Twitter | Pretraživanje | |
Tim Willis
Long time listener, infrequent tweeter. Currently Project Zero . Views are my own. Currently reading: "Brown Bear, Brown Bear, What Do You See?"
20
Tweetovi
111
Pratim
1.625
Osobe koje vas prate
Tweetovi
Tim Willis 7. sij
At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 26. stu
Odgovor korisniku/ci @damienmiller @paradoxengine
ex post rationalisation? 🍻
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 25. stu
Odgovor korisniku/ci @paradoxengine @damienmiller
paging for a hot take.
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 2. ruj
Odgovor korisniku/ci @itswillis
... TAG *only* saw iOS exploitation on these sites when TAG found them back in Jan 2019 (and yes, they looked for everything else as well). That said, anyone out there with full chain 0day in-the-wild from Android / Windows, feel free to reach out and we'd love to take a look!
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 2. ruj
Contrary to some commentary, Project Zero's long form blogs are based on deep technical research into 0-days and novel exploitation, not a commentary on target populations or the wider threat space. Specifically though in this case (and as a one-off), I can tell you that...
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 31. kol
Odgovor korisniku/ci @itswillis
3. The unglamorous but important work of code testing and review. Uncaught software development errors can have a huge impact on device security. Shout outs to all the testing/review/QA peeps out there - hopefully you can use these posts for more funding for your future work!
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 31. kol
Odgovor korisniku/ci @itswillis
2. The high rate of vulnerability discovery collisions between our team and real world attackers. Pressuring vendors to patch quickly, as well as vendors working hard to encourage quick patch adoption, is stopping demonstrated end-user harm.
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 31. kol
Having spent most of this week editing 184-page “blogbook”, I’d like to highlight three things so they don’t get missed: 1. 's JSC exploit piece () on patch gapping and n-day bugs being used as an easy way to score 0-day like capabilities
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 7. kol
Odgovor korisniku/ci @taviso
I think someone else has your badge. It was an entertaining chat, but his PoC was ordinary at best.
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 18. srp
Odgovor korisniku/ci @argvee @S9k i 3 ostali
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 17. srp
Odgovor korisniku/ci @S9k @dcuthbert i 2 ostali
It was a banana cake, you monster. Frosting would be an abomination!
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 17. srp
Odgovor korisniku/ci @dcuthbert @laparisa @benhawkes
Deadline exceeded -- automatically derestricting No one wanted to be in the photo, so I hope that you can reconstruct who was present using reflections off the foil. I'll leave that as an exercise for the reader.
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 17. srp
Odgovor korisniku/ci @dcuthbert @laparisa @benhawkes
Issue 0xF00D: Celebratory cake results in DoS of Project Zero team (Zurich). The cake has baked and is subject to a 90-minute disclosure deadline. After 90 minutes elapse or the cake is consumed (whichever is earlier), a picture of the cake will become visible to the public.
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 16. srp
Odgovor korisniku/ci @laparisa @dcuthbert @benhawkes
of course I knew that today was 5 years and I've been preparing a cake for this occasion! *scrambles madly to find a recipe book and attempt to bake something* watch this space! 🎂
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 15. srp
Odgovor korisniku/ci @parityzero
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 1. srp
Odgovor korisniku/ci @jasvir @zerointerupt @laparisa
I trust you enjoyed my gift. Your move.
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 4. ožu
Poll: Should all governments be required to produce high quality cybersecurity dance/music videos to support their national programs? e.g. from the Republic of Korea's (h/t )
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 4. ožu
Odgovor korisniku/ci @kate_mcinnes @zerointerupt @laparisa
Thanks mate and congratulations to you as well! We'll all have to catch up stateside sometime soon.
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 4. ožu
Odgovor korisniku/ci @jasvir @zerointerupt @laparisa
Oh it's on like the proverbial video game gorilla, my friend.
Reply Retweet Označi sa "sviđa mi se"
Tim Willis 2. ožu
Good times and looking forward to it! The die is cast on the twitter front - no turning back now. Honourable mentions to and for their previous attempts to goad me into twitter action.
Reply Retweet Označi sa "sviđa mi se"