Will StrafachVerified account

@chronic

building great things. breaking others. | founder & | email: will@wstraf.me

worldwide
sudosecuritygroup.com
Joined October 2009
1,826 Photos and videos Photos and videos

Tweets

You blocked @chronic

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @chronic

  1. Pinned Tweet
    6 Feb 2017

    I just published “76 Popular Apps Confirmed Vulnerable to Silent Interception of TLS-Protected Data”

    30 replies 181 retweets 252 likes
    Undo
  2. Retweeted
    11 hours ago

    Presenting Collectra — an up-to-date statistics dashboard with device and version popularity, allowing tweak developers to have a better idea of the jailbroken iOS ecosystem.

    14 replies 37 retweets 220 likes
    Show this thread
    Show this thread
    Undo
  3. Retweeted
    Jul 7

    For the first time since the KPP, tvOS has a stable Jailbreak! Working on a firmware that is STILL SIGNED too!! And Apple finally fixed the issue with apps made for newer versions not downloading; They now offer you a compatible version. There is no reason to not JB your AppleTV!

    its alive!!!! for 10.2.2 -> 11.1 electraTV 11.2/11.3 coming VERY soon.
    15 replies 71 retweets 204 likes
    Undo
  4. Retweeted
    Jul 8

    Just two days after announcing my newsletter, it has 275 subscribers. The support has been incredible — a huge thank you to everyone. The first one went out this morning. You can read it here: Get it delivered every Sunday here:

    12 replies 29 retweets 106 likes
    Undo
  5. Retweeted
    Jul 6

    Shortcuts (left), Workflow (right). I am so happy to see this full app intact. And not only that, it can do even more things that they would never be able to do as a third-party developer. Gotta be one of Apple’s best app acquisitions (since, like, Final Cut Pro)

    22 replies 152 retweets 736 likes
    Undo
  6. Retweeted
    Jul 6

    With help from 👏

    Electra for iOS 11.2-11.3.1 is now available! Note: First run will require rebooting. Make sure to re-run electra after the first reboot to continue jailbreak.
    14 replies 84 retweets 677 likes
    Undo
  7. Retweeted
    Jul 6

    Electra for iOS 11.2-11.3.1 is now available! Note: First run will require rebooting. Make sure to re-run electra after the first reboot to continue jailbreak.

    1,489 replies 2,646 retweets 6,339 likes
    Undo
  8. Jul 6

    fact stated very simply: serving executable content (HTML/JS) over plaintext HTTP creates an unnecessary and very real attack surface for your users, totally independent of the sensitivity of whatever actual content you are serving.

    2 replies 2 retweets 7 likes
    Show this thread
    Show this thread
    Undo
  9. Jul 6

    many folks see HTTPS as protecting the encapsulated data from being read, which is true, but it's important to remember that it also protects that data from being modified. all someone would need to do is be near your phone/computer while you use it. HTTP = big liability.

    1 reply 2 retweets 9 likes
    Show this thread
    Show this thread
    Undo
  10. Jul 6

    the idea of is very handy, but seems there is a hugely important factor not explicitly stated: serving over plain HTTP gives an opportunity for an attacker to throw a WebKit or other web based exploit into user traffic, pwning non-updated phones/computers

    2 replies 2 retweets 22 likes
    Show this thread
    Show this thread
    Undo
  11. Retweeted
    Jul 5

    New wild story: employee of NSO, a company selling high end, remote iPhone hacking tools to governments, allegedly stole the company's source code + malware, tried to sell it to unauthorized parties for $50 million. Highlights serious risk of proliferation

    11 replies 479 retweets 493 likes
    Show this thread
    Show this thread
    Undo
  12. Jul 5

    full speed ahead

    Just got my hands on — saying that my mind is blown is an understatement. This is the future of iOS security research. (and my eternal fear of bootlooping my physical devices is gone!) Huge thanks to and !
    4 replies 14 retweets 106 likes
    Undo
  13. Retweeted
    Jul 4

    New York Cops Are Hacking iPhones With Secretive $15,000 GrayKey

    3 retweets 10 likes
    Undo
  14. Jul 3

    this is highly likely. approval process does not provide security.

    Replying to @Sonikku_a2 @chronic
    I get the feeling that App Store approval process primarily involves scanning for private API usage, and not a whole lot else. To be fair, I don't have much insight into this process to make any claims backed up by facts.
    3 retweets 6 likes
    Undo
  15. Jul 3

    FYI - this is absolutely in iOS apps as well. and some may have mic functionality.

    Mobile app records Android screen and sends recorded video to 3rd party company without informing user. (from )
    Show this thread
    5 replies 4 retweets 16 likes
    Undo
  16. Retweeted
    Jul 3

    Here's a fun thing that's kinda significant: the UIKit apps in macOS Mojave are the exact same build as in iOS 12. This suggests that Marzipan apps will be updated in lockstep with iOS, and are not some weird fork for the desktop on their own delayed schedule. Huge implications

    5 replies 59 retweets 235 likes
    Show this thread
    Show this thread
    Undo
  17. Jul 3

    respectfully, the author of this post does not fully understand the feature. they are incorrect. would be happy to be proven wrong with a PoC of some new vuln I do not know about though.

    Thoughts?
    3 replies 6 retweets 18 likes
    Undo
  18. Jul 3

    The Complete Guide To Getting Every Corruption Secret Immediately Leaked

    Scott Pruitt repeatedly asked his 25-year-old staffers to put hotel reservations on their personal credit cards rather than his -- then refused to pay them back. Breathtaking.
    1 reply 3 retweets 13 likes
    Undo
  19. Jul 3

    key difference which I hope more folks pick up on

    oh shit. developers of the Edison email app – which I use(d) – had their employees reading users’ email: I’ve never cared much about the “Gmail is scanning your emails!” thing because it was done by an automated system. Humans doing it is VERY different.
    Show this thread
    2 retweets 6 likes
    Undo
  20. Retweeted
    Jul 1

    New: Homeland Security has subpoenaed Twitter for the account information on a data breach finder.

    3 replies 135 retweets 108 likes
    Show this thread
    Show this thread
    Undo
  21. Retweeted
    Jul 1

    Gee, I wonder why 😜 (my money is firmly on a shared App Store and universal binaries between iOS and macOS on ARM)

    0:21
    macOS Mojave LaunchServices now supports launching flat-style app bundles like iOS. This means that you can create universal app bundles that will work on both iOS and macOS using fat Mach-O executables with x86_64 and ARM64 slices. (cc. )
    7 replies 27 retweets 133 likes
    Undo

@chronic hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·