Twitter | Search | |
Search Refresh
Angela Walch 8 Apr 19
5 years after , is the internet infrastructure in better shape? Are critical open source projects adequately funded and maintained? Is the Core Infrastructure Initiative sufficient? Curious what people are seeing out there.
Reply Retweet Like
Nick Carr 4 Jan 18
An interesting thread is starting over here about side-channel attacks and comparisons between / and . Mainly the differences. Includes details on use of Heartbleed within 1 day of release to obtain session cookies & hijack internal VPN access.
Reply Retweet Like
sinobell Aug 19
Love this one. It is now added to the deck of slides for teaching. Next time is guest lecture at in October. I usually show students a illustration of arpanet from 1984. "This is the complexity the technology we use today was made for."
Reply Retweet Like
Daniel Bilar Nov 6
Many lessons (some non-obvious) on aftermath and strikingly poor remediation coverage for vital PKI infrastructure &
Reply Retweet Like
that_malware_guy 15 Apr 18
An interesting find. Website and open directory files encrypted with with extension d3g1d5. Has interesting directory called
Reply Retweet Like
John Opdenakker 15 Mar 19
A in the morning... I luckily don't see this so often anymore in SSL Labs scans.
Reply Retweet Like
Daniel Bilar 14 Dec 17
TaintCrypt: Static analysis for cryptographic property enforcement [Clang, LLVM, found ; paper ; proto-tool ]
Reply Retweet Like
Bogdan Kulynych 18 Jun 18
Publishing security advisories on updating broken OpenSSL versions did not help much. Only when happened people started updating the software. Lesson: get a logo!
Reply Retweet Like
David Danto 4 Nov 18
1/2 Not so fast. When you get all your system components from one vendor, the next or that comes out you get a single patch. Despite my SCREAMING about it for years, AV integrators haven't taken security seriously, and mixed component systems....
Reply Retweet Like
Andy. 4 Sep 19
Besides , are there actually any other exploitable irl / vulnerabilities, most if not all seem to be with no actionable exploits. Enlighten me twitter please 😀
Reply Retweet Like
Christophe Porteneuve 28 Oct 19
Hard dad moment #1725: when you leave in the morning like usual except that time around, the little one clings fiercely to you and is crying a river and howling that you're leaving
Reply Retweet Like
Luta Security 4 Jan 18
We are the 1st & only company that helps you plan strategically & operationally for vulnerability​ coordination, whether you're part of the embargo group or experiencing the vuln disclosure when it's fully public. Don't wait for the next or to prep.
Reply Retweet Like
Dave Levin 22 Feb 18
Our ACM CACM article on how website administrators (didn't) respond to is available at last! For more of our research on Heartlbeed and securing online authentication, check out
Reply Retweet Like
Christopher Glyer 22 Jul 19
Replying to @cglyer
I say “my money is on APT18” because they weaponized in 2014 against Juniper SSL VPN devices within 24ish hours of vulnerability disclosure...& they love remote access to enterprise networks without using backdoors (or removing backdoors after gaining access to VPN)
Reply Retweet Like
Rapid7 23 Jul 18
Want to know what's most commonly found during a ? Tomorrow we'll tell you in our annual research report.
Reply Retweet Like
Christopher Allen 10 Jan 19
One of the challenges today in blockchain & cryptographic security is the “free rider” problem where large organizations benefit hugely from the efforts of a few critical open source cryptographic developers, but do not fully support them. This led to events like
Reply Retweet Like
surmandal 31 May 18
Indeed a good initiation but the dark side is, they need to make sure that no vulnerability exists and alternative control is in place. I can see still vulnerability exists on few server. Lets patch first, we @rigotechnology can help
Reply Retweet Like
Khaled Yakdan Jul 3
Another anonymized example we encountered. Making sure that you don't overflow the destination buffer is good. But, also make sure not to overread from the input buffer. is a great example of how critical buffer over-reads can be.
Reply Retweet Like
Phackt 7 Jan 18
Some servers still vuln to this old CVE
Reply Retweet Like
Sofblocks Jun 7
OhSINT - I have just completed this room! Check it out: https:*F/tryhackme.com/room/ohsint #1 via 11 #DirtyCOW
Reply Retweet Like