RT @BugsChromium
Security: ChromeOS root privilege escalation and android-root persistence (reward: $45000) crbug.com/1166932

RT @reyammer
📢 THE TIME HAS COME📢

Today I make public ALL *recordings* and updated slides (+ FAQ) for my mobile security class, MOBISEC 2020!

Everything is available, for free, at: mobisec.reyammer.io/slides!

Few words about this release in a short thread 👇

This was quite a journey that took multiple rounds of reviews, but the manuscript improved with every iteration. I am tempted to write a more detailed report of the whole process as encouragement to junior researchers not to give up in the face of rejection notices.

Show thread

Nearly 3 years after starting work on it, our (@ChadBrubaker__ @jeffvanderstoep) paper "The Android Platform Security Model" is now published in ACM Transactions on Privacy and Security (fully open access): dl.acm.org/doi/10.1145/3448609 covers versions up to Android 11.

RT @matthew_d_green
I want to stress that once these content scanning systems are in place (for child abuse imagery) their usage will expand. They will be retasked by governments all over the world to scan for speech we consider “protected”. This is the infrastructure of authoritarianism. 8/

RT @hyperelliptic
If want to brush up on some crypto & attacks here is my YouTube channel for "Introduction to Cryptology" youtube.com/channel/UC6crzceua The course page is hyperelliptic.org/tanja/teachi

Also check out our offers @TUeindhoven for cyber security with the IST master track IST.win.tue.nl

RT @ArminWolf
„Das Ansinnen, an der Wahrheitspflicht zu rütteln, ist meines Erachtens rein parteipolitisch motiviert und ein frontaler Angriff auf die Demokratie.“ derstandard.at/story/200012652

RT @RickRabiser
Hiring/please RT: The @jkulinz /@Dynatrace Co-Innovation Lab at the LIT Open Innovation Center CPS Lab officially started (Details/Press: jku.at/en/news-events/news/det) and we are searching for post-docs (jku.at/fileadmin/gruppen/80/St). @AndreasHametner @Pummex4 @LindingerCh @AloisReitbauer

RT @lucawilkeUzL
I am very happy to finally lift the curtain on our paper "undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation" that will appear at @wootsecurity.
Thanks @JanWichelmann, Florian Sieck and @tomcrypt for the great collaboration.
uzl-its.github.io/undeserved-t

RT @vanhoefm
Intel patched these vulnerabilities in the Management Engine as well.

It's still crazy to me how there's a whole OS that's hidden in the lower layers of your CPU... and that this OS supports Wi-Fi. twitter.com/vanhoefm/status/13

RT @torproject
Over the past several years, our Network Health team has built tools to diagnose and reject bad relays. As a result, we have rejected many malicious nodes, and we have started documenting them in monthly reports: gitlab.torproject.org/tpo/netw

RT @evacide
If you opt out of having your WhatsApp share data with Facebook, Facebook won't deactivate your account, but they will make WhatsApp largely unusable for you.

bleepingcomputer.com/news/tech

RT @vanhoefm
I found some design and implementation flaws in Wi-Fi again. All Wi-Fi devices are affected. It was a long ~9 months embargo, over this time a lot of info has been collected and that info now available at fragattacks.com

RT @jeffvanderstoep
"As with any large project, introducing a new language requires careful consideration. ... This post discusses some of the key design considerations and resulting decisions we made in integrating Rust support into Android’s build system."
security.googleblog.com/2021/0

RT @koush
Difficult to quantify what an ecological disaster Bitcoin is, but this comes close.

RT @sweis
Nice illustrations of hash collisions by @corkami / @angealbertini: github.com/corkami/collisions

RT @GretaThunberg
”Don’t let the perfect be the enemy of the good.”
Well, I don’t know about you but I don’t consider ”climate targets” putting us on track for 2,4°C and current policies indicating we’re headed for 2,9°C (excluding most tipping points, feedback-loops etc) to be ”good”.

RT @josephfcox
The CIA conducted a supply chain compromise of a phone used by an associate of Soleimani. Got tip Soleimani courier was buying fresh phones from a specific market; got spyware onto phones, one of which ended up in the same room as Soleimani news.yahoo.com/conspiracy-is-h

Show older
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!