Skip to content

Instantly share code, notes, and snippets.

View benwerd's full-sized avatar
🍌
Banana for scale

Ben Werdmuller benwerd

🍌
Banana for scale
209 followers · 114 following
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active April 20, 2026 18:59
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@adulau
adulau / Journalism.md
Last active September 21, 2021 19:25
A joint work between Quinn Norton and Alexandre Dulaunoy on how to interact with journalists.

A joint work between Quinn Norton and Alexandre Dulaunoy on how to interact with journalists. The presentation was given at OHM2013.

Talking to the media

You've reached out, or they've reached out to you. It could be everything from a formal request to PR to someone who sat down beside you in a bar. It could be a 30 second breaking news piece, or a book 10 years in the making. Knowing a little bit about the media can make the whole exchange more fruitful and useful not only for you and the journalist, but a public that hasn't had a lot of good information about our world.

Inform yourself

@nikic
nikic / password_hashing_api.md
Created September 12, 2012 15:04
The new Secure Password Hashing API in PHP 5.5

The new Secure Password Hashing API in PHP 5.5

The [RFC for a new simple to use password hashing API][rfc] has just been accepted for PHP 5.5. As the RFC itself is rather technical and most of the sample codes are something you should not use, I want to give a very quick overview of the new API:

Why do we need a new API?

Everybody knows that you should be hashing their passwords using bcrypt, but still a surprising number of developers uses insecure md5 or sha1 hashes (just look at the recent password leaks). One of the reasons for this is that the crypt() API is ridiculously hard to use and very prone to programming mistakes.

@veganstraightedge
veganstraightedge / gist:1063033
Created July 4, 2011 08:05
blacklist of usernames
about
account
add
admin
api
app
apps
archive
archives
auth