Riatre

@_riatre

(maybe) a (reverse) engineer

Shanghai, China
riat.re
Vrijeme pridruživanja: ožujak 2010.
6 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @_riatre

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_riatre

  1. proslijedio/la je Tweet
    17. sij

    It just goes on to show that in the absence of detailed official information, people are perfectly happy to make up an explanation without never mind verifying it, but not even trying to see if it is consistent or reasonable! This is wrong.

    4 proslijeđena tweeta 21 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. 15. sij

    Late to the party but yeah, confirmed this bug can indeed be used to fake signature of any ECDSA intermediate CA. Left side is an unpatched VM. Didn't bother filling all those strange x509 extension fields required by modern browsers so no fancy in browser screenshot.

    1 reply 27 proslijeđenih tweetova 54 korisnika označavaju da im se sviđa
    Poništi
  3. 15. sij

    -2020-0601 But seriously, I can't believe it that it really was only comparing public key, more so some parts of the code compares MD5(public_key) before patch, insane...

    5 korisnika označava da im se sviđa
    Poništi
  4. 15. sij

    -2020-0601 If I didn't read the code wrong, it may need slightly different certificate list construction to exploit Authenticode signature / other scenarios.

    1 korisnik označava da mu se sviđa
    Poništi
  5. 14. sij

    I like how their implementation uses undocumented flags of a public API...

    5 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    3. stu 2019.

    Slides of ’s talk “Security, Moore’s law, and the anomaly of cheap complexity”. Important points how the abundant complexity we see today relates to general-purpose computing. Imho, thinking of security as “absence of unintended functionality” could help.

    5 replies 24 proslijeđena tweeta 55 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    5. kol 2019.

    one of the most interesting things about this work is that it might be the gateway drug that finally leads to widespread deployment of real memory safety for C and C++

    Adopting the Arm Memory Tagging Extension in Android
    19 proslijeđenih tweetova 100 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    12. tra 2019.

    In fact 11 USB bugs in the first few hours. But we know >100 are coming. That's all triggerable by anything plugged into USB. Kudos to

    syzbot has started reporting bugs in the Linux kernel USB drivers that can be triggered by a malicious USB device:
    5 replies 166 proslijeđenih tweetova 279 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    20. ožu 2019.

    Fuzzilli, my JavaScript engine fuzzer, is now open source: \o/ Keep an eye on the Project Zero bugtracker in the next few weeks for some of the bugs found with it. Also let me know if you encounter any problems when using it! :)

    12 replies 488 proslijeđenih tweetova 1.104 korisnika označavaju da im se sviđa
    Poništi
  10. 8. ožu 2019.

    Spent like an hour remapping L -> N, T -> Y, B -> D, ...

    1 reply 3 korisnika označavaju da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    7. velj 2019.

    ClusterFuzz, an infrastructure used for fuzzing Chrome and OSS-Fuzz, is open source now! Enjoy responsibly :) Blog: Code:

    234 proslijeđena tweeta 424 korisnika označavaju da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    5. lis 2018.

    Low cost/janky China implant: take an ATtiny microcontroller, solder it onto the unused SOIC8 SPI flash footprint on a Supermicro motherboard (pinout is compatible), program it to override some reads, stick a decoy transformer/coupler coil on top.

    20 proslijeđenih tweetova 73 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. 4. lis 2018.

    So, can we finally have full trusted boot (preferably customizable) on all components of modern x86 servers after this big blow? Sure it does not help if the entire supply chain is poisoned but it can at least make things harder.

    3 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    12. ruj 2018.

    T8020 has pointer authentication ayyyyyyyyyyyyyyyyyy iOS exploitation is great again

    13 replies 35 proslijeđenih tweetova 287 korisnika označava da im se sviđa
    Poništi
  15. 28. kol 2018.

    Solved. Finally. Wasted way too much time on the final challenge T_T

    24 korisnika označavaju da im se sviđa
    Poništi
  16. 21. kol 2018.

    It's 2018 and AWS Lightsail's "SSH key pair manager" still does not accept ed25519 public keys, nor ECDSA.

    1 reply 1 proslijeđeni tweet 5 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    16. kol 2018.

    There is a finite supply of most things except new JS frameworks and new ML frameworks.

    13 proslijeđenih tweetova 41 korisnik označava da mu se sviđa
    Poništi
  18. proslijedio/la je Tweet
    15. kol 2018.

    This speculation saga just keeps getting worse and worse, which goes on to show that there's a huge disconnect between CPU designers and security researchers. This is the CPU equivalent of foo = bar[untrusted]; if (untrusted > bound) return 0; do_stuff(foo);. Who does that?!

    1 reply 3 proslijeđena tweeta 25 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. 2. kol 2018.

    Economics is too hard for me :<

    3 korisnika označavaju da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    24. lip 2018.

    I’m so tired of non-economists telling me about the magic of cryptocurrency. This paper is a public service. Here’s an ungated version:

    This is the first deep, pioneering economics paper I've seen about Bitcoin and cryptocurrency: I really wish NBER working papers were ungated, so more crypto enthusiasts could read it.
    50 replies 234 proslijeđena tweeta 678 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@_riatre još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·