Karan Saini's Avatar

Karan Saini

@karansaini.com.bsky.social

hacker, researcher. blog at karansaini.com New Delhi

270 Followers  |  380 Following  |  46 Posts  |  Joined: 06.06.2023  |  2.1676

Latest posts by karansaini.com on Bluesky

VPN vendors have huge budgets to advertise on your favorite podcasts.

We don't have marketing for the IETF, browser and OS security teams, CAs (Let's Encrypt), CDNs, researchers, open source authors, website builders, digital rights activists...

We made the web secure and didn't tell anyone.

20.12.2024 03:46 β€” πŸ‘ 824    πŸ” 180    πŸ’¬ 10    πŸ“Œ 5
Preview
Why Apple sends spyware victims to this nonprofit security lab | TechCrunch Cybersecurity experts, who work with human rights defenders and journalists, agree that Apple is doing the right thing by sending notifications to victims of mercenary spyware β€” and at the same time r...

NEW: Cybersecurity experts, who work with human rights defenders and journalists, agree that Apple is doing the right thing by sending notifications to victims of mercenary spyware β€” and at the same time refusing to forensically analyze the devices.

β€œThese notifications have been a game changer."

20.12.2024 14:24 β€” πŸ‘ 104    πŸ” 38    πŸ’¬ 3    πŸ“Œ 7

The @phrack.org 72 CFP horny emojipasta has hit the chats

18.12.2024 19:25 β€” πŸ‘ 51    πŸ” 21    πŸ’¬ 3    πŸ“Œ 0
Poor quality scan of a black and white image from a newspaper from March of 1990 called The Vindicator, a photo of a man with receding hair and a bushy beard and moustache who may be handcuffed. Caption reads "Joseph Popp is led from federal court in Cleveland. The suburban Cleveland man us accused of distributing computer disks with a virus that locked up machines in England and Africa."

Poor quality scan of a black and white image from a newspaper from March of 1990 called The Vindicator, a photo of a man with receding hair and a bushy beard and moustache who may be handcuffed. Caption reads "Joseph Popp is led from federal court in Cleveland. The suburban Cleveland man us accused of distributing computer disks with a virus that locked up machines in England and Africa."

It took quite a while hunting through newspaper archives, but this is what Joseph Popp actually looked like when he was arrested. Weird that someone considered the grandfather of ransomware is so poorly documented. Sources online get the date of his death wrong & the spelling of his middle name too.

19.12.2024 10:59 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

Holy crap

12.12.2024 20:19 β€” πŸ‘ 98    πŸ” 37    πŸ’¬ 10    πŸ“Œ 6
Preview
White House official: 8 US telecom providers hacked by Chinese | CNN Politics US officials believe Chinese hackers breached at least eight US telecommunications providers in their quest to spy on top US political figures as part of a hacking campaign that has affected dozens of...

White House official: 8 US telecom providers hacked by Chinese
www.cnn.com/2024/12/04/p...

04.12.2024 21:31 β€” πŸ‘ 9    πŸ” 8    πŸ’¬ 0    πŸ“Œ 1

first name + .forsale 🫨

02.12.2024 05:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Twitter has been storing your β€˜deleted’ DMs for years Including those sent to and from deactivated or suspended accounts

I found in 2019 that DMs were soft deleted, you could even fetch both deleted DMs and DMs exchanged with deactivated accounts from the Twitter API and the account archive. www.theverge.com/2019/2/15/18...

02.12.2024 05:43 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I wrote a series of blogs (that I’ll be adding to as I go) that document times in the #history of #hacking that journalists found themselves becoming part of the story that they were writing about #hackers. I labeled the blogs β€œHackers & Reporters”.

30.11.2024 21:03 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0

This is your reminder that DMs here are _not encrypted_. They're not even really part of ATProto.

It's on the roadmap, but that's not the case now. DMs are centralized and unencrypted. Behave accordingly.

22.11.2024 17:29 β€” πŸ‘ 63    πŸ” 27    πŸ’¬ 5    πŸ“Œ 2
Preview
GitHub - electricduck/atfile: πŸ“¦βž”πŸ¦‹ Store and retieve files on the ATmosphere πŸ“¦βž”πŸ¦‹ Store and retieve files on the ATmosphere. Contribute to electricduck/atfile development by creating an account on GitHub.

I know this is in the Drop I just posted, but y'all really need to try out ATFile β€” github.com/electricduck...

It lets you upload & download arbitrary files to Bluesky's Blob storage (or any ATptodo PDS).

The Blobs don't show up in your timeline, they just "exist".

Store your MP3 collection!

1/2

20.11.2024 20:20 β€” πŸ‘ 23    πŸ” 2    πŸ’¬ 2    πŸ“Œ 2

come for the malware, stay for the posts

20.11.2024 20:36 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
US charges five accused of multi-year hacking spree targeting tech and crypto giants | TechCrunch The five alleged hackers are accused of stealing millions of dollars in crypto, and corporate data from several victims all over the world.

NEW: The U.S. government has announced charges against five alleged hackers who targeted several companies stealing millions of dollars in crypto, and corporate data.

DOJ says the hackers are part of the infamous Scattered Spider cybercrime group.

techcrunch.com/2024/11/20/u...

20.11.2024 19:37 β€” πŸ‘ 29    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0

as a gamer ive eliminated thousands of moo deng like creatures for their various parts . Ive completed countless quests using their pain

14.11.2024 05:49 β€” πŸ‘ 38794    πŸ” 3284    πŸ’¬ 207    πŸ“Œ 161

was just inviting people over!

10.11.2024 19:07 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

It’s legal in the United States under the Truth in Caller ID Act, 2009, in certain circumstances. It’s unlawful when done with the intent of defrauding others. The rationale behind allowing it is that some businesses might want to advertise their pay-per-minute or toll-free number when they call.

30.07.2024 13:56 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

what video? :)

29.07.2024 17:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Ha! I wouldn’t have thought, but that is great. They seem active too!

And yes. They’re currently relying on reports from subscribers, which could indicate a lack of adequate automated detection at the telecom operator level.

Thanks for reading!

29.07.2024 17:40 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

What is being done about caller ID spoofing in India? My piece for the Text and Context section in The Hindu today.

29.07.2024 17:29 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 3    πŸ“Œ 0
Preview
GitHub - qurbat/blocked-hosts: A periodically updated list of websites known to be blocked in India A periodically updated list of websites known to be blocked in India - GitHub - qurbat/blocked-hosts: A periodically updated list of websites known to be blocked in India

This project now catalogues over 10,000 websites known to be blocked on the ACT Fibernet network. 4,226 new hostnames were added since the last update in June. github.com/qurbat/block...

31.12.2023 17:03 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
What BharOS, India’s β€˜homegrown’ answer to Android, says about our credulity In a development that has sparked outrage among India's free and open source software communities, it has come to light that India's much-hyped β€˜indigenously de

BharOS was touted as an indigenously developed secure and private mobile operating system. But is it? My piece for The News Minute from today. www.thenewsminute.com/news/what-bh...

20.10.2023 19:01 β€” πŸ‘ 9    πŸ” 7    πŸ’¬ 0    πŸ“Œ 0
SC Refuses to Hear Plea Seeking Audit into Source Code of Software Used in EVMs A three-judge Bench, headed by Chief Justice D.Y. Chandrachud, disallowed the petition on the grounds that making the source code public would make the machines vulnerable to hacking.

The Supreme Court has dismissed a petition requesting for the source code of Electronic Voting Machines to be made public. The court stated that publishing the source code would make EVMs vulnerable. This line of reasoning is fallacious and ill-informed. m.thewire.in/article/law/...

25.09.2023 10:38 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

You can create a post with an arbitrary date and time from the past if you call the Bluesky post creation API directly. bsky.app/profile/sain...

21.09.2023 08:13 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

It turns out that you can pass an arbitrary datetime value for the 'createdAt' parameter when creating a new post. I've linked a post of mine below with a datetime value of 1970-01-01T00:00:00.000Z. The datetime value appears to have been offset to January 1, 1970, 5:30 AM, Indian Standard Time.

20.09.2023 19:51 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 2    πŸ“Œ 1

It's quite possible it is only happening in India. I was only able to confirm that the post in question was withheld in India at the request of the Government (users from other countries were able to access it), but I wasn't able to confirm whether the same notice is shown to non-Indian users.

19.09.2023 15:28 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Twitter (X) seems to no longer display a notice for when a given post has been blocked at the request of the Government. Instead, a nondescript notice is shown, simply reading "This Post is unavailable."

19.09.2023 15:20 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 2    πŸ“Œ 0

this site needs a badge i can pay $8 a month for to trick people into thinking I am a Mod

13.08.2023 17:23 β€” πŸ‘ 5089    πŸ” 717    πŸ’¬ 46    πŸ“Œ 10
Preview
Can't Deny A Citizen's Statutory Rights For Not Having Aadhar Card: Telangana High Court Reiterates The Telangana High Court has reiterated that a citizen of India cannot be denied his/her statutory rights for not possessing an Aadhar Card.

www.livelaw.in/high-court/t...

04.09.2023 09:43 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

starting something new

27.08.2023 13:27 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

more like a SMUGshot! siri please send when official headshot released. siri please dim lights and set alarm for 9:30 am.

24.08.2023 23:51 β€” πŸ‘ 86    πŸ” 7    πŸ’¬ 1    πŸ“Œ 0

@karansaini.com is following 20 prominent accounts