Gabe Edwards

@gabedwrds

Infosec consultant, writes witty bash one-liners, OSCP/OSCE. 🏳️‍🌈🇨🇦

Seattle, WA
Vrijeme pridruživanja: siječanj 2008.

Tweetovi

Blokirali ste korisnika/cu @gabedwrds

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @gabedwrds

  1. proslijedio/la je Tweet

    Kathryn, , did not bypass code review. She didn't disrupt anyone's work. She didn't target an individual. She didn't violate any policy I'm aware of. She linked to an NLRB notice from an extension that exists to show links to policies. This only makes sense as retaliation.

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    17. pro 2019.

    Kathryn was on my team. There was zero reason why she should have asked anyone else on the team for authorisation to make changes to this extension. That's not how we do things.

    Poništi
  3. 2. stu 2019.

    Ooh, spotted the BOAC 747 across from my gate at LAX. It is a pretty thing.

    Poništi
  4. 19. ruj 2019.

    Checking for consensus in the infosec community: Would you want your front door lock to be controlled by an app and cloud service? This would be online, not just local bluetooth. RTs for reach appreciated.

    Poništi
  5. proslijedio/la je Tweet
    13. kol 2019.
    Odgovor korisniku/ci

    Hello. As one of the organizers of DEF CON, I can say that the challenges to securing our elections are no longer technical — we know how to fix it. The problems are now purely political — people in power benefit from these vulnerabilities & don’t want things to get fixed.

    Poništi
  6. proslijedio/la je Tweet

    After 1 hour of looking at my new smart lock, I am now able to remotely unlock every front door in the apartment complex.

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    5. kol 2019.

    Most iOS spouseware and stalkerware works by downloading iCloud backups.

    Poništi
  8. 24. srp 2019.

    That was 4 days ago and it hasn't broken again yet. AMD released new microcode and then pulled it due to other bugs, so no real fix yet. Applications can still call RdRand from userspace so who knows what else will break.

    Prikaži ovu nit
    Poništi
  9. 24. srp 2019.

    4b. Try to rebuild grub.cfg from the Fedora 29 USB. Nope, that uses RdRand too. It's a complex config and typing in commands at the grub prompt fails. Hours later, piece together a working cfg from the raw /boot/efi partition. Booted with nordrand, grub2-mkconfig works again.

    Prikaži ovu nit
    Poništi
  10. 24. srp 2019.

    4. Run grub2-mkconfig > grub.cfg add that nordrand arg. Bad move. That probes LVM devices which also uses RdRand. System gets unresponsive (all the blocked kworkers?) and I reboot, but now grub.cfg is empty so grub doesn't know how to load anything. No backup copy.

    Prikaži ovu nit
    Poništi
  11. 24. srp 2019.

    3. Time passes. I set up Wireguard. It receives a handshake packet and calls get_random_u32 which blocks a kernel worker forever. I forgot to include nordrand in kernel args while configuring VFIO. Need to add that to the default config.

    Prikaži ovu nit
    Poništi
  12. 24. srp 2019.

    2. Can't mount /home. It's LUKS2 while root is v1. cryptsetup just hangs forever on LUKS2 volumes. Some debugging later, it's getting stuck on a call to libjson-c so we rebuild that without RdRand and all's well.

    Prikaži ovu nit
    Poništi
  13. 24. srp 2019.

    1. Total failure to boot. We forgot about the known systemd issue. Boot a Fedora 29 live USB, chroot the system and install the patched systemd from . OK, should be fine now?

    Prikaži ovu nit
    Poništi
  14. 24. srp 2019.

    Thread: Let's make a list of all the fun ways AMD's Zen 2 RdRand failure has messed up this Fedora 30 system. The instruction reports success (CF=1) but returns 0xFFFFFFFFFFFFFFFF (almost?) every time.

    Prikaži ovu nit
    Poništi
  15. 19. srp 2019.

    current status: can't mount /home because the new 3900X's RdRand instruction fails and Fedora's libjson is compiled to use RdRand... cryptsetup needs libjson for LUKS2? (╯°□°)╯︵ ┻━┻

    Poništi
  16. 29. lip 2019.

    Nice talk by just now too at . Manufacturer-bundled laptop support software is as hilariously/depressingly insecure as always.

    Poništi
  17. 29. lip 2019.

    Once every few years I see a con talk about something new to me that absolutely blows my mind. This was one of those. Really well done.

    Poništi
  18. 17. tra 2019.

    I have to say something positive for once: I bought a Miata recently and it’s everything the internet said it would be. Absolutely brilliant fun.

    Poništi
  19. 9. ožu 2019.

    ...wow, the “Havana Club” knockoff they sell in the States really is trash

    Poništi
  20. 1. velj 2019.

    Canadian expats in Seattle: Skillet's a good restaurant but their poutine is bullshit. Go to for the real thing.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·