DanielMicay

@DanielMicay

Security researcher working on mobile privacy/security. Memory allocators, compilers, language design, attestation, sandboxing, permission models, etc.

Toronto, Ontario, Canada
github.com/thestinger
Vrijeme pridruživanja: lipanj 2018.
19 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @DanielMicay

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @DanielMicay

  1. Prikvačeni tweet
    1. tra 2019.

    The newly created handle will be used for official project announcements. I'll continue to use this personal account to talk about GrapheneOS development work and security research. I'll be retweeting all the announcements here, so it'll remain a subset of this feed.

    1 reply 17 proslijeđenih tweetova 65 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    4. velj

    GrapheneOS 2020.02.04.01 release: .

    14 proslijeđenih tweetova 53 korisnika označavaju da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    30. sij

    HWASAN (think of it as ASAN v2) has become available to developers on Android outside of Google. If you use C or C++ on Android, please give it a try. HWASAN is also available on Aarch64 Linux with a recent kernel.

    29 proslijeđenih tweetova 101 korisnik označava da mu se sviđa
    Poništi
  4. proslijedio/la je Tweet
    27. sij

    Thrilled to see that our fuzzing efforts are now also described at .

    22 proslijeđena tweeta 137 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    7. sij

    GrapheneOS 2020.01.06.21 release: .

    20 proslijeđenih tweetova 44 korisnika označavaju da im se sviđa
    Poništi
  6. 7. sij

    Initial implementation of secure time updates for GrapheneOS from Renlord: To avoid regressions, it won't be validating certificate issuance / expiry times, so it can still fix significant time issues. Could add validation based on OS build date later.

    13 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    6. sij
    Odgovor korisniku/ci

    Starting a function name with “is” or “to” followed by a letter in C is undefined behavior

    10 replies 48 proslijeđenih tweetova 140 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    3. pro 2019.

    GrapheneOS 2019.12.02.23 release: .

    15 proslijeđenih tweetova 44 korisnika označavaju da im se sviđa
    Poništi
  9. 11. stu 2019.

    Titan M StrongBox keystore implementation uses sha256 of the Android Verified Boot key in the pkmd.bin format generated by avbtool. Qualcomm used something more complicated and may have switched to using a simple sha256 instead. It shouldn't change on existing devices though...

    4 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. 11. stu 2019.

    The verified boot key fingerprint is included in the normal hardware-based attestation, unlike the device model, and it's not supposed to change. Qualcomm may have changed how they calculate the fingerprint in their keymaster and some vendors are shipping this breaking change...

    1 reply 3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. 11. stu 2019.

    The app uses the verified boot key fingerprint as a key to look up the device in the database of known devices. It uses this to identify the device model and obtain the other information needed to verify the device, including which workarounds to apply for device-specific quirks.

    1 reply 1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. 11. stu 2019.

    It would be helpful if people submitted more samples from the OnePlus 7 Pro with Auditor. See for instructions. It appears that OnePlus may have shipped an update changing the calculation of the verified boot key fingerprint, so it's failing verification.

    1 reply 3 proslijeđena tweeta 3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. 11. stu 2019.

    Relevant:

    I'm curious if this will include an implementation of the Titan M for Pixel phones. It would be awesome if that became a fully open hardware component rather than just open firmware, so it could be added into a future custom GrapheneOS smartphone too.
    Prikaži ovu nit
    2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. 11. stu 2019.

    Devices using the Snapdragon SPU for the StrongBox keymaster could provide similar other features, but they'll probably be missing the neat approach to insider attack protection. Titan M firmware updates can only be done after the owner account is successfully unlocked on boot.

    1 reply 2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. 11. stu 2019.

    Other Titan M features: * Weaver, which enforces an exponentially increasing delay for decryption attempts * Protects state for bootloader lock mode, OS verified boot key / rollback index, factory reset protection * Insider attack protection (firmware updates require owner auth)

    1 reply 3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. 11. stu 2019.

    It's an HSM-based keystore with far better security than the traditional TEE keystore. On Pixels (3, 3 XL, 3a, 3a XL, 4, 4 XL), the StrongBox keystore is one of the features provided by the Titan M. I assume it's provided via the Snapdragon 855 SPU on the Snapdragon Note 10/10+.

    1 reply 1 proslijeđeni tweet 3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. 11. stu 2019.

    Snapdragon Galaxy Note 10 and Note 10+ are the first non-Pixel devices supported by Auditor with a StrongBox keystore. Samples from the Auditor hardware survey which were used to add support ('Submit sample data' option in menu):

    8 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    11. stu 2019.

    Auditor app version 17 released: . See the linked release notes for a summary of the notable changes and a link to the full list of commits. See and for info about the app and optional monitoring service.

    1 reply 7 proslijeđenih tweetova 20 korisnika označava da im se sviđa
    Poništi
  19. 7. stu 2019.

    Race conditions in Go are the only undefined behaviors, and in this CTF challenge they got to a remote code execution. Gophers, run your tests and pre-prod with -race.
    1 reply 2 korisnika označavaju da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    6. stu 2019.

    GrapheneOS 2019.11.05.23 release: .

    15 proslijeđenih tweetova 28 korisnika označava da im se sviđa
    Poništi
  21. 5. stu 2019.

    Custom hardware based on an SoC reference model for Android would be a great starting point, but one of the concerns that I've had is that the Titan M will be missing and it's unrealistic for GrapheneOS or our partners to take on the burden of implementing an equivalent to it.

    1 reply 9 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@DanielMicay još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·