Skip to content

Instantly share code, notes, and snippets.

View soatok's full-sized avatar

Soatok Dreamseeker soatok

379 followers · 4 following
View GitHub Profile
@soatok
soatok / Disclosure-Timeline.md
Created August 16, 2024 23:42
Soatok's Matrix Disclosure, 2024-08-14

Disclosure Timeline

  • 2024-05-15: I took a quick look at the Matrix source code. I identified two issues and emailed them to their security@ email address.In my email, I specify that I plan to disclose my findings publicly in 90 days (i.e. on August 14), in adherence with industry best practices for coordinated disclosure, unless they request an extension in writing.

  • 2024-05-16: I checked something else on a whim and find a third issue, which I also email to their security@ email address.

  • 2024-05-17: Matrix security team confirms receipt of my reports.

  • 2024-05-17: I follow up with a suspected fourth finding–the most critical of them all. They point out that it is not actually an issue, because I overlooked an important detail in how the code is architected. Mea culpa!

@soatok
soatok / 00-readme.md
Last active February 4, 2022 14:38
Email with full headers
@soatok
soatok / bottom-responder.php
Last active September 14, 2023 20:03
Bottom Responder
<?php
/**
* Usage: Run this from the command line to generate a secure passphrase in the format
* of stereotypical bottom keymashing.
*
* php bottom-responder.php | xclip
*
* Why? Because furries ruin everything, including bottom jokes.
*/
function random_str(int $length, string $charset): string {
@soatok
soatok / README.md
Last active December 11, 2021 02:08
Proctorio .7z deobfuscation script
@soatok
soatok / auth-key-exchange.md
Created July 24, 2019 20:37
Authenticated Key Exchange (Notes)

AKE Notes

You                                                 Friend
 \              {   I N T E R N E T   }             /
  ()---[]------[]--------[]------Z ? 7-----[]------()

1. Encryption!

@soatok
soatok / decryptor.php
Created October 5, 2017 06:06
<?php
declare(strict_types=1);
$password = 'OwO what\'s this?';
$alg = SODIUM_CRYPTO_PWHASH_ALG_DEFAULT;
$opslimit = SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE;
$memlimit = SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE;
$salt = 'YIFFYIFFYIFFYIFF';
@soatok
soatok / letter.md
Last active May 22, 2016 09:35
Open Letter to Tomorrow's Furry Website Owners

If you don't make security a top priority, you will get breached. If you take nothing else away from this letter, let it be those words.

Let's talk, furries.

As we all know, FurAffinity got hacked not too long ago. Rather than rehash the events as they're still unfolding, let's just call it a grease-fire that the staff are desperately trying to put out by