@blaufish_

@blaufish_

Divine being and protector of all things unholy. Cocreator of Säkerhetspodcasten and Assured AB. Media dude for OWASP Göteborg and much other things.

www.sakerhetspodcasten.se
Vrijeme pridruživanja: rujan 2009.

Tweetovi

Blokirali ste korisnika/cu @blaufish_

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @blaufish_

  1. 10. sij

    Sweden: import tax 4 SEK but 75 SEK processing fee. Almost 2000% overhead. Sigh. So barbaric.

    Poništi
  2. proslijedio/la je Tweet
    2. sij

    Verisign completes migration of .COM zone ZSK from 1024-bit RSA to 1280-bit RSA, by retiring the 1024-ZSK from the .COM DNSKEY RRset. 🥳 RRSIG on stale DNSKEYs expires in ~9 days...

    Poništi
  3. proslijedio/la je Tweet
    2. sij

    NEW: I did a deep dive into the corporate structure behind the ToTok VoIP app. A classified US intelligence assessment (reported by NYT) says that ToTok is a spy tool developed by UAE intelligence.

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    3. sij

    This story shows why govs should care about how other govs surveil their own citizens, including through hacking. If you conduct a high-value investigation using the same unscrupulous bagman other countries use to go after soda-tax activists, you'll get hit by the blowback too.

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    3. sij

    So you’re still monitoring him through other means, you just lost the one that you hide from courts, defense counsel, and legislative oversight. And you didn't ask WA for account metadata; if you had, WA would've known not to tip off this target. I should feel sorry for you why?

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    2. sij

    European authorities turned to NSO Group last fall to track a suspected terrorist through WhatsApp—without Facebook's knowledge. FB found out, notified 1,400 WhatsApp users—including the suspect— they had been hacked, and then law enforcement went dark.

    Poništi
  7. proslijedio/la je Tweet
    1. sij

    Apple unsupported iDevices and the latest IOS version they can run, good targets for writing exploits. 2G - 3.1.3 - Spirit 3G - 4.2.1 - greenp0ison 3GS - 6.1.6 - p0sixspwn 4 - 7.1.2 - Pangu 4S - 9.3.6 - Phoenix 5 - 10.3.4 - Yalu 5C - 10.3.3 - Yalu 5S/6 - 12.4.3 - checkra1n

    Poništi
  8. proslijedio/la je Tweet
    31. pro 2019.

    "Nobody knows how they got the USPS master key" This somehow feels relevant to the encryption backdoor debate. I'm trying to put my finger on how, but I'm drawing a blank. But what do I know? Create master encryption keys and everything will be fine...

    Poništi
  9. proslijedio/la je Tweet
    29. pro 2019.

    We need better terminology to talk about complexity. I want separate category-terms for "complexity from complying with regulations" and "complexity from making the system deal with timeouts". They're both essential complexity, but also different kinds. Different effects.

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    30. pro 2019.
    Poništi
  11. proslijedio/la je Tweet

    I dagens avsnitt av går panelen igenom det gångna decenniet och året och pratar om de stora säkerhetshändelserna. Vi tittar även tillbaka till såhär års för ett år sen och ger poäng för bästa nyårsspaning, och kommer såklart med nya!

    Poništi
  12. proslijedio/la je Tweet
    20. pro 2019.

    My awesome colleagues at , Patrik and , wrote a thing on Google Cloud Platform (GCP) Security Best Practices. Check it out!

    Poništi
  13. proslijedio/la je Tweet
    16. pro 2019.

    Finally released! The ScreamerM2 is a a super awesome DMA attacker platform in a very convenient form factor. It's affordable, stable and supported by PCILeech! Happy DMA attacking 😈

    Poništi
  14. proslijedio/la je Tweet

    I dagens avsnitt av diskuterar vi nya problem i Intel-processorer, en riktigt stor dataläcka, Jespers nya open-source projekt, och mycket mer!

    Poništi
  15. proslijedio/la je Tweet
    11. pro 2019.

    SGX Plundervolt attack: ".. the scientists' ability to use previous research into the undocumented model-specific register inside the x86 instruction set to abuse the dynamic voltage scaling interface that controls the amount of voltage used by a CPU"

    Poništi
  16. proslijedio/la je Tweet
    11. pro 2019.

    One by one today, Republicans took turns condemning the FBI's use of surveillance powers they long supported.

    Poništi
  17. proslijedio/la je Tweet
    10. pro 2019.

    We present TL;DR First ever fault injection attack on Intel SGX enclaves. Abuses an undocumented software-based interface to undervolt the CPU. Extract full crypto keys and trigger memory safety violations in bug-free code. Read the paper at

    , , i još njih 3
    Poništi
  18. proslijedio/la je Tweet
    11. pro 2019.

    The best part of the “going dark” debate is that we have to pretend sophisticated attacks by nation-states and criminals are some kind of Gibsonian sci-fi fantasy. It’s 2019. Theres a multi-billion dollar industry around attacking phone security systems.

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    11. pro 2019.

    “Haha, what do you think — that criminals are going to break into Apple and steal their keys?” Well actually yes, I do. They’ll just be the kind of criminals that inhabit conference rooms and fancy business hotels in Dubai.

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    11. pro 2019.

    Qualys Security Advisory - Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) < Beautiful! Wonder how found it?

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·