Yolan Romailler

@AnomalRoil

Dwelling on cryptography . Sometimes playing with . I like using PGP with and smart cards, fight me :P

Vrijeme pridruživanja: travanj 2014.

Tweetovi

Blokirali ste korisnika/cu @AnomalRoil

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @AnomalRoil

  1. proslijedio/la je Tweet
    25. sij

    55. Any sufficiently successful product launch is indistinguishable from a DDoS; any sufficiently advanced user indistinguishable from an attacker. 56. Debugging any sufficiently complex open source product is indistinguishable from reverse engineering a black box.

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    19. sij

    ⏲️ As of today, we have about eighteen years to go until the Y2038 problem occurs. But the Y2038 problem will be giving us headaches long, long before 2038 arrives. I'd like to tell you a story about this.

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    21. sij

    Still one of my favorite sub-heads.

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    21. sij

    any good C implementations of GF(2^128) multiplication? (using PCLMULQDQ)

    Poništi
  5. 21. sij

    The way all concerned companies (didn't) react to this flaw is really ridiculous, especially regarding the leak of data through the search feature in Google groups 🤦🏻‍♂️

    Poništi
  6. proslijedio/la je Tweet
    20. sij

    Dear , Putting the private key for a CA blessed certificate in firmware is a bad idea. and I found a couple a couple terrible things.

    Poništi
  7. proslijedio/la je Tweet
    19. sij

    Had to verify. And yes. Kernighan and Ritchie really did this. TIL :)

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    18. sij

    This took me a few seconds to grok. They've *signed* malware with a forged Microsoft root cert and antivirus detection plummeted. Always. Bet. On. The. Hackers.

    Poništi
  9. proslijedio/la je Tweet
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    17. sij

    I have added a Yara rule to detect explicit definition of some ECC orders in a binary: . Useful to detect .

    Poništi
  11. proslijedio/la je Tweet
    16. sij

    To clarify the Windows crypto fail: The problem isn't in signature validation. The problem is the *root store/cache*. CryptoAPI considers an (attacker-supplied) root CA to be in the trust store if its public key and serial match a cert in the root store, Ignoring curve params.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    17. sij

    When you send an encrypted email with ProtonMail, your message is automatically protected with PGP encryption. What is PGP? Here’s everything you need to know about the tech behind our security promise.

    Poništi
  13. proslijedio/la je Tweet
    17. sij
    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    17. sij

    since there have been two dropped already, here's my PoC for CVE-2020-0601:

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    16. sij

    If you DON’T give your new vulnerability a spicy name, everyone else will try to do it for you, and 2 years from now nobody will remember if “Chain Of Fools” is the same bug as “CurveBall” or “Who’s Curve”. The lesson is obvious.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    16. sij

    By the way, the proper name for CVE-2020-0601 is “I Can’t Believe It’s Not A Real Curve”.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    16. sij
    Odgovor korisnicima

    P-256 use should be accompanied by a security review and/or crypto audit to make sure you're using nonces safely, etc. But P-256 is better than RSA.

    Poništi
  18. proslijedio/la je Tweet

    Strong device encryption protects all Americans from cyber threats—new vulnerabilities, like the backdoor sought by the FBI, undermines everyone’s security. Weakening encryption won’t stop criminals and terrorists, as I wrote in last month. ()

    Poništi
  19. 16. sij

    If you don't really care about the gory crypto details of the latest CryptoAPI vulnerability but would love to learn more about the big picture, don't miss nice post on ModernCISO blog, summarizing everything you need to know

    Poništi
  20. proslijedio/la je Tweet
    16. sij

    Security Advisory: Multiple Critical Vulnerabilities on Windows Systems. Read here:

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·