Lukas Weichselbaum

@we1x

Staff Information Security Engineer . Passionate about Web Security. Opinions are my own.

Joined January 2011

Tweets

You blocked @we1x

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @we1x

  1. Pinned Tweet
    30 May 2019

    Our Google I/O slides are online now: Securing Web Apps with Modern Platform Features by and .

    Undo
  2. Retweeted

    2019 has been a record-breaking year on lots of fronts - thanks to you all! Keep up your awesome discoveries.

    Undo
  3. Jan 28
    Undo
  4. Retweeted
    Jan 27

    More 🍪 cookie news: 0️⃣ Intent to **prototype** 1️⃣ tl;dr you can't share 🍪 across HTTP / HTTPS 2️⃣ 3P 🍪 need to be Secure anyway ➡️ unaffected 3️⃣ Consider HTTPS by default (again) 4️⃣ HTTP➡️HTTPS may mean transferring 🍪 👋 Happy to discuss!

    Undo
  5. Retweeted
    Jan 27

    Δ My new team at just managed to convince me that my opinion of CSP has been overly pessimistic & in spite of it's warts, they are real world cases where the mitigation it provided was worth the pain of deployment.

    Undo
  6. Jan 24

    Our research on Safari's Intelligent Tracking Prevention (ITP) is now available on cc

    Undo
  7. Jan 22
    Undo
  8. Retweeted
    Jan 22

    Excellent paper by et al. on the risks of on-device tracker classification. Specifically, they discuss how Safari's ITP can be abused to leak browsing history, leak search history, and perform denial of service attacks: [thread]

    Show this thread
    Undo
  9. Retweeted
    Jan 22

    Ouch. The Safari tracking prevention has privacy vulnerabilities allowing worse tracking than what it was trying to prevent. Privacy engineering is *hard*. Honestly, I don't see a robust way around this one, though I haven't had enough time to sit down and really chew on it.

    Show this thread
    Undo
  10. Retweeted
    Jan 21

    The reason is the design of Intelligent Tracking Prevention (this is not a coding bug). You don't expect these kind of bugs. Very serious security/privacy bug. Cool research. janc

    Show this thread
    Undo
  11. Jan 14
    Undo
  12. Retweeted
    Jan 14

    Blink: Intent to Deprecate and Freeze: The User-Agent string

    Undo
  13. 26 Dec 2019

    Really looking forward to and to meeting great folks like and !

    Undo
  14. Retweeted
    18 Dec 2019

    giving a guest lecture on "Securing web apps with modern platform features" for our students in Avanced Internet Security. Lots of interesting stuff!

    Undo
  15. Retweeted
    29 Nov 2019

    May we present the next outstanding speaker at 2020 - . As a Staff Information Security engineer at with 10+ years industry experience he frequently speaks at infosec and developer conferences around the globe. More Infos? 👉

    Undo
  16. Retweeted

    In almost every training, someone asks me “Why don’t browsers do this by default?”. Easy to say in hindsight, but hard to predict 20 years ago. captures the history and the future well in this great story. A must read!

    Undo
  17. Retweeted
    17 Nov 2019

    Kudos to for FIDO Security Key support in ssh. Works splendidly!

    Undo
  18. Retweeted
    8 Nov 2019

    Stoked to finally hear giving a talk live at 😇

    Undo
  19. Retweeted

    We deployed two post-quantum (aka quantum-resistant as far as we know) key agreement algorithms in TLS 1.3: one fast with big keys (ostrich) and one slow with smaller keys (turkey) and ran an experiment with Chrome to race them. Here are the results.

    Show this thread
    Undo
  20. Retweeted

    Presenting dns-over-tls-forwarder, a simple, fast, low-footprint DNS-over-TLS forwarding server with hybrid LRU/MFA caching written in Go (thx !). Run it on your router and protect all your network DNS requests from ISPs and eavesdroppers.

    Undo
  21. 9 Oct 2019
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·