Pinned
If you are exploring #nostr, you can find me there:
npub1xmp08ww7fku05qwhy3ldgshevq368qjzas628ukpqs4wunuec0gqwgqfpf
Nick Percoco
28.6K posts
Nick Percoco
@c7five
Chief Security Officer at @krakenfx, hacker, @THOTCON OPER, @IamTheCavalry, @DEFCON NOC, @SpiderLabs founder - Opinions are my own, not my employer’s
- Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform.
- Replying to @MarioNawfal and @buda_kyivWe know the identity of the user.
- Me: That’s a great painting you are working on. 10 yo: Thanks, I learned how to do this from a *YouTuber* I watch. Me: Oh, really? 10 yo: He has this poofy hair and paints stuff like clouds, mountains and trees. Me: Bob Ross? 10 yo: Yeah! Do you know him? Me: 🤣
- Replying to @AOCSerious question: Are corporate diversity programs tokenism? If so, what is the recommended approach that doesn’t cause more harm than good?
- Data for 400 million Twitter users are for sale. Contains emails and phone numbers allegedly obtained via an API vulnerability. The sample posted shows high profile accounts including @VitalikButerin @mcuban and @briankrebs. Stay say, friends. Watch for targeted attacks!
- Replying to @c7fiveInstead, they demanded a call with their business development team (i.e. their sales reps) and have not agreed to return any funds until we provide a speculated $ amount that this bug could have caused if they had not disclosed it. This is not white-hat hacking, it is extortion!
- Replying to @mertI’ve been off caffeine for 24 years. I drank the equivalent of about 10 cups of coffee per day prior. The benefits I’ve had: - Not a slave to “needing my coffee” before I can function in the world - Not getting a headache and having a “bad day” if I don’t have caffeine when
- Update: We can now confirm the funds have been returned (minus a small amount lost to fees).Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform.
- After what we learned about the lack of basic security hygiene at Twitter and the telegraphing that today was coming, I’m genuinely curious how @elonmusk is balancing the risk that multiple reverse shells haven’t been planted by 1 of the 1000s outgoing Engineering team members.
- Crypto users are some of the most privacy and security minded users on the planet. There are also places on the planet where is it physically dangerous to access a crypto exchange without a VPN masking their destination from the local ISP. You are making some of your usersPSA: Don't use a VPN to access Coinbase. Attackers always use VPN's, so our risk models take that as a negative sign even if you're legitimately using your own account.
- Replying to @c7fiveWe’ll not disclose this research company because they don’t deserve recognition for their actions. We are treating this as a criminal case and are coordinating with law enforcement agencies accordingly. We’re thankful this issue was reported, but that’s where that thought ends.
