Joseph Cox at 35c3

@josephfcox

Hackers/crime/tech . Signal ☎️+44 20 8133 5190. Wickr 📳 josephcox. XMPP 🔑 jfcox@jabber.ccc.de 📨joseph.cox@vice.com

Joined March 2011
123 Photos and videos Photos and videos

Tweets

You blocked @josephfcox

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @josephfcox

  1. Pinned Tweet
    Dec 18

    everyone on twitter is an idiot

    75 replies 71 retweets 461 likes
    Show this thread
    Show this thread
    Undo
  2. Retweeted
    3 hours ago

    There is a culture of thievery in some corners of America's most storied newsroom.

    To be clear, this is not a mistake from the NYTimes. It is a deliberate decision to not credit us. Here are our DMs with the author saying ~he read our piece closely~ and admitting we ~have the same docs~. NYTimes is awful at this
    Show this thread
    4 replies 62 retweets 156 likes
    Undo
  3. 3 hours ago

    To be clear, this is not a mistake from the NYTimes. It is a deliberate decision to not credit us. Here are our DMs with the author saying ~he read our piece closely~ and admitting we ~have the same docs~. NYTimes is awful at this

    9 replies 165 retweets 323 likes
    Show this thread
    Show this thread
    Undo
  4. 4 hours ago

    Cash machine at busted. If you plan to drink, bring cash. Or whiskey.

    2 replies 1 retweet 14 likes
    Undo
  5. Retweeted
    Dec 27

    😡 Four weeks ago I discovered I am still shared on a Google Drive folder of photos my abusive ex controls and is actively putting photos into. At the same time I learned there is **no way to remove your own access from a folder you have been given view-only access to**.

    20 replies 232 retweets 504 likes
    Show this thread
    Show this thread
    Undo
  6. Retweeted
    23 hours ago

    This is a really impressive story: One impressive part is that it doesn't mention that broke most of this ground, and more, in a massive story four months ago:

    2 replies 22 retweets 83 likes
    Show this thread
    Show this thread
    Undo
  7. Retweeted
    4 hours ago

    This explains why I was struck with the "hey, I read it before." In fact, someone told me about it and my reaction was "wait, are you talking about something new or old?" A link and a short phrase acknowledging that the documents published and analyzed before was mandatory here.

    Left: doc the NYTimes published in its new piece on Facebook. Right: the same internal document we published, back in... August. Piece also includes other docs we have published, that no one else has. God NYTimes is awful at this
    Show this thread
    4 replies 60 retweets 125 likes
    Show this thread
    Show this thread
    Undo
  8. Retweeted
    5 hours ago

    For the New York Times, doing this again and again is inconsistent with having a leadership position in the professional community of journalists.

    Left: doc the NYTimes published in its new piece on Facebook. Right: the same internal document we published, back in... August. Piece also includes other docs we have published, that no one else has. God NYTimes is awful at this
    Show this thread
    10 replies 138 retweets 335 likes
    Undo
  9. Retweeted
    7 hours ago

    Facebook can estimate where you are just by using WiFi connection info (even if you turned off the GPS) by reverse-lookup with their WiFi-GPS association database previously:

    Facebook Android app uses permissions like Location and Phone to scan and send the data to their servers: - Bluetooth - Cell Tower: id, location area code, signal strength, etc - Your SIM card's country of origin - GPS: whether is mocked - WiFi: yours and your neighbor's
    Show this thread
    9 replies 105 retweets 127 likes
    Undo
  10. Retweeted
    8 hours ago

    . explains what happened in NYC last night: cc:

    4 replies 27 retweets 42 likes
    Undo
  11. 7 hours ago

    Reasons that if you can, and it's not too much of a pain, you may want to only link a non-public phone number to an account: - harder for hackers to reset password via SMS/call - harder for hackers to get 2FA tokens - harder for hackers to exploit issues like this

    1 reply 4 retweets 7 likes
    Show this thread
    Show this thread
    Undo
  12. 8 hours ago

    (I spoke to Twitter about this over Christmas; this email is from yesterday and the convo stretched over a few days. Maybe their position will change now it's being exploited on celebs)

    1 reply 2 retweets 7 likes
    Show this thread
    Show this thread
    Undo
  13. 8 hours ago

    On how you can SMS to tweet from a target's account if you know their number: this comes up every few years. Twitter addressed it in 2012 with this blog post: . Hackers actively using it is news, the vuln itself is not. Twitter not budging in email to me

    5 replies 25 retweets 45 likes
    Show this thread
    Show this thread
    Undo
  14. Retweeted
    Dec 27

    Musk's lawyers argue that Twitter is basically a garbage fire of misinformation and nobody expects the things they read here to be literally true. They cite two cases over tweets by President Trump, which came to the same conclusion.

    21 replies 135 retweets 269 likes
    Show this thread
    Show this thread
    Undo
  15. Retweeted
    Dec 27

    Elon Musk's lawyers say that when he falsely calls someone a pedophile on Twitter, that's just an "imaginative attack," protected by the First Amendment, so he can't be sued.

    44 replies 166 retweets 318 likes
    Show this thread
    Show this thread
    Undo
  16. 21 hours ago

    Failing to credit previous reporting is not only unfair to the journalists, but a disservice to the reader: when there is so much news, so much coverage, you can't expect a reader to keep up with what is new and what isn't. Acknowledge what you're building on, show them.

    11 replies 141 retweets 568 likes
    Show this thread
    Show this thread
    Undo
  17. Retweeted
    21 hours ago

    Hackers Make a Fake Hand. Vein authentication: “When we first spoofed the system, I was quite surprised that it was so easy”

    1 reply 70 retweets 103 likes
    Undo
  18. 21 hours ago

    We credit other outlets. Throughout our summer of Facebook coverage, we repeatedly linked back to and mentioned earlier, similar docs the Guardian obtained. We didn't when the docs were entirely new. Clearly, we published these docs before the NYTimes. Credit other outlets.

    4 replies 76 retweets 372 likes
    Show this thread
    Show this thread
    Undo
  19. 22 hours ago

    Left: doc the NYTimes published in its new piece on Facebook. Right: the expanded internal document we published, back in... June. Piece also includes other docs we have published, that no one else has. God NYTimes is awful at this

    6 replies 123 retweets 291 likes
    Show this thread
    Show this thread
    Undo
  20. 22 hours ago

    Left: doc the NYTimes published in its new piece on Facebook. Right: the same internal document we published, back in... August. Piece also includes other docs we have published, that no one else has. God NYTimes is awful at this

    15 replies 462 retweets 842 likes
    Show this thread
    Show this thread
    Undo
  21. Dec 27

    Lesson: change your veins regularly, use complex vein patterns, and try not to use the same veins on multiple security locks.

    7 replies 59 retweets 300 likes
    Show this thread
    Show this thread
    Undo

@josephfcox hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·