|
Tim Willis
@
itswillis
|
|
Long time listener, infrequent tweeter. Currently Project Zero @Google. Views are my own.
Currently reading: "Brown Bear, Brown Bear, What Do You See?"
|
|
|
20
Tweetovi
|
111
Pratim
|
1.625
Osobe koje vas prate
|
| Tweetovi |
|
Tim Willis
@itswillis
|
7. sij |
|
At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic!
Here's P0's policy changes for 2020 (with our rationale for the changes):
googleprojectzero.blogspot.com/2020/01/policy…
|
||
|
|
||
|
Tim Willis
@itswillis
|
26. stu |
|
ex post rationalisation? 🍻
|
||
|
|
||
|
Tim Willis
@itswillis
|
25. stu |
|
paging @damienmiller for a hot take.
|
||
|
|
||
|
Tim Willis
@itswillis
|
2. ruj |
|
... TAG *only* saw iOS exploitation on these sites when TAG found them back in Jan 2019 (and yes, they looked for everything else as well).
That said, anyone out there with full chain 0day in-the-wild from Android / Windows, feel free to reach out and we'd love to take a look!
|
||
|
|
||
|
Tim Willis
@itswillis
|
2. ruj |
|
Contrary to some commentary, Project Zero's long form blogs are based on deep technical research into 0-days and novel exploitation, not a commentary on target populations or the wider threat space. Specifically though in this case (and as a one-off), I can tell you that...
|
||
|
|
||
|
Tim Willis
@itswillis
|
31. kol |
|
3. The unglamorous but important work of code testing and review. Uncaught software development errors can have a huge impact on device security. Shout outs to all the testing/review/QA peeps out there - hopefully you can use these posts for more funding for your future work!
|
||
|
|
||
|
Tim Willis
@itswillis
|
31. kol |
|
2. The high rate of vulnerability discovery collisions between our team and real world attackers. Pressuring vendors to patch quickly, as well as vendors working hard to encourage quick patch adoption, is stopping demonstrated end-user harm.
|
||
|
|
||
|
Tim Willis
@itswillis
|
31. kol |
|
Having spent most of this week editing @i41nbeer 184-page “blogbook”, I’d like to highlight three things so they don’t get missed:
1. @5aelo's JSC exploit piece (googleprojectzero.blogspot.com/2019/08/jsc-ex…) on patch gapping and n-day bugs being used as an easy way to score 0-day like capabilities
|
||
|
|
||
|
Tim Willis
@itswillis
|
7. kol |
|
I think someone else has your badge. It was an entertaining chat, but his PoC was ordinary at best.
|
||
|
|
||
|
Tim Willis
@itswillis
|
18. srp |
|
|
||
|
Tim Willis
@itswillis
|
17. srp |
|
It was a banana cake, you monster. Frosting would be an abomination!
|
||
|
|
||
|
Tim Willis
@itswillis
|
17. srp |
|
Deadline exceeded -- automatically derestricting
No one wanted to be in the photo, so I hope that you can reconstruct who was present using reflections off the foil. I'll leave that as an exercise for the reader. pic.twitter.com/5pJSx1DXYY
|
||
|
|
||
|
Tim Willis
@itswillis
|
17. srp |
|
Issue 0xF00D: Celebratory cake results in DoS of Project Zero team (Zurich).
The cake has baked and is subject to a 90-minute disclosure deadline. After 90 minutes elapse or the cake is consumed (whichever is earlier), a picture of the cake will become visible to the public.
|
||
|
|
||
|
Tim Willis
@itswillis
|
16. srp |
|
@laparisa of course I knew that today was 5 years and I've been preparing a cake for this occasion!
*scrambles madly to find a recipe book and attempt to bake something*
watch this space! 🎂
|
||
|
|
||
|
Tim Willis
@itswillis
|
15. srp |
|
myself included! trends.google.com/trends/explore…
|
||
|
|
||
|
Tim Willis
@itswillis
|
1. srp |
|
@jasvir I trust you enjoyed my gift. Your move.
|
||
|
|
||
|
Tim Willis
@itswillis
|
4. ožu |
|
Poll: Should all governments be required to produce high quality cybersecurity dance/music videos to support their national programs?
e.g. youtube.com/watch?v=LZqhJs… from the Republic of Korea's @kisa118 (h/t @maartenvhb)
|
||
|
|
||
|
Tim Willis
@itswillis
|
4. ožu |
|
Thanks mate and congratulations to you as well! We'll all have to catch up stateside sometime soon.
|
||
|
|
||
|
Tim Willis
@itswillis
|
4. ožu |
|
Oh it's on like the proverbial video game gorilla, my friend.
|
||
|
|
||
|
Tim Willis
@itswillis
|
2. ožu |
|
Good times and looking forward to it!
The die is cast on the twitter front - no turning back now. Honourable mentions to @zerointerupt and @laparisa for their previous attempts to goad me into twitter action. twitter.com/benhawkes/stat…
|
||
|
|
||