Chris Evans

@scarybeasts

Semi retired; recovering CSO. Past: Founded {vsftpd, Chrome security, Google Project Zero}; Tesla; Dropbox. Also: HackerOne founding adviser, troll, tool.

San Francisco Bay Area
Vrijeme pridruživanja: svibanj 2009.

Tweetovi

Blokirali ste korisnika/cu @scarybeasts

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @scarybeasts

  1. Prikvačeni tweet
    6. svi 2017.

    If North Korea nails our power grid, it'll be because we were all busy waging the disclosure holy wars (episode: 17) on Twitter.

    Poništi
  2. 26. sij
    Poništi
  3. 24. sij

    . ok, own up! I just implemented tape support in my BBC emulator and the Zalaga tape loader is executing the text 'Orlando M.Pilchard' as 6502 opcodes.

    Poništi
  4. proslijedio/la je Tweet
    6. sij

    This was significant in it allowed Google much bolder moves in bug hunting & publicity from putting up cash. I was at Microsoft at the time & an exec had been quoted just 2 years prior saying that as long as he was there, MS would never pay for bugs. He’s still there, btw. 🤡

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    24. pro 2019.

    I can think of a few offensive security tools that should be banned. From Twitter.

    Poništi
  6. 21. pro 2019.

    I'm restoring a 35 year old floppy drive. In case you were wondering what the magnetic signal on a floppy disc looks like, wonder no further. This is a clean, strong (DFM encoded) signal from a 35 (!!) year old disc.

    Poništi
  7. proslijedio/la je Tweet
    5. pro 2019.

    Remember that video about how block collisions can compute the digits of pi? A friend, Adam Brown, just showed that the math underlying this is actually identical to the math behind a very famous quantum search algorithm (Grover's): Genuinely crazy!

    Poništi
  8. proslijedio/la je Tweet
    22. stu 2019.

    Everyone dunking on the Cybrrtrkk are missing the fact that it’s going to launch 1000 easy Blender tutorials.

    Poništi
  9. proslijedio/la je Tweet
    21. stu 2019.

    Blog post on CVE-2019-2215, the Android binder bug that was exploited in-the-wild and affected most Android devices manufactured prior to Fall 2018.

    Poništi
  10. 20. stu 2019.

    Let me be clear: Chrome has consistently been a more secure browser than Safari for too many reasons to list in a tweet. Disgraceful from Apple, particularly answer #4:

    Poništi
  11. proslijedio/la je Tweet
    14. stu 2019.

    As part of , Mozilla is launching a new bug bounty program that rewards static analysis queries - including queries that identify historical, fixed vulnerabilities. Blog: Program Details:

    Poništi
  12. proslijedio/la je Tweet
    11. stu 2019.
    Poništi
  13. 7. stu 2019.

    Fantastic work and results -- worth reading in its entirety.

    Poništi
  14. 4. stu 2019.

    Interesting reading indeed. I've been suggesting this for a while: it's a greater legal risk to _not_ have a bug bounty program. And be sure to define "authorized" in great detail, probably easiest to copy the excellent Dropbox text: (ht )

    Poništi
  15. proslijedio/la je Tweet
    3. stu 2019.

    On every other OS, the way we have dealt with laggard browsers is through competition. Remember haranguing friends and family to install Firefox? I sure do. Apple broke that too, via Section 2.5.6:

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    3. stu 2019.

    If you're a web developer, this means that iOS -- the whole OS -- is the new IE6. Your CEO and wealthiest users won't switch off it, so it taxes everything you do. They also can't imagine the web being great because, for them, it isn't.

    Prikaži ovu nit
    Poništi
  17. 1. stu 2019.

    I haven't had a long week in months :) I'm just pattern matching to what happens a lot. For one example see: . For other near identical examples, look across the past few years' Pwn2Own results.

    Poništi
  18. 1. stu 2019.

    Remember, Google Chrome is very well sandboxed. So when you see a Chrome 0-day fixed by the team in isolation, you have to suspect another company (Microsoft?) is sitting on an unfixed sandbox escape. Usually (but not always) a Windows kernel bug. Often Win 7 only.

    Poništi
  19. 1. stu 2019.

    It was probably the spooks..... I'll see myself out.

    Prikaži ovu nit
    Poništi
  20. 31. lis 2019.

    Your other Halloween scare, looks like a Chrome 0-day: "CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and Alexey Kulaev at Kaspersky Labs on 2019-10-29 Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild."

    Prikaži ovu nit
    Poništi
  21. 31. lis 2019.

    Interesting. And a reminder: you can "do offensive" without treading into dubious ethical grounds. "Offense for defense" is everywhere. I'm not just talking Google Project Zero; every company serious about security has an internal "anything goes" Offensive Security Team.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·