Update: the 01:18 entry got edited. "Security exercise" is gone, now it says they're rotating keys after a research team confirmed an exploit in one of their AWS environments. So you called it. Incident-driven, not hygiene. Good catch.
O
olearysec@infosec.exchange
@olearysec@infosec.exchange
Posts
-
I have a few questions... -
I have a few questions..."Unplanned" just means it wasn't on the maintenance calendar, not that it's an accident. A planned key rotation they didn't pre-announce lands there by default.
And it went from "doing maintenance" to "it's a security exercise" — that's the opposite of how a breach reads. Those escalate into an advisory and a "rotate your keys" email. None of that here. Fair to side-eye given the month we're having, but this looks like hygiene.
-
Finally set up Keyoxide for decentralized identity verification.Finally set up Keyoxide for decentralized identity verification. If you're not familiar: it lets you cryptographically link your PGP key to your social accounts without trusting a central authority (RIP Keybase).
The setup:
• Add proofs as notations in your PGP key
• Platforms verify via your published key
• Anyone can check the chain independentlyAlso enabled WKD so my key auto-fetches:
gpg --locate-keys contact@olearysec.comGuide I followed: docs.keyoxide.org