Jonathan Leitschuh → ShmooCon

@JLLeitschuh

Software Engineer at Gradle | Security Researcher Helping secure the Open Source Ecosystem | Dropper of 0days (Responsibly) | Opinions are my own | He/Him

Boston MA
Vrijeme pridruživanja: svibanj 2010.

Tweetovi

Blokirali ste korisnika/cu @JLLeitschuh

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @JLLeitschuh

  1. Prikvačeni tweet

    This is my of a security vulnerability impacting 4+ Million of 's users who have the Zoom Client installed on Mac. Zoom had 90-days + two weeks to resolve this and failed to do so.

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    31. sij

    “communication is key. let the researcher know that you’re working on a fix, and ask them for help”

    Poništi
  3. proslijedio/la je Tweet

    A day prior to the Travelex hack, its parent company was worth $2.1 Billion. A month later it is now worth $764 Million. The CEO owns 63% of the shares, which puts his personal loss around $850 Million.

    Prikaži ovu nit
    Poništi
  4. I'm speaking at this Friday about the Zoom 0-Day!

    Poništi
  5. I just googled "jenkins csrf remote code execution" and what do I find but a GitHub GIST I published 11 months ago. Glad I put things where Google will help me find them later.

    Poništi
  6. proslijedio/la je Tweet
    22. sij

    PSA: Retrying flaky tests alone is just a fancy way of ignoring tests. You must also fix the underlying causes. Monday I'm going to do a 1-hour webcast about doing just that. Sign up here if you're interested: ⚡️

    Poništi
  7. I could relate to thus so much. Worth the read!

    Poništi
  8. The industry-wide decommission of HTTP in favor of HTTPS for JVM artifact servers is finally here! This is the culmination of several months of research I did back in the beginning of 2019. It's pretty awesome to see this security shift for an entire language ecosystem.

    Poništi
  9. proslijedio/la je Tweet
    14. sij

    Tomorrow, 1/15, we will be enforcing HTTPS for all connections to Maven Central. Any unencrypted requests to Central will result in a 501 error. See the following blog post for additional context on this change.

    Poništi
  10. proslijedio/la je Tweet
    13. sij

    Want to give feedback on CodeQL? Want to share your query writing experience, or get community help? Want to discuss all things security? Join our slack workspace:

    Poništi
  11. proslijedio/la je Tweet
    9. sij

    Update: Want to take over the Java ecosystem? All you need is a MITM! suggests Jan 13-15, 2020 will break 21% of the industry’s build infrastructure. 6 months on since his initial article, where are we now and what does the future hold?

    Poništi
  12. Poništi
  13. CVE-2017-18638: A module I submitted to for detecting a vulnerability in Graphite is now live! Here's 's original writeup about exploiting this vuln as part of an exploit chain for a $12,500 Bug Bounty from

    Poništi
  14. Curses! My SSRF exploit seems to have been prevented by docker's --cap-drop=all configuration.

    Poništi
  15. Thanks to , (), & for joining this initiative to help safeguard the security of the JVM supply chain!

    Prikaži ovu nit
    Poništi
  16. 🚨 Warning to JVM Developers 🚨 January 13th-15th, 2020 will break over 21% of the industry’s Java/JVM build infrastructure. Major ecosystem artifact servers will only be supporting HTTPS after this date!

    Prikaži ovu nit
    Poništi
  17. MD5: 344aab9758bb0d018b93739e7893fb3a

    Poništi
  18. proslijedio/la je Tweet

    I love Hacking's Not a Game by Gregory B. White (of fame). Teaches young kids that their actions (not just hacking) have consequences. Will definitely buy this book for the little ones I know.

    Poništi
  19. proslijedio/la je Tweet
    6. sij

    Your Java builds might break starting January 13th (if you haven't yet switched repo access to HTTPS)

    Poništi
  20. True story, I have experience with this vuln in the real world. Couldn't convince the impacted organization to fix the issue though.

    Poništi
  21. CVE-2019-10758: I was the one to report this issue to the maintainers (and created the initial RCE POC). I spotted it thanks to which had a query that reported this issue.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·