Mickaël Salaün

@l0kod

Security and open source enthusiast

Vrijeme pridruživanja: listopad 2009.

Tweetovi

Blokirali ste korisnika/cu @l0kod

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @l0kod

  1. proslijedio/la je Tweet
    28. sij
    Poništi
  2. proslijedio/la je Tweet
    28. sij

    Some things make more sense when one realizes that there are at least 5 distinct security communities: Security product people (people that view security as something that can be added by buying/selling products), Security Infrastructure people (people that view security as ...

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    24. sij

    There are many ways to the kernel, and may be a useful technique. Tracing is all about recording and logging the software's flow of execution, and this article is about , the tracing framework for the Linux kernel.

    Poništi
  4. proslijedio/la je Tweet
    24. sij

    Analysis of the Linux random number generator /dev/urandom

    Poništi
  5. proslijedio/la je Tweet
    21. sij

    It's entirely possible to use TPM-based remote attestation in a way that's user-focused and privacy preserving, but we still need to build some infrastructure:

    Poništi
  6. proslijedio/la je Tweet
    16. sij
    Poništi
  7. proslijedio/la je Tweet
    27. pro 2019.

    [$] KRSI — the other BPF security module

    Poništi
  8. proslijedio/la je Tweet
    17. sij

    6 archi à éviter 👍: mixer les usages (admin/user), trop mutualiser l'admin sans sécu, 2 ou 3 niveaux de filtrage sans différenciation, utiliser le cloud sans faire du vrai cloud, ne pas surveiller les accès des tiers, les systèmes impossibles à patcher

    Poništi
  9. proslijedio/la je Tweet
    17. sij

    My demo was remote attestation over Bluetooth, which means you can gain the security benefits of remote attestation without needing to pass data or identity to a third party. Code is at

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    14. sij

    Just to be very clear on this point: This is not about blocking a subset of 3P cookies via lists and/or heuristics. This announcement is that we are going to remove 3P cookies and related tracking mechanisms entirely.

    Poništi
  11. proslijedio/la je Tweet
    1. sij

    [ KASLD ] Kernel Address Space Layout Derandomization - A collection of various techniques to bypass KASLR and retrieve the Linux kernel base virtual address on x86 / x86_64 architectures as an unprivileged user.

    Poništi
  12. proslijedio/la je Tweet
    19. pro 2019.

    In the last few months I've been working on RedBPF - a Rust toolkit to work with BPF - that let's you write both kernel and user space code in Rust 🦀🤯 Here's what it looks like:

    Poništi
  13. proslijedio/la je Tweet
    Poništi
  14. proslijedio/la je Tweet
    19. pro 2019.

    Technology Preview for secure value recovery Plaintext databases have never been our style. We've been working on new techniques to enhance and expand capabilities for private cloud storage.

    Poništi
  15. proslijedio/la je Tweet

    Know open source projects which could use monetary help to improve security? Nominate them!

    Poništi
  16. proslijedio/la je Tweet
    11. pro 2019.

    Qualys researchers discovered a Local Privilege Escalation in OpenBSD's dynamic loader (). We thank Theo de Raadt and the OpenBSD developers for their incredibly quick response: they published a patch in <3 hours.

    Poništi
  17. proslijedio/la je Tweet
    11. pro 2019.

    New guidance on Linux-stable Merges for Android: -- looks positive, reducing the patch gap for upstream kernel security bugs is really important. The window of exposure for publicly known issues is too long at the moment.

    Poništi
  18. proslijedio/la je Tweet
    12. stu 2019.

    TIL By default, disables the default Seccomp profile that worked so hard on. Several K8s cloud providers don’t override that setting, making their containers completely insecure by default, requiring pod level config.

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    10. pro 2019.

    My team has been working a lot with TPM hardware lately and found some pretty critical issues with the spec. Here's our 90-day disclosure of a vulnerability report we sent to . "Verifying TPM Boot Events and Untrusted Metadata"

    Poništi
  20. proslijedio/la je Tweet

    Android is committed to keeping you, your devices, and your data safe! 🛡 Today, we’re happy to announce that 80% of Android apps are encrypting traffic by default. We expect these numbers to continue improving. 📈 Learn more ↓

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·