• Home
  • About

Saved searches

  • Remove
  • Verified account @
Suggested users
  • Verified account @
  • Verified account @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?
    New to Twitter?
    Sign up
By using Twitter’s services you agree to our Cookie Use and Data Transfer outside the EU. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads.
dakami's profile
Dan Kaminsky
Dan Kaminsky
Dan Kaminsky
@dakami

Dan Kaminsky

@dakami

We can fix it. We have the technology. OK. We need to create the technology. Alright. The policy guys are mucking with the technology. Relax. WE'RE ON IT.

Joined September 2007
  • © 2016 Twitter
  • About
  • Help
  • Terms
  • Privacy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • Verified account @
Suggested users
  • Verified account @
  • Verified account @

Retweet this to your followers?

Optional comment for Retweet
 
 

Saved searches

  • Remove
  • Verified account @
Suggested users
  • Verified account @
  • Verified account @
140

Are you sure you want to delete this Tweet?

Promote this Tweet

Block

  • Add a location to your Tweets

    When you tweet with a location, Twitter stores that location. You can switch location on/off before each Tweet and always have the option to delete your location history. Learn more

    Profile summary

    Your lists

    Create a new list

    Under 100 characters, optional
    Privacy

    Your reply includes the people in this conversation up to this point. Learn more

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    Preview

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Buy Now

    Hmm... Something went wrong. Please try again.

    Previous Tweet
    Dan Kaminsky ‏@dakami 23 Oct 2014

    FTDI has threatened the entire security-critical ecosystem of silent automatic updates. It's not optional to manage this.

    • Retweets 121
    • Likes 76
    • william ricker vincent zimmer Paul D. Ouderkirk Yair E Albert Wenger Vince Cali Autobahn Jump Toby Pinder ⚡
    1:44 PM - 23 Oct 2014
    121 retweets 76 likes
      1. Keeper of Lore ‏@munin 24 Oct 2014

        @dakami @octal Leaving aside consumers, this vastly sways the corporate response to updates, which could be worse.

        0 retweets 0 likes
      2. Dan Kaminsky ‏@dakami 24 Oct 2014

        @munin @octal well I mean MS jumped on this pretty fast

        0 retweets 0 likes
      3. View other replies
      4. Ryan Lackey ‏@octal 24 Oct 2014

        @dakami @munin I think it's time to congratulate the people at Microsoft again who made the ~2001 180 on security as a core corporate value.

        2 retweets 3 likes
      5. Dan Kaminsky ‏@dakami 24 Oct 2014

        @octal @munin 2001 was the memo. 2003 was when the world came to an end.

        0 retweets 1 like
      6. View other replies
      7. Ryan Lackey ‏@octal 24 Oct 2014

        @dakami @munin I'd be surprised if another company that size could make that big a shift in only a few years.

        0 retweets 0 likes
      8. Dan Kaminsky ‏@dakami 24 Oct 2014

        @octal @munin Agree. It's near the J&J Tylenol response.

        0 retweets 0 likes
      1. Kirils Solovjovs ‏@KirilsSolovjovs 24 Oct 2014

        @dakami deep down inside we both know that there has never been a security part to any automatic update system. It was misplaced trust.

        0 retweets 0 likes
      2. Dan Kaminsky ‏@dakami 24 Oct 2014

        @KirilsSolovjovs that's crazy. Closing the window on exploits has been hugely security positive. Ms08-067 died.

        0 retweets 0 likes
      3. Kirils Solovjovs ‏@KirilsSolovjovs 24 Oct 2014

        @dakami Oh. I cannot possibly disagree with that. Still I think any human-operated machine should not auto-update without user's consent.

        0 retweets 0 likes
      4. Dan Kaminsky ‏@dakami 24 Oct 2014

        @KirilsSolovjovs user's consent shouldn't be demanded each time

        0 retweets 0 likes
      5. Kirils Solovjovs ‏@KirilsSolovjovs 24 Oct 2014

        @dakami if not required, you’ve got yourself a backdoor to an army of machines (a botnet).

        0 retweets 0 likes
      6. Dan Kaminsky ‏@dakami 24 Oct 2014

        @KirilsSolovjovs you don't need much to get your botnet, but you need almost all to get the herd immunity

        0 retweets 0 likes
      1. arclight ‏@arclight 23 Oct 2014

        @dakami It reminds me of a more dangerous version of the satellite dish update/disabling hack. Signal thieves did it to themselves

        0 retweets 0 likes
      2. Dan Kaminsky ‏@dakami 23 Oct 2014

        @arclight different. Everybody in that context *knew* they were stealing service.

        0 retweets 2 likes
      3. View other replies
      4. arclight ‏@arclight 23 Oct 2014

        @dakami That's what I mean. Who knows which lots of which devices have counterfeit FTDI chips? Tainted supply chain could hit anyone

        0 retweets 0 likes
      5. Dan Kaminsky ‏@dakami 23 Oct 2014

        @arclight making @microsoft a party to your violent campaign of destruction is...ill advised.

        2 retweets 0 likes
      6. Show more
      1. Jesse Ruderman ‏@jruderman 23 Oct 2014

        @dakami What can we do to manage #FTDIGate?

        1 retweet 1 like
      2. Dan Kaminsky ‏@dakami 23 Oct 2014

        @jruderman holding my breath for what MS does here.

        0 retweets 1 like
      1. Chris Hills ‏@chaz_6 28 Oct 2014

        @dakami there needed to be a precedent set sooner or later, so people will be more careful with allowing updates

        0 retweets 0 likes
      2. Dan Kaminsky ‏@dakami 28 Oct 2014

        @chaz_6 luckily Microsoft responded quickly.

        0 retweets 0 likes

    Loading seems to be taking a while.

    Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

      Promoted Tweet

      false

      • © 2016 Twitter
      • About
      • Help
      • Terms
      • Privacy
      • Cookies
      • Ads info