Conversation

twitter.com/DanielMicay/st Some people think that verbally assaulting makes them good at infosec, in fact they know nothing

Quote Tweet

Daniel Micay

@DanielMicay

Nov 2, 2018

twitter.com/Ricrdo31523064 en.wikipedia.org/wiki/Dunning%E One day, maybe I'll be able to understand how having security updates for the kernel, drivers and firmware is a 'hardware firewall'. I do think IOMMUs and other hardware-based mitigations are important if that counts... *shrug*

Replying to

Maybe cut down on the hysteria and victim complex, in addition to not posting a lot of nonsense to my feed.

Replying to

Crap, seriously you are arguing with him !!

Replying to

and

I have already concluded that I am wasting my time arguing with him, I also realized that I will not learn anything from him :)

Replying to

and

Do you really know who you have been arguing with ?, Daniel implemented substantial malloc and linux hardening into android.

Replying to

and

Cat, he erased his tweets, now start to think why he did it. I'm just a humble bird, nothing more :)

Replying to

and

No, I didn't erase my tweets. My responses to you are all still there. Stop lying please.

Replying to

and

Okay Micay I'll stop bothering you but do not say that stock roms are the best. BTW firmware vulnerabilities were easy to solve.

Replying to

and

I didn't say that. I pointed out that a Nexus 5 has hundreds of serious, unfixed disclosed vulnerabilities regardless of which custom ROM you choose. They don't even come close to addressing the problem of it being end-of-life.

Replying to

and

Using an alternate OS preserving the standard security features and providing full security updates is great. Even better if it builds upon the baseline security of AOSP rather than rolling it back with added attack surface, crippled SELinux policy and disabled mitigations.

Replying to

and

You have a serious misunderstanding of what I've been saying. Good: using a robust alternative OS with full security updates on a device with proper support for other OSes. Bad: using an OS substantially reducing security from AOSP and not providing the full security updates.

6:31 AM · Nov 3, 2018Twitter Web Client

Replying to

and

An OS is also only part of the overall picture. It can't make up for lacking support for various OS exploit mitigations at a hardware level, a 32-bit address space, lack of verified boot, insecure firmware, lack of IOMMUs isolating components, etc.

Replying to

and

What is the OS is going to do to protect you when you have a Wi-Fi SoC running a secondary OS vulnerable to assorted remote exploits, and with zero isolation from the rest of the system? An attacker gaining code exec there has kernel / root in the OS without an IOMMU set up...

Show replies