Nimrod Aviram

@NimrodAviram

TAU PhD student. Recently worked on DROWN:

Vrijeme pridruživanja: veljača 2015.

Tweetovi

Blokirali ste korisnika/cu @NimrodAviram

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @NimrodAviram

  1. proslijedio/la je Tweet
    16. sij

    If you are using TLS client authentication with Java 11 or Java 13 you should patch your servers NOW.

    Poništi
  2. 15. stu 2019.

    Wait until you start talking to cryptographers working on TLS 1.3

    Poništi
  3. proslijedio/la je Tweet
    7. stu 2019.

    We released a new version of our tools TLS-Attacker and TLS-Scanner. Besides various improvements TLS-Scanner now has a rating & recommendation system. Feedback on how we rate things is more than welcome.

    Poništi
  4. proslijedio/la je Tweet
    7. stu 2019.

    After a longer time, we had again a look at SAML...resulted in a complete signature bypass in SimpleSAMLphp and xmlseclibs, and my coolest (public) Signature Wrapping exploit. Please patch. Writeup: (CVE-2019-3465) // cc

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    4. lis 2019.

    Child exploitation is "icky" and men in suits don't feel comfortable discussing it. They don't like planning ops against it. Everybody wants to "smash the perverts," but doing it correctly would require actual time investment in a very dark world.

    Poništi
  6. proslijedio/la je Tweet
    30. ruj 2019.

    New Paper: “Practical Decryption exFiltration: Breaking PDF Encryption“ describing new attacks that uncover the plaintext of encrypted PDFs. To be presented at and joint work with . 1/n

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    7. kol 2019.

    The winners for the best crypto attack this year are and with their Dragonblood: ...well deserved, congratulations :)

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet

    as many know, i’m being sued by Peter Todd for calling him a rapist. the lawsuit has been stressful and costly, to put it mildly. thanks to so many of you who have graciously offered donations and support—you can find details of how to do so here:

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    20. lip 2019.

    We just put our paper on Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities online: // , I will present our results in the next session of the Crypto Summer School:

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    21. svi 2019.

    talking about our results on forward security in TLS 1.3 0-RTT at . Joint work with

    Poništi
  11. proslijedio/la je Tweet
    30. tra 2019.

    New paper: “'Johnny, you are fired!' – Spoofing OpenPGP and S/MIME Signatures in Emails" to appear '19. Joint work with

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    30. ožu 2019.

    padcheck binary release now on GitHub This is the version used to collect the final GOLDENDOODLE & Zombie POODLE figures presented at Please open issues for bug reports :)

    Poništi
  13. proslijedio/la je Tweet
    28. ožu 2019.

    My TLS CBC padding oracle scanner source code is now available: (Dockerfile included) Full details about Zombie POODLE and GOLDENDOODLE are now on blog: Thank you for everyone who joined me at

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    29. ožu 2019.

    Do you want to find padding oracles in TLS? Or just want to check if your infrastructure is secure? Grab the tool from our USENIX paper and find out ;)

    Poništi
  15. 28. velj 2019.

    Together with and , we propose a few mechanisms to make TLS 1.3 0-RTT more efficient in storage. Kai will also present our work at

    Poništi
  16. 26. velj 2019.

    Reporting the OpenSSL bug would not be possible without and his colleagues. We just reported an invalid behavior, they performed all the hard analyses. Unfortunately, not all security teams are so collaborative...

    Poništi
  17. proslijedio/la je Tweet
    26. velj 2019.

    For our Usenix Paper we found a lot of Padding Oracle Vulnerabilities in TLS stacks of the Alexa Top-1 Million, including Citrix and OpenSSL. With @JanisFliegens and others. Check our current findings at:

    Poništi
  18. proslijedio/la je Tweet
    8. velj 2019.

    The Provosts' gofundme is here. Yep there's a ways to go. But I tell you what, it's already started to snowball since I first ran into them. Let's keep this rolling. Please give 'em a nudge, RT, signal boost, etc.

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    30. stu 2018.

    "The 9 Lives of Bleichenbacher's CAT:New Cache ATtacks on TLS Implementations ", with Robert Gillham, Daniel Genkin, Adi Shamir, and is now available at

    Poništi
  20. proslijedio/la je Tweet
    4. stu 2018.

    Hi y'all. There's a lot of information going around about what's going on in Georgia. I have been very tangentially involved, but I wanted to report the facts in absence of opinion or other noise.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·