Oh fuck and boy Jesus, how on earth is this still a thing 😦

MD fucking 5 is not a fucking “secure” crypto algorithm.

This site has 14 million breached accounts with fucking MD5 hashes.

I think I’ve had to much internet for today.

YouTube: SPENDING 24 HOURS IN PRISON CHALLENGE (GONE WRONG) (GONE SEXUAL) (COPS CALLED)

devRant: SPENDING 24 HOURS STRAIGHT ON DEVRANT TELLING EVERYONE THAT APPLE IS BAD AND MY SECURITY IS BETTER (GONE WRONG) (DATA BREACHED) (DFOX CALLED)

"Our central servers firewall has been breached" - Doesn't even work on a server or anything, just his laptop

"How many proxies do we have left?"

"Around 10.200"

I don't take responsibility for any brain damage

Soooo.. facebook got breached today, 50 million accounts compromised. I'm sure that will help their stock price.. 😂

Change your passwords, ladies and gents!

When i was younger, lesser experienced and more naive than now; i got away with a lot of things. By lot of things i mean security flaws in my applications and overall architecture. I realise now i could've so easily been pawned.

Not that i claim to be totally secure even now, or would ever. It is a process, slow and painful one - Learning.

What i wish to point out is the role of favorable probability (non believers would call it luck). Security is so much about it. You get away with so many things for so long. And bang one day the roll of dice is unfavorable. On such rare occasions, just look back and wonder - damn i should've been breached long ago.

Facebook founder and CEO Mark Zuckerberg broke several days of silence in the face of a raging privacy storm to go on CNN this week to say he was sorry. He also admitted the company had made mistakes; said it had breached the trust of users; and said he regretted not telling Facebookers at the time their information had been misappropriated.
From techcrunch article.

Zomato was data breached!

I can cope with the workload and the silly client requests but I think my bullshit-threshold is very close to being breached.
One more thing and I'm not sure my brain will be able to act fast enough to stop my mouth shouting a horrible string of profanity.

F*ck you CircleCi

Disclaimer: This is all theoretical. Neither me nor my friend (with whom I discussed this) are stupid enough to even try to pursue this, but as an idea, i believe it might generate cool/new ideas/ways for handling secure communications across social groups.

Let's do some role play. Let's design a delivery app for drug dealers, think Seamless or Uber Eats, but for drugs. Not for big deliveries, like kilograms of coke, but smaller stuff. Maybe a few grams of it or something. The clients could rate dealers, and vide-versa. This would build a level of trust within the system. There would be no names, just anonymous reviews, ratings, and prices. Only the info you'd need to know.

The biggest (only?) problem we found (besides legality) was that, how would you prove that you're a client and not a snitch (or cop). This would have to somehow be handled both on signup, as well as when ordering (let's imagine that all who are clients are pure and won't ever snitch).

One of the ways we found to combat this was to have the app invite-only. This would, in theory, do away with the problem of having snitches signing up. However, what if the phone got stolen/breached by a snitch, and they also got full access to the account. One way we thought we could combat this would be with a "dispose number" or something similar. Basically, you call a number, or send a text, or message a Signal bot etc, which would lead to the account's instant termination, no traces of that user left. Hence, a dispose number.

The flow of the app would be as follows:
A client wants some amount of heroin. He opens the app, searches for a dealer, sends the him the desired amount, and in return gets back a price from the dealer. If both parties agree on the amount and price, the deal would start.

The app would then select a random time (taken from the client's selected timeframe and the dealer's "open" time) and a location (within a certain radius of both them, somewhere in between them both for convenience). If both of them accept the time and place, they'll have to meet up at said time and place.

The actual delivery could also be done using two dead drops - the client drops the money at one of them, the dealer drops the goods at the other one. Yes, this might be subject to abuse, but it wouldn't be that bad. I doubt that clients would make huge orders to unknown/badly rated dealers, as well as dealers accepting offers from badly rated clients. My idea is that they would start small, just so if they do lose their money/goods, the actual loss wouldn't be as big for them, but for the other party, having bad ratings would mean less clients willing to buy or dealers willing to sell.

A third way would be to use crypto, but the reason I left this as the last one is because it's not that wide-spread yet, at least not in local drug dealing. With this method, the client would initiate the order, the crypto would be sent to either the dealer or an escrow account, the dealer would then drop the goods at a random place and let the client know where to go to get them. After the client has gotten the goods, they could both review/rate the quality as well as the overall experience with that dealer, which would either make or break the dealer's upcoming deals. This would be pretty much like other DNM's, but on a local scale, making deliveries faster.

So far, this would seem like something that would work. Are there any ideas that might improve this? Anything that might make things more secure/anonymous?

My reason for this post is to spark a conversation about security and anonymity, not to endorse drugs or other illegal stuff.

Cheers!

PS. Really loving the new PC design of devRant

Tip: Use the same password on all services. That way, if one gets breached, you still remember the password to the others so that you can change your password there.