Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @wdormann
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @wdormann
-
Will Dormann Retweeted
And here’s a wonderful post by OpenSMTPD’s main developer
@PoolpOrg: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ … Very interesting insight on how a bug enters the code and becomes exploitable over time.https://twitter.com/0xdea/status/1223908588671918080 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Will Dormann Retweeted
Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: https://www.openwall.com/lists/oss-security/2020/01/28/3 … PS: "Did you ever play tic-tac-toe?"
Thanks. Twitter will use this to make your timeline better. UndoUndo -
I think I'd like to have a word with the folks involved with the creation/distribution of this sign. https://www.rubiconglobal.com/blog/aspirational-recycling/ …pic.twitter.com/vkj0MunesC
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Will Dormann Retweeted
macOS 10.15.3 is out, fixing a bunch of nasty (remote) bugs!

https://support.apple.com/en-us/HT210919
...go patch!
pic.twitter.com/m7u73AFEjd
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Will Dormann Retweeted
BREAKING: We’ve confirmed that the Ring doorbell app on Android covertly shares personally identifiable information on its users with third-party companies, including Facebook.https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-trackers …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Will Dormann Retweeted
New: leaked documents, data, contracts show how hugely popular antivirus Avast now harvests internet browsing data and sells it for millions of dollars. Clients included Home Depot, Google, Microsoft. Documents show a product called "All Clicks Feed"https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I'll move to Hyper-V for virtualization on my home computer... Smaller attack surface, and enables the ability to use extra exploit mitigations. 1) Broadcom network driver causes BSODs when Hyper-V bridges a VM to that network. 2) Hyper-V NAT doesn't even provide DHCP. Sigh...pic.twitter.com/EOzzVywXHG
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Hey
@Chase , Find somebody at your organization that appreciates the difference between HTTP and HTTPS, and listen to them. Thanks.pic.twitter.com/keFUzkbQBw
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Will Dormann Retweeted
Mini-scoop: Hackers exploited a zero-day in the Trend Micro OfficeScan antivirus to plant malicious files on Mitsubishi Electric servers https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/ …pic.twitter.com/JL6vnxgJpz
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Will Dormann RetweetedThanks. Twitter will use this to make your timeline better. UndoUndo
-
Based on suggestions from
@RonnyTNL and@__adh__ I've updated https://gist.github.com/wdormann/0a6ee811627ba5610c945f4af4dd987f … No longer requires dumpbin.exe or listdlls.exe (if Python pefile and psutil are available). Also exports the findings as a CSV. Any reported app is a good candidate for EMET or WDEG force ASLR!pic.twitter.com/oTSzeElm2d
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I would love to see a "wall of shame" to call out vendors/applications that aren't ASLR compliant. Anybody who runs this script on a real-world system would be able to help contribute!
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Since this doesn't seem to be a thing, I've created a rudimentary python script that does it. Seems useful. https://gist.github.com/wdormann/0a6ee811627ba5610c945f4af4dd987f … Note: For now it requires both Sysinternals ListDLLs and Microsoft dumpbin.exepic.twitter.com/UuhUrzpcC6
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Are there any tools to auto-enumerate any running processes in Windows that don't leverage ASLR themselves, or have libraries loaded that don't leverage ASLR? Sort of like what's outlined at
@DidierStevens https://blog.didierstevens.com/2011/01/18/quickpost-checking-aslr/ … but without requiring any user interaction.pic.twitter.com/sFqNLNI75f
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Will Dormann Retweeted
There is a high probability that Citrix ADC servers with no mitigation applied on or after January 9, 2020, have been taken over and their TLS certificates and associated keys have been stolen. [2/2] Please patch AND revoke your certificates.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Will Dormann Retweeted
I suspected this was true ever since Apple released iCloud Keychain and did nothing interesting with it. Government pressure works.https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Will Dormann Retweeted
Last month I canceled a random charge for $4.99 per month from HP called "InstantInk". Wasn't sure what it was for. I've had it for over a year but had no idea what it did. I just found out what it didpic.twitter.com/lsFLDR5grv
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Note that Citrix is rolling out changes to address CVE-2019-19781 for some versions at https://support.citrix.com/article/CTX267027 … Unauthenticated users no longer appear to be able to request the pages in question.pic.twitter.com/kh2oJlOd10
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.