Tweetovi

Blokirali ste korisnika/cu @ntdkom

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ntdkom

  1. proslijedio/la je Tweet
    14. sij

    Confirmed that is reading encrypted messages after they're decrypted since Android 10 upgrade. I can't uninstall GBoard. I'm gonna try Flexsy keyboard and see if that stops the suggestions or if this runs deeper in the Android stack.

    Poništi
  2. proslijedio/la je Tweet

    I used to find security vulnerabilities. I just spent the last hour approving expense reports.

    Poništi
  3. proslijedio/la je Tweet

    We are very proud to share that Microsoft was named a Leader in the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms and positioned highest in execution

    Poništi
  4. proslijedio/la je Tweet
    10. srp 2019.

    is embedding tracking data inside photos you download. I noticed a structural abnormality when looking at a hex dump of an image file from an unknown origin only to discover it contained what I now understand is an IPTC special instruction. Shocking level of tracking..

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    4. lip 2019.

    To undo or not to undo? Don't worry, redo will be available too!

    Poništi
  6. proslijedio/la je Tweet
    25. svi 2019.

    An audit of a resume screening algorithm found that the two factors most indicative of job performance were being named Jared and playing high school lacrosse

    Mark J. Girouard, an employment attorney at Nilan Johnson Lewis, says one of his clients was vetting a company selling a resume screening tool, but didn’t want to make the decision until they knew what the algorithm was prioritizing in a person’s CV.

After an audit of the algorithm, the resume screening company found that the algorithm found two factors to be most indicative of job performance: their name was Jared,
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    22. svi 2019.
    Odgovor korisniku/ci

    Don’t hire for tools. Hire for personality/general experience. It’s ok to put in there that you’d like experience in X tool, but don’t flat out say they have to know it. People can learn and more hiring managers need to remember that. So hire the personality that shows that.

    Poništi
  8. proslijedio/la je Tweet
    21. svi 2019.

    A new 0day from SandboxEscaper - apparently an arbitrary DACL write that allows a low-privileged user to change permissions on a chosen file => local privilege escalation.

    Poništi
  9. proslijedio/la je Tweet

    Bug bounty labor market numbers don't lie. The idea that bug bounties provide "continuous coverage" as opposed to pen tests is predicated on a bottomless skilled labor market that doesn't exist, & didn't develop. It's like an oversubscribed cell network.

    Poništi
  10. proslijedio/la je Tweet
    14. velj 2019.

    ~=8 Character Passwords Are Dead=~ New benchmark means that the entire keyspace, or every possible combination of: - Upper - Lower - Number - Symbol ...of an 8 character password can be guessed in: ~2.5 hours (8x 2080 GPUs against NTLM Windows hash)

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    12. velj 2019.

    Our very own and writing about the process they undertook to discover and exploit CVE-2019-5736:

    Poništi
  12. proslijedio/la je Tweet
    8. velj 2019.

    Great perspective from on how the presentation I gave at this week maps to his experiences & observations at Google Project Zero

    Poništi
  13. proslijedio/la je Tweet
    5. velj 2019.
    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    22. sij 2019.

    So I wanted to encrypt some files. Thought about using 7z+password. Stackexchange folks said "Didn't review it but it should be fine. You can browse the code yourself". So I did. After a few mins I noticed they use 8byte "random" IV. Yes, half of IV is zeroes. But it gets worse.

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    22. sij 2019.

    And there you have it folks. Open-source "many eyes have looked at it for years so it must be secure" crypto code. AES256-CBC but supplied with IVs half of which are zeroes, and the other generated by a toy RNG. That's just from a 30min review.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    19. stu 2018.

    Interviewer: Where do you see yourself in 30 years? Me:

    Poništi
  17. proslijedio/la je Tweet
    14. kol 2018.

    The bug only happens when a debugger is attached. I think the program knows someone's watching, gets nervous and messes up

    Poništi
  18. 16. svi 2018.

    This tech is a brave new world

    Poništi
  19. 16. svi 2018.

    Steven Seagle is attending Phdays... hm

    Poništi
  20. 17. velj 2018.

    Enable 'Audit Detailed Directory Service Replication' and know your domain controllers, or die trying.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·