Filippo ValsordaGeverifieerd account

@FiloSottile

I mess with cryptography. urandom ambassador. Crypto Team (but opinions ...). That TLS guy. HS/RC F'13. Cold DM :) cold email :(

London
blog.filippo.io
Geregistreerd in juni 2009
252 foto's en video's Foto's en video's

Tweets

@FiloSottile is geblokkeerd

Weet je zeker dat je deze Tweets wilt bekijken? @FiloSottile wordt niet gedeblokkeerd door Tweets te bekijken.

  1. Vastgemaakte Tweet
    23 sep.

    Want to know what the TLS 1.3 excitement is about and how it works? Watch my talk (or read the transcript)!

    6 antwoorden 114 retweets 183 vind-ik-leuks
  2. 7 uur geleden

    On my way to Hamburg for another CCC. If you're there, come see and I talk about TLS 1.3 at 21:45 on Dec 27 in Saal 2.

    3 antwoorden 7 retweets 34 vind-ik-leuks
  3. 23 dec.

    A stronger commitment than ever seen from Google. Might be good for pinning + refresh. Part of their new PKI FAQ:

    1 antwoord 17 retweets 36 vind-ik-leuks
  4. 22 dec.

    2600: be proud of being hackers. "Hacker" News: what's wrong with Trump?

    3 antwoorden 5 retweets 20 vind-ik-leuks
  5. 19 dec.

    So you want to expose Go on the Internet Excellent advice from and

    1 antwoord 63 retweets 102 vind-ik-leuks
  6. 18 dec.

    "Crypto timing attacks are impractical over WAN." Nope. Very low latency is achievable to major providers from rented VPS's.

    6 antwoorden 83 retweets 110 vind-ik-leuks
  7. 17 dec.

    TIL you can take over a twitter acct if you know their phone # & have SS7 access. Password reset via SMS (w/o email)

    . irresponsible—it is impossible to disable password reset by SMS. So does this effectively reduce 2FA to 1FA? Seems yes
    11 antwoorden 83 retweets 73 vind-ik-leuks
  8. 16 dec.

    This is interesting. I submitted a broken HTTPS link (GitHub Pages) to HN and it got to #4 anyway

    2 retweets 8 vind-ik-leuks
  9. 16 dec.

    Oh, wonderful, a Top 1m Websites list based on data instead of the skewed toolbar thingy. Fascinating data.

    6 antwoorden 65 retweets 90 vind-ik-leuks
  10. 16 dec.

    macOS 10.12.2 comes with important physical-attack protections: Option ROMs opt-out and a FileVault cold boot fix

    Grab Mac FileVault passwords from locked macs in 30 seconds!
    30 retweets 37 vind-ik-leuks
  11. 15 dec.

    So, is not joking when he says that issues in Go 1.8betaX will be fixed fast. Test the beta, don't wait!

    1 antwoord 8 retweets 18 vind-ik-leuks
  12. 14 dec.

    I'm honestly glad Evernote sparked outrage adding this to the privacy policy: we need more awareness that company-readable is the *default*.

    This is fairly astonishing. Did you know Evernote employees can view your notes and you can't opt out? (You can encrypt manually tho!)
    2 antwoorden 30 retweets 29 vind-ik-leuks
  13. 14 dec.

    ProTip: in install instructions, use $(go env GOPATH) instead of , to work with the 1.8 default GOPATH

    1 antwoord 13 retweets 26 vind-ik-leuks
  14. 13 dec.

    Halderman universally respected; this is basically a threat to damage the crown jewel of Michigan’s education system, over politics.

    "I hope a certain University of Michigan professor already has tenure," Eric Doster says in jab at hacking theories of prof
    6 antwoorden 28 retweets 40 vind-ik-leuks
  15. 13 dec.

    Wow, , really? Personal attacks and no mention of my main point, the needless problems of long term keys?

    Too Cool for PGP - a friendly rant by
    4 antwoorden 2 retweets 22 vind-ik-leuks
  16. 12 dec.

    The installer creates a CA that is used to verify the IPSEC cert, but can also sign HTTPS certs for any site. The key sits on the server.

    5 antwoorden 14 retweets 17 vind-ik-leuks
  17. 12 dec.

    Something to know about Algo: the VPN box operator, or whoever pwns it, can MitM all your TLS (!!) connections

    Meet Algo, the VPN that works
    6 antwoorden 54 retweets 69 vind-ik-leuks
  18. 12 dec.

    I need to make a new version of that Go HTTP timeouts post with 1.6-1.7 H/2 warnings and all this 1.8 goodness

    1 retweet 12 vind-ik-leuks
  19. 12 dec.

    Wow, essentially no one must be using ReadTimeout because it breaks HTTP/2 in 1.6 and 1.7 and nobody noticed 😨

    4 antwoorden 6 retweets 17 vind-ik-leuks
  20. 12 dec.

    From my DMs, an important question I need help answering: > What marks when a person is ready for employment in computer security?

    28 antwoorden 12 retweets 21 vind-ik-leuks
  21. 10 dec.

    This is silly, but I can’t get over the “biggest victory” thing. It’s just false. We thought internet would make lies useless, and instead…

    Trump's transition team statement about Russian election interference. Claims: same people who said Hussein had WMDs, election ended "a long time ago", one of biggest EC victories in history, time to move on and make America great again.
    Corrections: 1) No, they are different people. Also they are the CIA. 2) It's been about a month. 3) No; 46th biggest out of 58 ranked. 4) 🙄
    4 antwoorden 21 retweets 38 vind-ik-leuks

@FiloSottile heeft nog niet getweet.

Het laden lijkt wat langer te duren.

Twitter is mogelijk overbelast of ondervindt een tijdelijke onderbreking. Probeer het opnieuw of bekijk de Twitter-status voor meer informatie.

    Je bent misschien ook geïnteresseerd in

    ·