Twitter | Pretraživanje | |
Chad Brubaker
Android Platform Security . All opinions are my own and terrible.
99
Tweetovi
89
Pratim
177
Osobe koje vas prate
Tweetovi
Chad Brubaker 28. sij
Odgovor korisniku/ci @claucece @SchmiegSophie
I will say though, reachability analysis is required if you're looking at apps containing this code, a lot of apps still (unfortunately) include that but only use when they're debugging while building their app. Of course I have found people who forgot to turn that off...
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 28. sij
Odgovor korisniku/ci @claucece @SchmiegSophie
The network security config APIs we designed were directly a result of terrible stack overflow advice.
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 24. sij
Highly privileged components that can introspect everything and will definitely only be used for good was naive and a deeply limiting mistake the first time around. Let's not repeat that.
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 21. sij
is the detailed writeup, the hardware protections section starts to answer your question.
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 16. sij
🤔 this https site seems modified I just can't put my finger on it. Redirecting to rickroll is fun, but I've always loved replacing all the images with the smiley more.
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 16. sij
And a MiTM test for cve-2020-0601 is added to nogotofail, in case you wanted a black box network testing tool it's over on github
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 15. sij
Odgovor korisniku/ci @SwiftOnSecurity
Ofc I do mobile device security, where we assume attackers can get on path easily, but I wouldn't consider the mitm work I've done atp level, just a somewhat physical proximate attacker with basic skills.
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 15. sij
Odgovor korisniku/ci @SwiftOnSecurity
Assuming that network mitms are limited to state level attackers is a stretch. If your devices are physically mobile (like laptops) you should assume getting on path is proximity + naming a wifi "starbucks" or similar common unauthed ssids that lots of devices have saved.
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker proslijedio/la je tweet
Lea Kissner 24. pro
Odgovor korisniku/ci @LeaKissner
We talk about how security and privacy folks need to know how to say yes and how to say no, that if you say no all the time, folks don't listen. We also need to talk about how S&P need to have the power to say no when needed. Because otherwise... approval is the only option.
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker proslijedio/la je tweet
Dino A. Dai Zovi 21. pro
No, they are not.
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 13. pro
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker proslijedio/la je tweet
Stephan Somogyi 4. pro
I'm hiring Android Platform Security Product Managers. Plural. I'm especially interested in candidates with a wide range of backgrounds. 1/8
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 4. pro
. and I with a happy "an update on" secure connection adoption on Android! I've been working on this since I was MiTMing all the things with nogotofail back in 2014, and it's pretty awesome to see how far it's all come
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker proslijedio/la je tweet
Daniel J. Bernstein 24. stu
Amazing compendium of failures of "provable security": . I saw a preprint months ago and the shock value of the huge lists still hasn't worn off. I think (and hope) this will put an end to the delusion that provable-security failures are isolated mistakes.
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 9. stu
It's not a security barrier sooooooooo
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 6. stu
Great article. Hopefully someday this won't be shocking to anyone.
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker proslijedio/la je tweet
Maddie Stone 30. lis
Hey current students, interested in a Security Engineer internship with Google? The application deadline closes TOMORROW, Oct 31 for CA and WA roles. Apply! Interested in a SE internship in Zurich? Deadline FRIDAY, Nov 1!
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker proslijedio/la je tweet
Sami Tolvanen 30. lis
Google Online Security Blog: Protecting against code reuse in the Linux kernel with Shadow Call Stack via
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 20. lis
Odgovor korisniku/ci @panthonysamy
Glad you liked the glass :)
Reply Retweet Označi sa "sviđa mi se"
Chad Brubaker 16. lis
Odgovor korisniku/ci @tqbf
Sure, and they're in a browser with a nice http stack and everything else is already X over http, but if we want everything to have encrypted DNS we need to have this in the OS's resolver, and pulling an http stack into that feels a bit overkill and a lot of exciting maintenance
Reply Retweet Označi sa "sviđa mi se"