Media
- Tweets
- Tweets & replies
- Media, current page.
-
It is the CA's duty to revoke certificates issued for private keys that have been compromised (e.g. released to the public). If your social experiment is to see how a CA treats a customer who repeatedly proves that they are unable to control their private key material, go nuts?pic.twitter.com/XlrqHFk7Xz
-
It goes back to 2000, if not earlier. http://www.guninski.com/officedll.html
@FireEye should know better than to claim they were there first without being quite sure about it.pic.twitter.com/yMG5vSOWv3
-
I think I'd like to have a word with the folks involved with the creation/distribution of this sign. https://www.rubiconglobal.com/blog/aspirational-recycling/ …pic.twitter.com/vkj0MunesC
-
I'll move to Hyper-V for virtualization on my home computer... Smaller attack surface, and enables the ability to use extra exploit mitigations. 1) Broadcom network driver causes BSODs when Hyper-V bridges a VM to that network. 2) Hyper-V NAT doesn't even provide DHCP. Sigh...pic.twitter.com/EOzzVywXHG
-
I'm not sure that I believe you. 1) The email came from http://chase.com servers 2) The email doesn't link to any site not on the http://chase.com domain. If it is a phishing email, you might have an insider threat problem. And a misguided one at that.pic.twitter.com/EDebzOe2yH
-
Hey
@Chase , Find somebody at your organization that appreciates the difference between HTTP and HTTPS, and listen to them. Thanks.pic.twitter.com/keFUzkbQBw
-
Indeed! The GIMP developers have indicated that people do not expect the "Delete" key to delete pixels. Who knew? https://gitlab.gnome.org/GNOME/gimp/issues/4487 …pic.twitter.com/2RSytIgqnR
-
Based on suggestions from
@RonnyTNL and@__adh__ I've updated https://gist.github.com/wdormann/0a6ee811627ba5610c945f4af4dd987f … No longer requires dumpbin.exe or listdlls.exe (if Python pefile and psutil are available). Also exports the findings as a CSV. Any reported app is a good candidate for EMET or WDEG force ASLR!pic.twitter.com/oTSzeElm2d
Show this thread -
I can confirm that even in 2015, file extension matching involved some sorts of unexpected behaviors.pic.twitter.com/T76RCIA0a2
-
Since this doesn't seem to be a thing, I've created a rudimentary python script that does it. Seems useful. https://gist.github.com/wdormann/0a6ee811627ba5610c945f4af4dd987f … Note: For now it requires both Sysinternals ListDLLs and Microsoft dumpbin.exepic.twitter.com/UuhUrzpcC6
Show this thread -
Are there any tools to auto-enumerate any running processes in Windows that don't leverage ASLR themselves, or have libraries loaded that don't leverage ASLR? Sort of like what's outlined at
@DidierStevens https://blog.didierstevens.com/2011/01/18/quickpost-checking-aslr/ … but without requiring any user interaction.pic.twitter.com/sFqNLNI75f
Show this thread -
Wait, using the exact same UI as the "enable macros" bar, which as far as I can tell is used to compromise your computer?
pic.twitter.com/hfKG0mJYyq
-
Not that I condone the behavior, but I could have sworn that this was a known issue. How else would people be accessing http://routerlogin.net via HTTPS and not get warnings? https://community.netgear.com/t5/Nighthawk-Routers-with-WiFi-6-AX/Routerlogin-net-digital-certificate-expired/td-p/1784811 … https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Not-able-to-login-locally-to-R9000-X10/m-p/1736771 …pic.twitter.com/vuRKBvaLmX
-
Note that Citrix is rolling out changes to address CVE-2019-19781 for some versions at https://support.citrix.com/article/CTX267027 … Unauthenticated users no longer appear to be able to request the pages in question.pic.twitter.com/kh2oJlOd10
Show this thread -
Just use btrfs, right? I'm pretty sure that users are fine with potential data loss if they choose to use RAID5/6. And performance that degrades with the addition of each new snapshot.pic.twitter.com/LZiNw2j2w0
-
-
We know nothing more than what Microsoft has stated publicly. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001 …pic.twitter.com/07cceJpeMf
-
CVE-2020-0601 : Read
@moxie's SSL And The Future Of Authenticity https://moxie.org/blog/ssl-and-the-future-of-authenticity/ … Though in this case it's not a rogue CA, but a Windows flaw that allows a certificate to claim to be issued by a CA that it wasn't. HTTPS spoofing is *one* example. Use your imagination here.pic.twitter.com/YSPnY7HYyh
Show this thread -
I suspect that everyone is attempting to visit that site simultaneously right now, so expect connectivity problems. But when I was able to get to it from my phone:pic.twitter.com/PqnTOmbYVK
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.