Allen Householder

@__adh__

infosec as a complex system: vul disc[overy|losure], p[ro[bability|tocols]|ython|hysics], math, eco[nomics|logy], trust, & better models ∀ of it.

pittsburgh, pa
Joined July 2006

Tweets

You blocked @__adh__

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @__adh__

  1. Pinned Tweet
    13 Mar 2017

    I'm limiting twitter's access to my attention of late. Email will be seen quicker than DMs: my handle (w/o underscores) at cert dot org.

    Undo
  2. Retweeted
    Jan 31

    Phil, I got you, boo. ~ Punxsutawney Phil Drunk Dials His High School Crush - McSweeney’s Internet Tendency

    Undo
  3. Jan 31

    Days like today make me wonder: 100 years from now, who will the history books say really won the Cold War.

    Undo
  4. Retweeted
    Jan 24

    Based on suggestions from and I've updated No longer requires dumpbin.exe or listdlls.exe (if Python pefile and psutil are available). Also exports the findings as a CSV. Any reported app is a good candidate for EMET or WDEG force ASLR!

    Show this thread
    Undo
  5. Jan 24

    This just in: Ancient humans sound like Minecraft villagers.

    Undo
  6. Retweeted
    Jan 24
    Undo
  7. Retweeted
    Jan 24

    I love whoever made this 😂

    Undo
  8. Retweeted
    Jan 21

    A research study at CMU is studying challenges in enterprise network management. Networking folks: fill out this 15 minute survey FOR SCIENCE! (And/or RT please!)

    Undo
  9. Retweeted
    Jan 16

    Our understanding of vulnerabilities and their impact on a *population* or systems is super immature, especially when it comes to operational technology that is 1) mission critical but also then 2) slow to change. (1/2)

    Show this thread
    Undo
  10. Retweeted
    Jan 14

    Now that it's all public: 1) CVE-2020-0601 - Windows doesn't properly validate X.509 certificate chains. 2) CVE-2020-0609, CVE-2020-0610 - Windows Remote Desktop Gateway (not to be confused with RDP proper) unauthenticated RCE.

    Show this thread
    Undo
  11. Jan 10

    The funny part is that I remembered this ten-year old tweet. The sad part is what reminded me of it.

    Undo
  12. Retweeted
    Jan 10

    The cat's pretty much out of the bag on how to exploit this. Expect widespread exploitation attempts for CVE-2019-19781 at this point. Despite being almost a month old, there is NO PATCH from at this point. Only a (very important) mitigation.

    Show this thread
    Undo
  13. Retweeted
    Jan 7

    At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):

    Undo
  14. Retweeted
    Jan 7

    Ah yes, Travelex and the curse of unpatched critical Pulse VPN vulns leading to a major incident. People ask "why is patching so hard for orgs?" I work for a large UK hospitality org. We run Pulse Secure VPN. It took ages to sort patching out & I'll explain why, so thread..

    Show this thread
    Undo
  15. Jan 6

    This came in really handy once when I had to mask out all but one /24 in a /8 before the mandatory backoff timer on our scheduled outage triggered. Somewhere I have the sheet of paper where I did this on the fly while a colleague was on hold with the firewall vendor tech support.

    Show this thread
    Undo
  16. Jan 6

    ... 240 = 256 - 16 = 2^8 - 2^4 (/28, /20, /12, /4) 224 = 256 - 32 = 2^8 - 2^5 (/27, /19, /11, /3) 192 = 256 - 64 = 2^8 - 2^6 (/26, /18, /10, /2) 128 = 256 - 128 = 2^8 - 2^7 (/25, /17, /9, /1) 0 = 256 - 256 = 2^8 - 2^8 (/24, /16, /8, /0) ...

    Show this thread
    Undo
  17. Jan 6

    It helped me a lot when I grokked the pattern: 255 = 256 - 1 = 2^8 - 2^0 (/32, /24, /16, /8) 254 = 256 - 2 = 2^8 - 2^1 (/31, /23, /15, /7) 252 = 256 - 4 = 2^8 - 2^2 (/30, /22, /14, /6) 248 = 256 - 8 = 2^8 - 2^3 (/29, /21, /13, /5) ...

    Show this thread
    Undo
  18. 22 Dec 2019

    Idea to save democracy: each person’s vote weighted by their remaining life expectancy. Ensure people only have as much influence as they have skin in the game.

    Undo
  19. Retweeted
    20 Dec 2019

    A little trip down memory lane this morning as people come to grips with the fact that many security folks are increasing risk. Some fun stuff:

    Undo
  20. Retweeted
    17 Dec 2019

    So if you're in the community, guaranteed you bring something to the table, but it may not be what you expect...(1)

    Show this thread
    Undo
  21. Retweeted
    14 Dec 2019

    There is a real divide which I'm just beginning to notice between people who try to do the thing that has the most chance of a good result, and people who want to maximize their chances of being able to say I told you so.

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·