Threema: analysis of a secure messenger

[EDIT: 09.01.2023]: Threema has reacted to the publication in bold terms: The [research] paper is based on an old protocol that is no longer in use. The presented findings do not apply to Threema’s current communication protocol “Ibex” or have already been addressed. None of them ever had any considerable real-world impact. See how the story develops. Threema is a Swiss encrypted messaging application which has been widely advertised as a secure alternative to Signal, WhatsApp or Wire....

January 9, 2023 · 3 min · 9x0rg

Protect a parked domain without email

DNS entries for a parked domain that does not send emails but has a website Hostname Type TTL Data @ MX 1800 0 . @ TXT 1800 "v=spf1 -all" *._domainkey TXT 1800 "v=DKIM1; p=" _dmarc TXT 1800 "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;" DNS entries explained Null MX Explicitly configure an ’empty’ MX record according to RFC7505. @ 1800 IN MX 0 . SPF Set an an empty policy and a hard fail. @ 1800 IN TXT "v=spf1 -all" DKIM *....

January 5, 2023 · 1 min · 9x0rg

Sign the web0 manifesto

## web0 is the decentralised web ## web3 = **decentralization** + blockchain + NFTs + metaverse web0 = **decentralization** - blockchain - NFTs - metaverse web0 = **decentralization** In other words, web0 is web3 without all the corporate right-libertarian Silicon Valley bullshit – Aral Balkan1 Head over here and sign the web0 Manifesto. This will probably not change the world overnight but let these different voices be heard. Thank you....

December 28, 2022 · 1 min · 9x0rg

About Me

$ whoami Hi there, My name is Olivier Falcoz. I am a random French-speaking dude who go by the alias of 9x0rg. You might have crossed me under the nicknames of elpanzer or panz’ in the past. I’m a Infosec & risk management professional at day, formerly based in the Asia-Pacific region and now impatriated in Provence. I’ve been one of the maintainer of two MTB-related websites during my years in Asia; KLMBH an association perpetuating the tradition of the running Hash1 but on a mountain bike and TRAKS, a trail conservancy NGO in Malaysia....

Ditching WhatsApp [updated]

[First published on September 05, 2016] I am ditching WhatsApp, following Facebook’s decision to begin harvesting data from its messaging service. Even though Motherboard claims “it may be possible to prevent WhatsApp to give your phone number to Facebook” (LOL) WhatsApp will still harvest your metadata. “Sharing metadata with Facebook still exposes users to significant risks,” says Claire Gartland, consumer protection counsel for the Electronic Privacy Information Center. “Facebook will have data indicating who WhatsApp users communicate with and how frequently, and connecting WhatsApp users with their social media accounts and broader online activity, associations, political affiliations, and more....

June 14, 2018 · 2 min · 9x0rg

Chiffrement de messagerie instantanée: à quel protocole se vouer?

Vu sur le site de l’ANSSI: Accompagnant la prise de conscience généralisée du besoin de sécuriser ses communications électroniques, de nombreuses applications de messagerie (quasi) instantanée ont fait leur apparition sur les ordiphones. Toutes annoncent un haut niveau de sécurité, laissant ainsi l’utilisateur dans le doute, vis-à-vis du niveau réel de sécurité à escompter. Donc, que privilégier entre Signal, Telegram ou XMPP? Je ne cite pas WhatsApp/Facecrook à dessein, hein....

November 15, 2017 · 1 min · 9x0rg

A HTTP 404 by Peugeot

Nice pun Mailfence: the Peugeot 404, the first car I remember as a child. With red leather seats. What a beauty.

November 9, 2017 · 1 min · 9x0rg

Robots are the future, aren't they?

– Cover of The New Yorker, Oct. 23 2017

October 16, 2017 · 1 min · 9x0rg

Trump's foreign policy moments

– Matt Wuerker - Politico

October 5, 2017 · 9x0rg

Personal data isn't the 'new oil' - it's toxic waste

Personal data isn’t the new oil - it is toxic waste. Companies should: Create as little as, Regularly clean it, Store it securely – Terence Eden on Twitter

September 22, 2017 · 9x0rg