure to do so is building.
The benefits of .onion right now:
- No Certificate Authorities required
- No reliance on DNS
- […]
The benefits of .onion right now:
- No Certificate Authorities required
- No reliance on DNS
- […]
Original post on defcon.social
defcon.social
November 11, 2025 at 8:57 AM
I hope next year some more projects move to #tor .onion space. With all the censorship and aggressive attempts to unmask domain name and site owners it feels like he pressure to do so is building.
The benefits of .onion right now:
- No Certificate Authorities required
- No reliance on DNS
- […]
The benefits of .onion right now:
- No Certificate Authorities required
- No reliance on DNS
- […]
Reposted by Jeff Moss
#defconsingapore update:
Now that we've wrapped up a very successful DC Bahrain, we're excited to turn our focus to #singapore. If you want to be involved, we've still got open calls for Creators and Trainers!
You can find out about those calls and learn […]
[Original post on defcon.social]
Now that we've wrapped up a very successful DC Bahrain, we're excited to turn our focus to #singapore. If you want to be involved, we've still got open calls for Creators and Trainers!
You can find out about those calls and learn […]
[Original post on defcon.social]
November 10, 2025 at 11:54 PM
#defconsingapore update:
Now that we've wrapped up a very successful DC Bahrain, we're excited to turn our focus to #singapore. If you want to be involved, we've still got open calls for Creators and Trainers!
You can find out about those calls and learn […]
[Original post on defcon.social]
Now that we've wrapped up a very successful DC Bahrain, we're excited to turn our focus to #singapore. If you want to be involved, we've still got open calls for Creators and Trainers!
You can find out about those calls and learn […]
[Original post on defcon.social]
Reposted by Jeff Moss
Happy Circulatory System Walking Through The Kitchen Day to those who celebrate
November 10, 2025 at 8:52 AM
Happy Circulatory System Walking Through The Kitchen Day to those who celebrate
Reposted by Jeff Moss
Looks like Elon's vibe-coding idiots managed to screw up the last remaining good thing from Twitter: the search syntax. Specifically, parentheses. You can no longer build complicated search expressions with parentheses.
Now would be a great time for Mastodon to implement full boolean search syntax.
Now would be a great time for Mastodon to implement full boolean search syntax.
November 10, 2025 at 3:09 AM
Looks like Elon's vibe-coding idiots managed to screw up the last remaining good thing from Twitter: the search syntax. Specifically, parentheses. You can no longer build complicated search expressions with parentheses.
Now would be a great time for Mastodon to implement full boolean search syntax.
Now would be a great time for Mastodon to implement full boolean search syntax.
@PET_Symposium Do you know if there are any plans to post the PETS videos from 2024 and 2025?
November 9, 2025 at 6:59 AM
@PET_Symposium Do you know if there are any plans to post the PETS videos from 2024 and 2025?
Reposted by Jeff Moss
This commentary by Lawrence Stowe nails it on why sanctioning bulletproof hosting providers doesn't work unless you also revoke their network resources at the same time (or preferably before sanctions are announced/leaked) […]
Original post on infosec.exchange
infosec.exchange
November 7, 2025 at 4:59 PM
This commentary by Lawrence Stowe nails it on why sanctioning bulletproof hosting providers doesn't work unless you also revoke their network resources at the same time (or preferably before sanctions are announced/leaked) […]
November 7, 2025 at 6:14 AM
Reposted by Jeff Moss
#defcon crew beginning to arrive for #defconbahrain.
Trainings begin Nov 3, and the event runs Nov 5 and 6.
more info here:
https://defcon.org/html/defcon-bahrain/dc-bahrain-index.html
Trainings begin Nov 3, and the event runs Nov 5 and 6.
more info here:
https://defcon.org/html/defcon-bahrain/dc-bahrain-index.html
November 2, 2025 at 1:27 AM
#defcon crew beginning to arrive for #defconbahrain.
Trainings begin Nov 3, and the event runs Nov 5 and 6.
more info here:
https://defcon.org/html/defcon-bahrain/dc-bahrain-index.html
Trainings begin Nov 3, and the event runs Nov 5 and 6.
more info here:
https://defcon.org/html/defcon-bahrain/dc-bahrain-index.html
Reposted by Jeff Moss
The anti-vaccine movement has the same talking points now as it did in the 1800’s. It’s always been a rejection of science, scientists, and progress, with a soupçon of paranoia.
Below is a slide for a talk I’m preparing that illustrates the identical strategies. I have more examples, too.
Below is a slide for a talk I’m preparing that illustrates the identical strategies. I have more examples, too.
![Slide with the title “The anti-vaccination movement has no new material”.
Montague R. Leverson,
Lawyer, Liar, Quack
1895
Robert F. Kennedy, Lawyer, Liar, Quack
2025
Accuse expert vaccine advisory committees of pro-vaccine "bias"
"That commission was deliberately packed at its very outset..."
"The committee has been plagued with persistent conflicts of interest and has become little more than a rubber stamp for any vaccine".
Falsely state that vaccines cause death
"Vaccination has caused more deaths and diseases than ever has smallpox".
"This [COVID19 vaccine] is the deadliest vaccine ever made..."
Claim that healthcare practitioners and scientists are only in it for the money, not because of scientific evidence
"...Jenner was a mercenary charlatan whose ignorance and impatience of scientific methods were equaled only by his mendacity..."
"Doctors are being paid to vaccinate, not to evaluate. They're pressured to follow the money, not the science".
Use false and inflammatory words about vaccines
The "Blood-poisoning process of vaccination"
"They went on a search... looking for the most toxic things that they could find...to](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:flwgfsh2mhpoqwjwwt2mesjv/bafkreiawfvj625afa5wnrcyjftu3y2gjlyw377ksesk54mypnnln737t6i@jpeg)
November 1, 2025 at 11:22 PM
The anti-vaccine movement has the same talking points now as it did in the 1800’s. It’s always been a rejection of science, scientists, and progress, with a soupçon of paranoia.
Below is a slide for a talk I’m preparing that illustrates the identical strategies. I have more examples, too.
Below is a slide for a talk I’m preparing that illustrates the identical strategies. I have more examples, too.
I’ve enabled the new Administrator Protection feature in the latest Windows update, so far haven’t noticed any work flow differences.
November 1, 2025 at 5:37 AM
I’ve enabled the new Administrator Protection feature in the latest Windows update, so far haven’t noticed any work flow differences.
Reposted by Jeff Moss
1/ A longtime Wired editor just wrote a mush-brained essay about how he totally missed the political rot of Silicon Valley (& still doesn't get it).
But in the late 1990s, a Wired journalist warned of a toxic ideology bubbling up from tech. Paulina Borsook has largely been erased. Let's change that
But in the late 1990s, a Wired journalist warned of a toxic ideology bubbling up from tech. Paulina Borsook has largely been erased. Let's change that
September 24, 2025 at 6:36 PM
1/ A longtime Wired editor just wrote a mush-brained essay about how he totally missed the political rot of Silicon Valley (& still doesn't get it).
But in the late 1990s, a Wired journalist warned of a toxic ideology bubbling up from tech. Paulina Borsook has largely been erased. Let's change that
But in the late 1990s, a Wired journalist warned of a toxic ideology bubbling up from tech. Paulina Borsook has largely been erased. Let's change that
Is RSA Conference just not releasing their talks anymore? I see some keynotes and innovation sandbox talks on YouTube, but not all the normal talks.
October 30, 2025 at 4:10 AM
Is RSA Conference just not releasing their talks anymore? I see some keynotes and innovation sandbox talks on YouTube, but not all the normal talks.
Reposted by Jeff Moss
Good News, Everyone! We have the official dates for DEF CON 34! And to make up for the delay, we also have the dates for DEF CON 35!
Please join us at the Las Vegas Convention Center August 6-9 in 2026 and August 5-8 in 2027.
Save the dates, friends. It'll be […]
[Original post on defcon.social]
Please join us at the Las Vegas Convention Center August 6-9 in 2026 and August 5-8 in 2027.
Save the dates, friends. It'll be […]
[Original post on defcon.social]
October 29, 2025 at 6:48 PM
Good News, Everyone! We have the official dates for DEF CON 34! And to make up for the delay, we also have the dates for DEF CON 35!
Please join us at the Las Vegas Convention Center August 6-9 in 2026 and August 5-8 in 2027.
Save the dates, friends. It'll be […]
[Original post on defcon.social]
Please join us at the Las Vegas Convention Center August 6-9 in 2026 and August 5-8 in 2027.
Save the dates, friends. It'll be […]
[Original post on defcon.social]
Reposted by Jeff Moss
‘There isn’t really another choice:’ Signal chief explains why the encrypted messenger relies on AWS https://www.theverge.com/news/807147/signal-aws-outage-meredith-whittaker
‘There isn’t really another choice:’ Signal chief explains why the encrypted messenger relies on AWS
Signal was just one of many services brought down by the AWS outage.
www.theverge.com
October 28, 2025 at 12:25 PM
‘There isn’t really another choice:’ Signal chief explains why the encrypted messenger relies on AWS https://www.theverge.com/news/807147/signal-aws-outage-meredith-whittaker
Reposted by Jeff Moss
"What does antifa do?" My personal experience with antifa.
October 27, 2025 at 9:10 PM
"What does antifa do?" My personal experience with antifa.
You know Halloween is here when the Spooktopus is on the menu.
October 27, 2025 at 6:35 AM
You know Halloween is here when the Spooktopus is on the menu.
Reposted by Jeff Moss
I have mostly kept my two twitter accounts alive out of some kind of morbid curiosity; watching something that belonged to all of us dismantled and destroyed by ONE idiotic male. But these new changes break the model completely.
➡️ Fediverse, brace for another migration.
➡️ Fediverse, brace for another migration.
October 26, 2025 at 8:49 PM
I have mostly kept my two twitter accounts alive out of some kind of morbid curiosity; watching something that belonged to all of us dismantled and destroyed by ONE idiotic male. But these new changes break the model completely.
➡️ Fediverse, brace for another migration.
➡️ Fediverse, brace for another migration.
Reposted by Jeff Moss
Ah, the value of being part of a social network that is decentralized...from Techdirt's Karl Bode:
"Last week, Indiana University administrators fired the school newspaper’s (Indiana Daily Student) advisor and ordered students to stop printing the paper."
"The student journalists say that […]
"Last week, Indiana University administrators fired the school newspaper’s (Indiana Daily Student) advisor and ordered students to stop printing the paper."
"The student journalists say that […]
Original post on infosec.exchange
infosec.exchange
October 23, 2025 at 6:27 PM
Ah, the value of being part of a social network that is decentralized...from Techdirt's Karl Bode:
"Last week, Indiana University administrators fired the school newspaper’s (Indiana Daily Student) advisor and ordered students to stop printing the paper."
"The student journalists say that […]
"Last week, Indiana University administrators fired the school newspaper’s (Indiana Daily Student) advisor and ordered students to stop printing the paper."
"The student journalists say that […]
Anyone remember the name of a Fedi / ActivityPub application like Eventbrite?
October 23, 2025 at 6:28 PM
Anyone remember the name of a Fedi / ActivityPub application like Eventbrite?
Reposted by Jeff Moss
The vuln is so old it is not even easy to find the reference!
OpenBSD fixed it by adopting a non-predictable PRNG, BIND dev refused to use the same approach cuz "DNSSEC fixes this"
10 years later Dan Kaminsky rediscovered it with a better way to exploit the weakness. Vendors adopted OpenBSD's […]
OpenBSD fixed it by adopting a non-predictable PRNG, BIND dev refused to use the same approach cuz "DNSSEC fixes this"
10 years later Dan Kaminsky rediscovered it with a better way to exploit the weakness. Vendors adopted OpenBSD's […]
Original post on mastodon.social
mastodon.social
October 23, 2025 at 11:45 AM
The vuln is so old it is not even easy to find the reference!
OpenBSD fixed it by adopting a non-predictable PRNG, BIND dev refused to use the same approach cuz "DNSSEC fixes this"
10 years later Dan Kaminsky rediscovered it with a better way to exploit the weakness. Vendors adopted OpenBSD's […]
OpenBSD fixed it by adopting a non-predictable PRNG, BIND dev refused to use the same approach cuz "DNSSEC fixes this"
10 years later Dan Kaminsky rediscovered it with a better way to exploit the weakness. Vendors adopted OpenBSD's […]
Reposted by Jeff Moss
What year is this?!
I think I am taking crazy pills!
FWIW: The first ever vulnerability I reported to a vendor was a DNS cache poisoning attack against BIND due its use of predictable query IDs.
I reported it.... in 1996! […]
I think I am taking crazy pills!
FWIW: The first ever vulnerability I reported to a vendor was a DNS cache poisoning attack against BIND due its use of predictable query IDs.
I reported it.... in 1996! […]
Original post on mastodon.social
mastodon.social
October 23, 2025 at 11:42 AM
What year is this?!
I think I am taking crazy pills!
FWIW: The first ever vulnerability I reported to a vendor was a DNS cache poisoning attack against BIND due its use of predictable query IDs.
I reported it.... in 1996! […]
I think I am taking crazy pills!
FWIW: The first ever vulnerability I reported to a vendor was a DNS cache poisoning attack against BIND due its use of predictable query IDs.
I reported it.... in 1996! […]
Tor .onion sites don’t need DNS (Or Certificate Authorities) to function. Just sayin’
October 20, 2025 at 6:55 PM
Tor .onion sites don’t need DNS (Or Certificate Authorities) to function. Just sayin’
Reposted by Jeff Moss
We have started a project to re-encode all the past conferences that are no longer operating.
Generally we just focus on updates, but over time as more cons stop operating we are leaving bhind those in he older video format (HEVC) and the newer, streamable […]
[Original post on defcon.social]
Generally we just focus on updates, but over time as more cons stop operating we are leaving bhind those in he older video format (HEVC) and the newer, streamable […]
[Original post on defcon.social]
October 18, 2025 at 3:59 AM
We have started a project to re-encode all the past conferences that are no longer operating.
Generally we just focus on updates, but over time as more cons stop operating we are leaving bhind those in he older video format (HEVC) and the newer, streamable […]
[Original post on defcon.social]
Generally we just focus on updates, but over time as more cons stop operating we are leaving bhind those in he older video format (HEVC) and the newer, streamable […]
[Original post on defcon.social]