Tavis OrmandyVerified account

@taviso

Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine.

California
lock.cmpxchg8b.com
Joined April 2008
165 Photos and videos Photos and videos

Tweets

You blocked @taviso

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @taviso

  1. Pinned Tweet
    24 Sep 2018

    I finally wrote a small tool I've wanted for a long time: A parallel testcase minimizer. It's called halfempty, and I'm already finding it useful as part of my fuzzing workflow. /cc

    27 replies . 430 retweets 1,400 likes
    Show this thread
    Show this thread
    Undo
  2. Apr 12

    If you've tried using fancy semantic search tools for C, but gave up and stuck with grep... trust me, the tool you've been looking for is weggli. No setup or config needed, and it's not formal or heavyweight.

    6 replies . 74 retweets 428 likes
    Undo
  3. Apr 10

    Here's the prototype if anyone wants to help lol, send me PRs 😜

    3 replies . 2 retweets 50 likes
    Show this thread
    Show this thread
    Undo
  4. Apr 10

    I had a stupid idea for a game, "Katamascii" - like Katamari, but you roll around in your terminal collecting ascii art objects lol... I wasted my weekend on this 😂

    20 replies . 108 retweets 738 likes
    Show this thread
    Show this thread
    Undo
  5. Apr 6

    I needed to know the biggest possible size expansion from charset conversion to UTF-8 for an audit. I think the best is 12x, the single byte 0x82 in TSCII (Tamil Script) needs 4 3-byte UTF-8 codepoints. $ printf "\x82" | iconv -f tscii -t utf8 | wc -c 12

    12 replies . 18 retweets 142 likes
    Undo
  6. Apr 1

    Someone posted this pure-awk demoscene video to comp.lang.awk lol

    6 replies . 81 retweets 200 likes
    Undo
  7. Mar 28

    Yikes, we now have a working reproducer for Z_DEFAULT_STRATEGY. 🚨

    Soo...there's this zlib bug that can cause errors for certain inputs. How bad is it? It depends on whether it affects all or only non-default configurations, but we don't know yet 🤷‍♂️ If you're a data compression expert, you should help!
    Show this thread
    6 replies . 51 retweets 146 likes
    Undo
  8. Mar 26

    If you didn't know, zlib is everywhere. You probably used zlib twenty times reading this tweet lol.

    10 replies . 22 retweets 188 likes
    Show this thread
    Show this thread
    Undo
  9. Mar 26

    Soo...there's this zlib bug that can cause errors for certain inputs. How bad is it? It depends on whether it affects all or only non-default configurations, but we don't know yet 🤷‍♂️ If you're a data compression expert, you should help!

    7 replies . 143 retweets 348 likes
    Show this thread
    Show this thread
    Undo
  10. Retweeted
    Mar 24

    Up your security research skills: This Windows LoadLibrary port for Linux by is a great project to contribute to. You'll learn how *both* OS's work internally. Use it to fuzz Win binaries faster on Linux

    6 replies . 123 retweets 463 likes
    Undo
  11. Retweeted
    Mar 22

    “We were not hacked.” “There was a hacking attempt.” “We were hacked, but it doesn't matter.” “2.5% of you were hacked.” “Getting hacked is actually good.” “I’m glad we were hacked.”

    78 replies . 679 retweets 4,658 likes
    Undo
  12. Retweeted
    Mar 20

    Thanks to & , just played with CVE-2022-0778 against vulnerable (web) servers Just few tweaks, and ready to scan servers accepting certificates... 🫤 If it is not done yet: patch...

    5 replies . 113 retweets 349 likes
    Show this thread
    Show this thread
    Undo
  13. Mar 20

    I genuinely have no idea how this managed to evade fuzzers for over a decade, something like p=697 a=1 b=1 x=696 would have found it... 🤷‍♂️

    5 replies . 4 retweets 59 likes
    Show this thread
    Show this thread
    Undo
  14. Mar 20

    Haha, nice. I did it differently, but EC_POINT_set_compressed_coordinates() does call BN_mod_sqrt(p, (x^3 + ax + b) mod p), so you just need to solve for x with a composite p. AFAIK you can use any curve (even a=1 b=1 works). Also, der-ascii > asn1parse 😁

    CVE-2022-0778 broken certificate edition made easy
    4 replies . 16 retweets 95 likes
    Show this thread
    Show this thread
    Undo
  15. Retweeted
    Mar 15

    Picking parameters: . (It was too long for Twitter.)

    2 replies . 27 retweets 57 likes
    Undo
  16. Mar 15

    This was a fun one to work on, helped track it down to a bug in the Tonelli-Shanks implementation in OpenSSL.

    New high severity DoS in OpenSSL just released: CVE-2022-0778 was reported by and appears to affect systems that parse user-supplied certificates.
    5 replies . 39 retweets 155 likes
    Undo
  17. Mar 5

    I think build reproducibility is mostly useless, a big boondoggle. It's particularly annoying when proponents make big crazy security claims to justify it (e.g. "it will disincentivize violence against developers" wat..?), then when challenged switch to boring subjective claims😠

    14 replies . 12 retweets 71 likes
    Undo
  18. Feb 17

    I got a Google alert this morning that someone had trademarked my name lol. What do you think, coincidence or elaborate troll? 😆

    19 replies . 16 retweets 137 likes
    Undo
  19. Retweeted
    Jan 30

    100% reproducible XTerm crash whoops!

    1 reply . 9 retweets 47 likes
    Show this thread
    Show this thread
    Undo
  20. Retweeted
    Jan 28

    The guy who posts screenshots of strings in a dex file decompiled as x86 with little red arrows drawn on them would be really, really funny if he wasn’t getting retweets from thousands of genuinely concerned people with no ability to detect it’s nonsense

    3 replies . 52 retweets 230 likes
    Undo
  21. Retweeted
    Jan 27

    Has OMB been talking to ? 😉

    “...many approaches to multi-factor authentication will not protect against sophisticated phishing attacks… Users can be fooled into providing a one-time code… These attacks can be fully automated and operate cheaply at significant scale”🎣
    Show this thread
    5 retweets 25 likes
    Undo

@taviso hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·