Conversation

twitter.com/DanielMicay/st Some people think that verbally assaulting makes them good at infosec, in fact they know nothing

Quote Tweet

Daniel Micay

@DanielMicay

Nov 2, 2018

twitter.com/Ricrdo31523064 en.wikipedia.org/wiki/Dunning%E One day, maybe I'll be able to understand how having security updates for the kernel, drivers and firmware is a 'hardware firewall'. I do think IOMMUs and other hardware-based mitigations are important if that counts... *shrug*

Replying to

Maybe cut down on the hysteria and victim complex, in addition to not posting a lot of nonsense to my feed.

Replying to

Crap, seriously you are arguing with him !!

Replying to

and

I have already concluded that I am wasting my time arguing with him, I also realized that I will not learn anything from him :)

Replying to

and

Do you really know who you have been arguing with ?, Daniel implemented substantial malloc and linux hardening into android.

Replying to

and

Cat, he erased his tweets, now start to think why he did it. I'm just a humble bird, nothing more :)

Replying to

and

No, I didn't erase my tweets. My responses to you are all still there. Stop lying please.

Replying to

and

Okay Micay I'll stop bothering you but do not say that stock roms are the best. BTW firmware vulnerabilities were easy to solve.

Replying to

and

I didn't say that. I pointed out that a Nexus 5 has hundreds of serious, unfixed disclosed vulnerabilities regardless of which custom ROM you choose. They don't even come close to addressing the problem of it being end-of-life.

6:26 AM · Nov 3, 2018Twitter Web Client

Replying to

and

Using an alternate OS preserving the standard security features and providing full security updates is great. Even better if it builds upon the baseline security of AOSP rather than rolling it back with added attack surface, crippled SELinux policy and disabled mitigations.

Replying to

and

You have a serious misunderstanding of what I've been saying. Good: using a robust alternative OS with full security updates on a device with proper support for other OSes. Bad: using an OS substantially reducing security from AOSP and not providing the full security updates.

Show replies

Replying to

and

It will not be impossible to hack ,but if someone tries, it will be very difficult to gain access, even with roms with vulnerabilities will be hard.

Replying to

and

There are hundreds of unfixed long term, publicly disclosed vulnerabilities with public proof of concepts available... the vulnerabilities have been disclosed for up to 2+ years at this point. They're exposed via Wi-Fi, Bluetooth, web browsing (GPU, etc.), media handling...