Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @HaifeiLi
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @HaifeiLi
-
Prikvačeni tweet
Blog post: Re-enjoying the ActiveX (and others) Fun in Chinese Customized Browsers https://justhaifei1.blogspot.com/2017/09/re-enjoying-activex-and-others.html ….
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Thanks everyone! Wow, I was truly impressed by the TTD feature on Windbg Preview, seems easy to perform taint analysis, as well as many others. Definitely top 1 of my learning list.https://twitter.com/haifeili/status/1166150206712270850 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Dear Twitter, I’m wondering if there’s a dynamic taint analysis tool for “process-wide” (not OS-wide) data tracking? Like a plugin for Windbg? It outputs all the instructions that touches/copies my data.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I think it's a good thing to have a closer look of the Flash attack vectors on various popular apps, so this is the work of "Killing Flash, Killing It Everywhere - A Comprehensive Analysis of the Flash Attack Vector", also presented last wk @ KCON conf. https://sites.google.com/site/zerodayresearch/flash_attack_vector.pdf …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Foxit Software has acknowledged the issue https://www.foxitsoftware.com/support/security-bulletins.php ….https://twitter.com/HaifeiLi/status/1162073322869231617 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Haifei Li proslijedio/la je Tweet
Thanks for the mention, I wasn't aware of that. Without the Safe Reading Mode it is RCE by default :/
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I’m wondering if there’s real Foxit Reader user in my Twitter followers & affected by this? Love to hear back if your Safe Reading Mode found disabled.https://twitter.com/haifeili/status/1162073322869231617 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Now let's give some credit to the vendor Foxit, they responded quickly and fixed the issue. Users who update now should receive the correct upgrade package.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Therefore, I recommend all Foxit Reader users check the Safe Reading Mode setting manually, if it’s disabled, you need to fix it asap (I suggest uninstall Foxit Reader first, then download the latest version from official site, then double check it manually).pic.twitter.com/qLJYrgPD7K
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It means that all Foxit Reader users who updated the software in that period are impacted, also note that Foxit Reader receives updates automatically, so fair to guess most Foxit Reader users are probably vulnerable at this point (if they ever updated in the period).
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
How long has it lasted? Well I'm not quite sure, but I 1st encountered the issue in April this year when working on a paper, at that time the latest Foxit Reader version was 9.5, now it's 9.6.. So, at least it lasted 4 months, fair to guess it could have lasted longer.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A brief investigation by me showed that the bug is due to that Foxit pushed the incorrect upgrade package (.fzip) on their cdn server. When the incorrect package is installed, it disables the Safe Reading Mode.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Simple words, it's very easy to get hacked (by opening malicious PDF file) if the Safe Reading Mode is disabled.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Also, if it's disabled, embedded Flash exploit (in a PDF) will run automatically! We will talk more about the Flash attack vector at KCON security conf later this month in Beijing, you're welcome to attend http://kcon.knownsec.com .
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
What does it mean if the "Safe Reading Mode" is disabled on Foxit Reader? Lots of bad things could happen.. A blog post from
@insertScript well explained it https://insert-script.blogspot.com/2017/08/a-tale-about-foxit-reader-safe-reading.html ….pic.twitter.com/X6t9WMcuWl
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[THREAD] Yup! Foxit Reader just fixed a very weird & critical bug I encountered, simply put: the security option "Safe Reading Mode" is disabled when user updates their Foxit Reader (via the default updating process).pic.twitter.com/Qsn0oG8WNF
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Long time no actual bug reporting to
@msftsecresponse but I just ran into the situation “we determined.. not fix.. thank you” like old time again.. No single word of why? Can’t we have a little transparency? It’s not cool to ppl who spent lot time researching & reporting to you.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Haifei Li proslijedio/la je Tweet
FOR IMMEDIATE RELEASE - Threatbutt SWATCH TIME AI https://pastebin.com/mjtBcxbr
#Blackhat2019#BlackHatUSA#defcon2019#DEFCON27#FridayFeeling#toiletops#ai#moneygrabHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Kudos to MS as now they could talk about things like this, however the thing still puzzling me is that how and how could Outlook/Exchange bugs are not in scope of your many bounty programs??
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.