Skip to content
By using Twitter’s services you agree to our Cookies Use. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads.
  • Home Home Home, current page.
  • About

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?
    New to Twitter?
    Sign up
x0rz's profile
x0rz
x0rz
x0rz
@x0rz

Tweets

x0rz

@x0rz

Security Researcher & Cyber Observer ㊙

France
0day.rocks
Joined September 2009

Tweets

  • © 2018 Twitter
  • About
  • Help Center
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list

    Under 100 characters, optional
    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not working for you?

    Hover over the profile pic and click the Following button to unfollow any account.

    Say a lot with a little

    When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.

    Learn the latest

    Get instant insight into what people are talking about now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    x0rz‏ @x0rz May 9

    The ssh-decorator package from Python pip had an obvious backdoor (sending ip+login+password to ssh-decorate[.]cf in cleartext HTTP) https://www.reddit.com/r/Python/comments/8hvzja/backdoor_in_sshdecorator_package/ …pic.twitter.com/X0LsM3krDv

    12:27 AM - 9 May 2018
    • 773 Retweets
    • 900 Likes
    • か 高森あやか Huy Do MrGrimod hakan Yonatan Bitton Johnny Mnemonic Douglas Mun 中丸まほ
    16 replies 773 retweets 900 likes
      1. x0rz‏ @x0rz May 9

        Anybody know the time-to-discovery? Any metrics on the # of impacted users?

        4 replies 7 retweets 26 likes
        Show this thread
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      2. New conversation
      1. Vazer Rahmani‏ @vazerme May 9
        Replying to @x0rz

        That's why sometimes re-inventing the wheel is the way to go. Trust no one.

        3 replies 0 retweets 28 likes
      2. 𝖓𝖙𝖍𝖈𝖔𝖑𝖚𝖒𝖓‏ @nthcolumn May 9
        Replying to @vazerme @x0rz

        Bad idea for most people as they will 100% make some n00b security mistake. Most web devs don't even know what is in the libraries they import or if a dependency of a dependency has some vuln (unless they are warned by git...) npm is even worse.

        2 replies 0 retweets 24 likes
      3. Vazer Rahmani‏ @vazerme May 9
        Replying to @nthcolumn @x0rz

        Well, most people can't re-invent the wheel properly. Some don't even know how the current wheel that they're using works!

        2 replies 2 retweets 10 likes
      4. 𝖓𝖙𝖍𝖈𝖔𝖑𝖚𝖒𝖓‏ @nthcolumn May 9
        Replying to @vazerme @x0rz

        pic.twitter.com/ayj9aK8jrY

        0 replies 0 retweets 11 likes
        5. End of conversation
      1. Marco Peereboom‏ @marco_peereboom May 9
        Replying to @x0rz

        sudo install internet

        0 replies 3 retweets 20 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      4. New conversation
      1. M.A.Newhall‏ @MANewhall May 10
        Replying to @x0rz

        Now look at this in the context of shops running many thousands of servers per admin with the same exact unaudited code as thousands of other shops doing the same. Puppet, ansible, chef, etc etc. Turns out admins in the hundreds of servers stage weren’t doing nothing.

        1 reply 0 retweets 1 like
      2. Ben Macguire‏ @blueben May 10
        Replying to @MANewhall @x0rz

        Nobody was reading the source of every library and tool we used before deploying it. This is not the axe you're looking for.

        1 reply 0 retweets 0 likes
      3. M.A.Newhall‏ @MANewhall May 10
        Replying to @blueben @x0rz

        LOL. That level of audit from one amazing person is hardly the point. Diversity of implementation. That is the point. Linux has become a monoculture. That's what made Microsoft so weak for so long. The likelihood of oversight is the same but the impact is WAY higher.

        1 reply 0 retweets 1 like
      4. Ben Macguire‏ @blueben May 10
        Replying to @MANewhall @x0rz

        We don't have a monoculture. We have an explosion of unvetted software. Quite the opposite.

        2 replies 0 retweets 2 likes
      5. Rich Felker‏ @RichFelker May 11
        Replying to @blueben @MANewhall @x0rz

        We have an explosion of uncurated repositories, indistinguishable by average users from curated ones, made way too easy to use.

        1 reply 0 retweets 6 likes
      6. M.A.Newhall‏ @MANewhall May 11
        Replying to @RichFelker @blueben @x0rz

        There is that, but that's easily defined/curable. The casually curated but widely used repos scare me. The illusion of security.

        1 reply 0 retweets 0 likes
      7. Rich Felker‏ @RichFelker May 11
        Replying to @MANewhall @blueben @x0rz

        By curation I mean something like Debian. All the language-specific library repos are uncurated in my book.

        2 replies 0 retweets 2 likes
      8. Real AI‏ @Luiz0x29A May 11
        Replying to @RichFelker @MANewhall and

        anything that doesn't come in the language library is uncurated, oops, JS has no standard library itself

        1 reply 0 retweets 1 like
      9. 1 more reply
      1. Chris M‏ @cmaurer_at May 10
        Replying to @x0rz @stefan2904

        This is why I don't like most of these unknown libraries. Npm and the JavaScript world is even worse.

        0 replies 0 retweets 4 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      6. New conversation
      1. Matthew Davis‏ @deadsmiths May 10
        Replying to @x0rz

        What’s really on our minds here: index.php? For reals?

        1 reply 0 retweets 6 likes
      2. code_monk‏ @code_monk May 10
        Replying to @deadsmiths @x0rz

        just to mix things up, has pip backdoors are written in PHP, and npm backdoors in C#

        0 replies 0 retweets 0 likes
        3. End of conversation
      1. code_monk‏ @code_monk May 10
        Replying to @x0rz

        creator needs to be doxxed. agreed?

        0 replies 0 retweets 2 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. lofiGTi‏ @lofiGTi May 9
        Replying to @x0rz

        What the... trust no one.

        0 replies 0 retweets 2 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo

    Loading seems to be taking a while.

    Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

      Promoted Tweet

      false

      • © 2018 Twitter
      • About
      • Help Center
      • Terms
      • Privacy policy
      • Cookies
      • Ads info