RSS Parrot

🦜 Paul Moore - Security Consultant  / @Paul_Reviews

@nitter.poast.org.paul.reviews@rss-parrot.net

I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.

---

Twitter feed for: @Paul_Reviews. Generated by https://nitter.poast.org

Your feed and you don't want it here? Just e-mail the birb.

Site URL: nitter.poast.org/Paul_Reviews

Feed URL: nitter.poast.org/paul_reviews/rss

Posts: 10

Followers: 1

x.com/DurhamCyber/status/204…

https://nitter.poast.org/Paul_Reviews/status/2049403265050194231#m

Published: April 29, 2026 08:19

nitter.poast.org/DurhamCyber/status/204…

.@ProtonPrivacy is one of those suites I can wholeheartedly recommend. Moved over a while back and honestly, I wish I'd moved sooner.

https://nitter.poast.org/Paul_Reviews/status/2048767845387870526#m

Published: April 27, 2026 14:14

.@ProtonPrivacy is one of those suites I can wholeheartedly recommend. Moved over a while back and honestly, I wish I'd moved sooner. Proton Drive (@ProtonDrive) Fixed it — https://nitter.poast.org/ProtonDrive/status/2048750762302308479#m

Loving the new @intel #arc #b50pro drivers. Having no visible mouse cursor is a nice touch. Really makes your day that much more interesting!

https://nitter.poast.org/Paul_Reviews/status/2048655964010602874#m

Published: April 27, 2026 06:50

Loving the new @intel #arc #b50pro drivers. Having no visible mouse cursor is a nice touch. Really makes your day that much more interesting!

Over a month later, no response whatsoever from @holysquad_uk and they're still leaking all customer #data in every country. Disgraceful.

https://nitter.poast.org/Paul_Reviews/status/2048022578757877907#m

Published: April 25, 2026 12:53

Over a month later, no response whatsoever from @holysquad_uk and they're still leaking all customer #data in every country. Disgraceful. Paul Moore - Security Consultant  (@Paul_Reviews) No response whatsoever from @Holysquad_uk regarding a critical…

Interesting use of the word "secretly".

https://nitter.poast.org/Paul_Reviews/status/2047567919786217941#m

Published: April 24, 2026 06:46

Interesting use of the word "secretly". DogeDesigner (@cb_doge) NEWS: Meta is secretly making BILLIONS from scam ads! Last year Meta made $16 BILLION (10% of all their money) from ads related to scams, illegal gambling & banned stuff. A new lawsuit…

Bypassing the #EU #ageVerification app - part 2. This time, it's v2026.04-2 - which won't run on rooted devices & has encrypted shared preferences. If we ignore the fact they've used a 6 year old deprecated library, they haven't actually solved the problem at all. An attacker can just as easily delete ciphertext as plain text. Ironically, they've tried to solve a problem they don't truly understand... much like the concept itself.

https://nitter.poast.org/Paul_Reviews/status/2047288336511897632#m

Published: April 23, 2026 12:15

.@NCSC's latest advice is to use #passkeys everywhere you can and rely on a #passwordManager elsewhere. Chris Hosking @SentinelOne goes further and suggests passkeys remove entire classes of attack. https://www.dailymail.com/news/article-15757827/Stop-passwords-online-GCHQ-passkeys-hackers.html It sounds like great advice and it's technically accurate in many respects, but the gap between theoretical security standards and real-world implementation is significant. Passkeys are unlikely to see world-wide adoption for many, many years to come; with large companies & government upgrade cycles measured in years. In theory, that's fine... just use a password manager where passkeys aren't available. But, it's more nuanced than that and the devil's in the detail. The vast majority of password managers, particularly in a desktop context, shim the navigator.credentials call and don't just place themselves inside the trust chain, they entirely replace it. When time permits, I'm about to write up a detailed #security review of #Roboform - which until very recently, contained many critical security flaws, including the ability to silently obtain signed passkey challenges via XSS. Granted, that's a worst-case scenario... but the issue remains even if the password manager is "secure". The trust a relying party places in passkeys is far greater than #passwords... but the majority of password managers nullify passkey safeguards. 1. Origin binding The origin binding aspect is nearly always nullified completely, or severely downgraded. The point of enforcement is no longer the browser, but in Javascript inside an extension. 2. User consent/interaction FIDO-compliant tokens require both user presence & user interaction. In the native flow, the browser shows a system-level UI prompt that no javascript can supress/access, spoof or dismiss. Once the navigator.credentials call is shimmed, again, this protection is nearly always nullified or downgraded; replaced with a javascript popup accessible in contexts beyond the current domain. They can fake user consent & presence - and often do. 3. Attestation After shimming, it's an entirely false attestation... the very premise of passkeys. Private keys are often reduced to JSON objects, accessible across contexts. Their security collapses to the security of the password manager itself. Many simply fake their AAGUID. Roboform, for example, pretends to be a Microsoft Authenticator for Android. Even if a relying party blacklists untrusted AAGUIDs, the ability to spoof them means any trust placed upon tokens signed by them is misplaced. The entire AAGUID model is trust-based anyway, to an extent. 4. Phishing resistance Passkeys are phishing resistant by design, because the browser binds the credential to the relying party's origin. After shimming, origin checks are handled by javascript inside the extension and are regularly broken. Again, the security of the passkey collapses to the security level of the password manager. Even if it's entirely "secure", the assertion is false. The attestation suggests AAL2 (or 3) but in reality, it's AAL<1. 5. Credential isolation The native flow isolates credentials across relying parties, such that total failure should only ever affect one origin. After shimming, the extension has access to all passkeys at once, regardless of the current domain. Any XSS in the site/extension potentially exposes every single passkey assertion - all at once. The same is true of a password manager with passwords, but it's a regression from the isolation guarantees passkeys are supposed to provide. 6. Replay protection In the native flow, the browser generates clientDataJSON including the challenge, which the authenticator signs over. Once shimmed, the entire ceremony is handled in code. If the relying party or extension doesn't implement session-bound challenges, the bearer token could be replayed/stolen. 7. Credential exporting Private key material is supposed to be stored in a secure enclave or equivalent - such that key material cannot be exfiltrated under any circumstances. Password managers typically do not leverage these trusted environments, instead using JSON or similar to persist and disseminate key material across devices. That's (arguably) fine for AAL1/AAL2 requirements, but materially fails for AAL3. Crucially, it fails silently to the relying party. In summary, using a password manager to manage passkeys nearly always degrades or entirely nullifies the benefits of passkeys themselves, all while making you & the site feel safer. That might be an acceptable risk to you, but do not assume passkeys remove entire classes of attack. Implementation/deployment matters.

https://nitter.poast.org/Paul_Reviews/status/2047267776788668676#m

Published: April 23, 2026 10:54

The @EU_Commission has released an update to patch out the issues I raised last week, v2026.04-2 (https://ageverification.dev/releases/#release-notes_1) Honestly, I don't know if I should laugh or cry. Let's review each one: 1. On-device data: database and settings encrypted at rest, with keys protected by the device’s hardware-backed key store. Sounds great, until you look closer. They introduced http://androidx.security:security-crypto, deprecated in 2025. Also http://androidx.security.crypto.EncryptedSharedPreferences, deprecated in 2025. Finally, http://androidx.security.crypto.MasterKeys, which were deprecated in 2020. 3 deprecated dependencies introduced following criticism over weak security. These weren't left over and missed during an update... they've added them now to "harden security". Remember, this isn't an isolated app. It's intended to lay the foundation for many production applications; all using deprecated security libraries from the outset. Worse, they already correctly use KeystoreController in their codebase. The correct answer already existed and they still got it wrong. 2. Runtime: the app checks device integrity on startup and refuses to run on rooted or jailbroken devices. Production deployments should complement it with stronger device-attestation mechanisms appropriate to their infrastructure and compliance requirements. They check for su, check package manager for root apps, run "which su" and checks if it's a custom ROM. Paths: /system/bin/su /system/xbin/su /sbin/su /system/su /data/local/su /data/local/bin/su /data/local/xbin/su /system/app/Superuser.apk /system/app/SuperSU.apk Great... in 2015. These are all trivially bypassed in 2026. 3. Passport onboarding: more stable scanning; the passport photo is stored privately and deleted as soon as it’s no longer needed. They're still not encrypted, so I'm not sure what "privately" means - but they are deleted correctly now. 4. PIN: stricter rules block easy-to-guess PINs; PINs are salted and hashed, never stored in plain form. They salt correctly (a true CSPRNG), then use PBKDF2-SHA256 - which is outdated and only recommended where FIPS compliance is required, which doesn't apply here. To make matters worse, they use just 210,000 iterations. For those of a NISTy disposition, you're likely already shaking your head. 210,000 seems oddly specific. It is. It's the @owasp minimum for PBKDF2-SHA512, not SHA256. Right number, wrong algorithm. In reality, OWASP recommended 600,000 iterations as a minimum in 2023. Worse still, 600,000 is the baseline minimum for passwords, not PINs with 1 million permutations. You could use 1B iterations, you're not measurably increasing security when there are so few attempts required to break it. At the very least, use a modern hash with reasonable brute-force resistance against a 2026 threat model. All this... cited as a "first hardening step". Again, utter security theatre. None of this negates my fundamental point. This isn't fixable through code - it's fundamentally ill-conceived and poorly implemented.

https://nitter.poast.org/Paul_Reviews/status/2047043703173513635#m

Published: April 22, 2026 20:03

The @EU_Commission has released an update to patch out the issues I raised last week, v2026.04-2 (ageverification.dev/releases…) Honestly, I don't know if I should laugh or cry. Let's review each one: 1. On-device data: database and settings encrypted…

I've spent the last week replying to reporters re: #EU #ageVerification with increasingly complex explanations. Let me give the clearest, most concise reason why #anonymous age verification can not work by asking the same question. How old is ___________?

https://nitter.poast.org/Paul_Reviews/status/2046979145066783083#m

Published: April 22, 2026 15:47

Useful little feature, but it doesn't do what you might think. Most sites account for time drift of +/- 30 seconds to account for differences in clock sync, so this doesn't measurably decrease security whilst increasing usability. How often have you typed the first 2/3 chars, only for it to time out and reset? Great stuff Proton, but please... upgrade your crypto so you're a viable choice.

https://nitter.poast.org/Paul_Reviews/status/2046315616823591340#m

Published: April 20, 2026 19:50