Tweets

You blocked @kkotowicz

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @kkotowicz

  1. Jan 28

    In other words, some AMP pages will have to opt out of the mechanism that addresses CSRF so cleanly. Sad.

    Undo
  2. Retweeted
    Jan 26

    Remember, Marcus Aurelius has already absolved you of the duty of having a take

    Show this thread
    Undo
  3. Jan 23

    There's some nuance to this, but, without splitting hairs, the best advice for the end users in response to the paper is indeed NOT to disable ITP.

    Undo
  4. Retweeted

    When your decision to adopt microservices is missing the big picture.

    Undo
  5. Retweeted
    Jan 22

    Earlier today we published the details of a set of vulnerabilities in Safari's Intelligent Tracking Prevention privacy mechanism: . They are... interesting. [1/9]

    Show this thread
    Undo
  6. Jan 22

    The time has come to fix that typo in Referer ;)

    Undo
  7. Jan 22

    Our title is boring, 's "Preventing Tracking Prevention Tracking" is way better ;)

    Undo
  8. Retweeted
    Jan 16

    Have an idea that would totally change the Web's security but would break today's Web? We have the right workshop for you! &I are hosting , *the* place for those ideas. We also have a keynote from the Web's chief deprecator

    Undo
  9. Retweeted
    Jan 15

    💕❤️💕 for all who have worked for a better web and a better world at Mozilla.

    Undo
  10. Jan 14
    Undo
  11. Retweeted
    Jan 10

    Great effort and reading through it now. One observation I was able to get during incident response of a SIM swap victim was that the adversary made ~70+ calls to customer service agents before they ultimately succeeded w/ a sim swap.

    Show this thread
    Undo
  12. Retweeted
    Jan 7
    Undo
  13. Retweeted
    Jan 7

    As promised a few months ago, with we computed a chosen-prefix collision for SHA-1 for much cheaper than 100k$. Application example with impersonation on PGP Web-of-trust. website: paper:

    Undo
  14. Retweeted

    thanks a lot for the insightful discussion on JS crypto . They were really valuable to me while writing

    Undo
  15. Retweeted
    Jan 6

    The top 10 web hacking techniques of 2019 has some new contenders, thanks to community nominations. Keep them coming!

    Undo
  16. Retweeted
    30 Dec 2019

    it's out will present it at the paper I'm the proudest of thanks to

    Undo
  17. Retweeted

    THREAD: Exactly two years ago today, an engineer working on an embargoed bug made a tiny opsec slip-up. The bug was very complicated and the slip-up contained NO info about its exploitation. There was already lots of discussion about the KPTI patch being rushed in Kernel. (1/4)

    Show this thread
    Undo
  18. Retweeted
    24 Dec 2019

    Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws.

    Undo
  19. Retweeted

    I launched speak|easy 🎉 ✅Vue.js ✅Netlify ✅Weekend side project ✴️You have a public speaking tip of your own? PR it to the GitHub repo

    Undo
  20. Retweeted
    19 Dec 2019

    Presentation about the team and our Bug Hunters.

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·