Tavis OrmandyOvjeren akaunt

@taviso

Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine.

California
taviso.decsystem.org
Vrijeme pridruživanja: travanj 2008.
86 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @taviso

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @taviso

  1. Prikvačeni tweet
    24. ruj 2018.

    I finally wrote a small tool I've wanted for a long time: A parallel testcase minimizer. It's called halfempty, and I'm already finding it useful as part of my fuzzing workflow. /cc

    428 proslijeđenih tweetova 1.266 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. 30. sij

    wow, avast are actually winding down jumpshot.

    After stock drops by 20% on privacy violation news, the company reacts by shutting down their subsidiary that was selling the usage data.
    Prikaži ovu nit
    15 proslijeđenih tweetova 85 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    28. sij

    Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: PS: "Did you ever play tic-tac-toe?"

    1 reply 98 proslijeđenih tweetova 161 korisnik označava da mu se sviđa
    Poništi
  4. proslijedio/la je Tweet
    26. sij

    AV stands for: Additional Vulnerabilities

    Who would have thought such an scenario would be possible, eh? "Chinese hackers have used a zero-day in the Trend Micro OfficeScan antivirus during their attacks on Mitsubishi Electric"
    Prikaži ovu nit
    5 replies 74 proslijeđena tweeta 169 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    22. sij

    Earlier today we published the details of a set of vulnerabilities in Safari's Intelligent Tracking Prevention privacy mechanism: . They are... interesting. [1/9]

    6 replies 116 proslijeđenih tweetova 188 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    22. sij
    Odgovor korisniku/ci

    No, I can assure you that they still haven't fixed these issues, which is what made that blog post last year so weird. Apple didn't disclose the vulnerabilities or appropriately credit the researchers, but put out a post implying they fixed "something".

    5 proslijeđenih tweetova 22 korisnika označavaju da im se sviđa
    Poništi
  7. 22. sij

    This. It's hard to imagine how Apple are going to resolve this, it took a long time to accept that the auditor problems were fundamental, and it's hard to see how itp is any different here. Prediction: after a few failed attempts to rework it, they'll come to the same conclusion.

    To add some context, Chrome's XSS Auditor was found to introduce exactly the same class of side-channel vulnerabilities. After several back and forths with the team that discovered the issue, we determined that it was inherent to the design and had to remove the code.
    Prikaži ovu nit
    23 proslijeđena tweeta 78 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    22. sij

    This is a pretty good reminder that any invasive heuristics in the browser - be it XSS filters or privacy protections - often cause more problems than they address:

    38 proslijeđenih tweetova 107 korisnika označava da im se sviđa
    Poništi
  9. 21. sij

    If you're a Back to the Future fan and haven't seen "Go to the Head of the Class", it's a real treat. It's like the band getting back together, Zemeckis, Gale, Spielberg, Lloyd, etc.

    3 proslijeđena tweeta 55 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    15. sij

    I don't know why describes this as a rumor. I've seen him perform with my own eyes.

    True story: once started a rumour at Google that I knew all the lyrics to "ice ice baby", and could sing it on request. I still get people asking me about it. 😆
    12 replies 9 proslijeđenih tweetova 260 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    14. sij
    Odgovor korisniku/ci

    If vendors had their way, advisories would have less info in them than a fortune cookie.

    17 proslijeđenih tweetova 79 korisnika označava da im se sviđa
    Poništi
  12. 14. sij

    The NSA advisory is much more helpful than Microsoft's.

    Odgovor korisnicima @taviso @argvee @MalwareTechBlog
    This is helpful:
    11 replies 125 proslijeđenih tweetova 322 korisnika označavaju da im se sviđa
    Poništi
  13. 14. sij

    Will confirms all X.509 validation broken, not just code signing. Okay, I'm back on the hype train, that's pretty bad.

    Odgovor korisnicima @FiloSottile @kennwhite @taviso
    Indeed I am.
    20 replies 406 proslijeđenih tweetova 864 korisnika označavaju da im se sviđa
    Poništi
  14. 14. sij

    I'm reliably informed that the washington post don't know what they're talking about, it's not an authenticode issue, and is in fact a big deal.

    Tweet je nedostupan.
    7 replies 46 proslijeđenih tweetova 213 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    9. sij

    I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:

    15 replies 542 proslijeđena tweeta 1.269 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. 7. sij

    The benefit to security of any disclosure policy tends to be inversely proportional to how loudly vendors cheer for it 🤣

    7 replies 20 proslijeđenih tweetova 126 korisnika označava da im se sviđa
    Poništi
  17. 7. sij

    I'm at , this was such a great moment, he had a prop to explain how he subverted the logic that warps the player back if they fall off through the map to save 40 seconds. It took longer to explain how it worked 😂

    Honestly bless this runner to bringing a legit prop to explain some seriously ridiculous Fallout 4 glitches he's about to exploit.
    Prikaži ovu nit
    12 proslijeđenih tweetova 125 korisnika označava da im se sviđa
    Poništi
  18. 30. pro 2019.

    Interesting question, is this a UAC bypass? My first thought is no, because UIPI means you can't automate the interaction. Therefore, the only way to exploit it is if you could have just clicked OK in the UAC consent anyway.... right? (yes, I know UAC is not a supported boundary)

    [New-Post] UAC bypass using Perfmon.exe
    6 replies 6 proslijeđenih tweetova 31 korisnik označava da mu se sviđa
    Poništi
  19. 27. pro 2019.

    Somebody please make a block list of all these OST people.

    12 replies 12 proslijeđenih tweetova 127 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    24. pro 2019.

    Yeah I think we can definitely get that to 100%

    When 90% of the kill chain is actually provided freely by the community that is supposed to secure systems, I think we do have room for improvement here
    Prikaži ovu nit
    8 replies 20 proslijeđenih tweetova 169 korisnika označava da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    24. pro 2019.

    The unscrupulous have the command of much of this kind of knowledge without our aid; and there is moral and commercial justice in placing on their guard those who might possibly suffer therefrom.

    1 reply 3 proslijeđena tweeta 12 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@taviso još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·