Saifuddin Amri

@saifuddin_amri

Cyber Security Specialist. Consulting Manager at . A geek who is really passionate about tech & cyber security. Tweets & RTs are my own.

Malaysia
Vrijeme pridruživanja: listopad 2018.

Tweetovi

Blokirali ste korisnika/cu @saifuddin_amri

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @saifuddin_amri

  1. Prikvačeni tweet
    12. stu 2019.

    5 years ahead ✅ If 6 months of hard work & hardcore focus can do that, imagine what full year can do. What you do this year have a huge impact on your next year coming. So keep the hard work, keep grinding & keep hustling ! 🎉🎉

    Poništi
  2. proslijedio/la je Tweet
    16. sij

    So it's not that Windows uses the wrong curve parameters or anything like that, it's that at some point the key used to index into a validated cert cache is (serial, pub) when it should be (serial, pub, params). As they say, one of the hardest problems in CS is caching.

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    16. sij

    To clarify the Windows crypto fail: The problem isn't in signature validation. The problem is the *root store/cache*. CryptoAPI considers an (attacker-supplied) root CA to be in the trust store if its public key and serial match a cert in the root store, Ignoring curve params.

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    17. sij
    Odgovor korisniku/ci

    What you're trying to find is the private key given the public key. You cannot find the original private key for the original params, but you can trivially craft parameters in such a way to make a private key of 1 "happen" to correspond to the original public key.

    Poništi
  5. proslijedio/la je Tweet

    That epic Microsoft moment❤️ Recently worked on and ECC, so yes, 10 and 2016/2019 only. Previous versions like Windows 7 did not support personnal EC curves (only few NIST standard ones)

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet

    Ho, by the way, is not only about TLS & Authenticode... it's also for S/MIME and other signatures. Yes, it's also valid against mail signature verification ❤️ I hope nobody rely on it for legal / workflow validation

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    16. sij

    Don't take any chances, make sure your data is secure.

    Poništi
  8. proslijedio/la je Tweet
    17. sij

    4 customer service trends you need to know in 2020

    Poništi
  9. proslijedio/la je Tweet
    16. sij
    Poništi
  10. proslijedio/la je Tweet
    14. sij
    Poništi
  11. proslijedio/la je Tweet
    29. pro 2019.

    This attack did occur, but it wasn’t Mitnick that performed it. Also, Shimomura’s machine was already owned before Kevin finally was given access, and it was logged. I’ve seen the logs.

    Poništi
  12. proslijedio/la je Tweet

    In Infosec, we need to consider Confidentiality Integrity Availability We often forget Availability - keeping something available often runs contrary to security. Interesting story about how handling the encoding of years on EMV cards led to downtime:

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    25. pro 2019.

    1994: Kevin Mitnick allegedly performed a remote attack against Tsutomu Shimomura’s personal computer, gaining access by using source address spoofing and TCP sequence prediction. But there's no proof he did it and it's generally accepted he lacked the required technical skills.

    Poništi
  14. proslijedio/la je Tweet
    12. ožu 2019.

    For the next 6 months: 1. I will focus on myself 2. Myself is my 1st priority. Put aside unnecessary things & bullshit issue. 3. It's only me, myself & my career 4. Invest 10000% energy into myself 5. Don't lose focus & work harder ! Happy working peeps !

    Poništi
  15. proslijedio/la je Tweet
    23. pro 2019.

    I keep telling y'all that "full stack" is a trap. Nobody wants to talk about it. I was honestly surprised when I learned that a lot of devs are taught to want that. As opposed to be able to build up competency incrementally.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    24. pro 2019.

    TIP: You should go through all web results for all your usernames past and present, and change all the user details to junk, BEFORE you delete the account (if that's an option). Often websites only HIDE deactivated accounts - if a hacker dumps the database all your stuff is there

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    23. pro 2019.

    When are we going to impose fines so hefty for poor cybersecurity that can seriously impact or shut down a company? Over 267M Facebook users had names, phone numbers leaked on dark web

    Poništi
  18. proslijedio/la je Tweet
    23. pro 2019.
    Poništi
  19. proslijedio/la je Tweet
    23. pro 2019.

    Hackers attack over 50,000 websites per day. The only way to stay secure is to understand and implement website security best practices.

    Poništi
  20. proslijedio/la je Tweet
    24. pro 2019.

    How I created and launched a startup from an internet café in Zimbabwe, Africa

    Poništi
  21. proslijedio/la je Tweet
    24. pro 2019.

    The 6 Things to Watch Out For When You're New in the Office TAG a friend or colleague who can relate!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·