RT @acm_wisec
[CFP] ACM WiSec 2022 (San-Antonio) calls for full paper submissions that can be up to 10 pages excluding the bibliography and well-marked appendices. ACM WiSec also encourages the submission of short papers with a length of up to 6 pages. More details at wisec2022.cs.utsa.edu/call-for

RT @ProjectZeroBugs
Android: vold's incremental-fs APIs trust paths from system_server for mounting bugs.chromium.org/p/project-ze

RT @DaveKSecure
Excited about our digital car key launch for Android! Complex automotive ecosystem to manage, but a great start!
Digital car keys arrive on Pixel 6 and Samsung Galaxy S21 engadget.com/android-12-digita via @engadget

RT @cyb3rops
The problem in IT security is that fascinating things are often unnecessary while boring things are usually essential.

We focus too much on the fancy stuff and can't get the fundamental things right.

In this case it wasn't even ASN.1 at fault (once only in the area of TLS signature verification buds, it seems...).

The real takeaway is: don't implement (new) parsers and/or cryptography in C/C++. Use memory safe languages with strong(er) type systems, like Rust.
RT @ProjectZeroBugs
This shouldn't have happened: A vulnerability postmortem googleprojectzero.blogspot.com

RT @SECUSOResearch
It's research time ⏰ Prof. René Mayrhofer, @rene_mobile from @insjku @jkulinz will share his thoughts on "Distributed digital ID in the cloud" in this week's . For more information see: secuso.aifb.kit.edu/73.php

RT @AndreaBarisani
We have added a GoTEE example which boots Linux in TrustZone Normal World.

It is now dead easy to implement TEEs using TrustZone on the USB armory Mk II.

No C required ;)

RT @hackerfantastic
Here's the document outlining which instant messenger applications can be recovered by US LE.

RT @ShaneHuntley
Over 20 years ago I plotted the increasing number of port scans each month hitting the Australian Defence firewall to make arguments for increase funding.

I still seem to be getting asked for similar meaningless numbers for similar purposes.

Prettier graphs though.

RT if you were part of that tiny 1993 bar.

(via @markrendle)

RT @liamosaur
I dunno who needs to hear this, but:
NIST👊Special👊Publication👊800👊dash👊6👊3👊B👊has👊 recommended👊against👊enforcing👊password👊rotation👊since👊2016👊 twitter.com/ElleArmageddon/sta

RT @Pinboard
I'm a tech guy and I can say with confidence I've lost every private key I've ever held within three years or so. Excited to see this important technology go mainstream with no recourse and tied to real assets. Please share your own stories in the comments! twitter.com/BrantlyMillegan/st

RT @kclemson
OMG this may the most glorious geek meme I’ve ever seen

Let's talk about dark UI patterns for a moment: retrieving personal user data from @amazonDE requires going through (second level) user support and then takes 363 separate clicks instead of a single downloadable archive. I don't believe this to be an unintentional mistake.

RT @jeffvanderstoep
Important point about MTE:
Yes, 4 bits of entropy is low and will allow bypasses due to luck and/or retries. However, a smart allocator can proactively arrange the heap such that allocations are always surrounded by mismatched tags. We do that on Android:
cs.android.com/android/platfor twitter.com/DanielMicay/status

Thread on cryptographic standards complexity 👇
RT @AndreaBarisani
@FiloSottile It’s amazing how the other day I was thinking what your opinion on this would be and then spontaneously here it is 😅

I also happen to think your take is spot on.

Show older
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!