unless your assessment is you ask they say "that's outrageous, we index them anyway, but I'm already on the phone to Reuters"
-
-
Replying to @pwnallthethings @ncweaver
What you don't do is install a rootkit on your servers without telling the people who look for rootkits.
3 replies 2 retweets 11 likes -
Replying to @matthew_d_green @ncweaver
Devs do crazy things *all the time* without telling sec team first. And it won't have been called a "rootkit".
2 replies 0 retweets 11 likes -
It's good that Y!'s security team found it. But it's not at all clear the kmod was there to hide from Y's secteam
2 replies 0 retweets 0 likes -
Replying to @pwnallthethings @ncweaver
That is not at all the point I just made.
1 reply 0 retweets 1 like -
It raises an interesting question though. Only other reason I can see is to get low-level access to packets...
1 reply 1 retweet 2 likes -
... after TLS decryption and defrag but before decoding. But even that seems like a weak hypothesis.
1 reply 1 retweet 4 likes -
I mean, Yahoo uses an external TLS terminator, right? If they want packets, use a network tap.
4 replies 1 retweet 4 likes -
Replying to @matthew_d_green
This is Q I've been wondering: one poss diff bt this and known earlier sig searches is technique
@pwnallthethings@ncweaver1 reply 0 retweets 1 like
Many FISC approvals of packet searches. What did FISC approve technically/did they know? @pwnallthethings @ncweaver
-
-
Replying to @emptywheel @matthew_d_green
And while you're talking abt these tech Qs, curious if there's a real distinction for 4A?
@pwnallthethings@ncweaver1 reply 0 retweets 1 like -
Replying to @emptywheel @matthew_d_green
Or would it just give Bob Litt additional comfort in robot searches?
@pwnallthethings@ncweaver0 replies 0 retweets 1 like
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.