Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @GuidoVranken
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @GuidoVranken
-
Prikvačeni tweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
GNU libc sinl() stack corruption https://sourceware.org/bugzilla/show_bug.cgi?id=25487 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Guido Vranken proslijedio/la je Tweet
CVE-2020-0601: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0601 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Guido Vranken proslijedio/la je Tweet
Sources say this disclosure from NSA is planned to be the first of many as part of a new initiative at NSA dubbed "Turn a New Leaf," aimed at making more of the agency's vulnerability research available to major software vendors and ultimately to the public.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Guido Vranken proslijedio/la je Tweet
This particular flaw is assigned as CVE-2020-0601. NSA says it exists in Win10 systems from July 2015 onward and Win Server 2016. My read on that is it's "critical" in those OSes, but may be present and less of a concern in older versions of Windows but we'll know more soon.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Guido Vranken proslijedio/la je Tweet
Kubernetes started using
@Hacker0x01 today: https://hackerone.com/kubernetes , pays: 50$ min.#hackerone#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Guido Vranken proslijedio/la je Tweet
Announcing BLAKE3!
* Faster than MD5, SHA-1, SHA-2, SHA-3, and BLAKE2
* Merkle tree: unlimited parallelism, verified streaming
* Builtin MAC, KDF, XOF
* One algorithm, no variants
* Rust crate: https://crates.io/crates/blake3
Try it: cargo install b3sum
http://blake3.io pic.twitter.com/QJWIwi44go
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
BoringSSL double-free. Nice! https://boringssl.googlesource.com/boringssl/+/2c58c2fda1c1da4131f35f58289f44d87cedbb8d …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Conversely, just moving uninitialized data around (eg. with memcpy, without branching) does not trigger valgrind/MSAN. That's why I often explicitly write function output to /dev/null to force evaluation in my fuzzers.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DJB shows creative use of valgrind/MemorySanitizer; run the crypto operation with an uninitialized key. If branching on uninitialized data is detected it might not be constant-time (because branching can lead to timing differences).pic.twitter.com/TmwgrP2GGS
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
High-assurance crypto software by
@hashbreaker and@hyperelliptic at#36C3https://media.ccc.de/v/36c3-10893-high-assurance_crypto_software …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
BN_nist_mod_384 stops working as intended if you compile LibreSSL with clang -fsanitize=object-size -fno-sanitize-recover=object-size Optimization levels don't seem to affect it (at least using Clang. Maybe with other compilers). https://github.com/libressl-portable/openbsd/blob/3dbdf9c83cf0768056945e0d18ed77af17831c22/src/lib/libcrypto/bn/bn_nist.c#L969 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This is a reduction of something found in LibreSSL by the great OSS-Fuzz. x(12) (call it from another file) returns 2 with clang -O2, and 0 otherwise. And if you remove the printf, it returns 0 even with clang -O2 (Heisenbug).https://gist.github.com/guidovranken/88da11e0f96e0d8bae52b9ab96afc9c2 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Guido Vranken proslijedio/la je Tweet
The RIPE NCC Community Projects Fund Selection Committee has announced the 2019 funding recipients! Seven projects have been selected, and you can find out more about each one at: https://www.ripe.net/support/cpf/funding-recipients-2019 …pic.twitter.com/1Seayngi8l
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
JavaScript fuzzing with libFuzzerhttps://github.com/guidovranken/libfuzzer-js …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Because Squid maintainers and the Internet Bug Bounty are completely unresponsive, I've decided to publish the patch for the Squid remote buffer overflow, so people can patch ahead of an official release, whenever that may happen.https://github.com/squid-cache/squid/pull/519 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
OpenSSL CVE-2019-1551: Incorrect consttime modular exponentation, found after 1.5 years of bignum fuzzing at OSS-Fuzzhttps://github.com/openssl/openssl/pull/10574 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Find Squid bug for bug bounty. Write RCE exploit. Inform vendor (Oct. 5 2019). Send patch. Squid stops responding. Ask Internet Bug Bounty what to do. No response. So here I am with a with a major internet software 0day that nobody cares to move forward. Welcome to 2014.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
See this post by
@scarybeasts for a demonstration of code execution through auto-thumbnailing a crafted file https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-compromising-linux-desktop.html …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This commit fixes over a dozen memory bugs in the xvid decoder found by OSS-Fuzz. Media codecs are the Achilles heel of desktop security and need much more scrutiny. Chrome auto-download + OS auto-thumbnailing might even amount to 0 click RCE. http://websvn.xvid.org/cvs/viewvc.cgi?view=rev&revision=2177 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
