| Tweetovi |
| Jesse Michael proslijedio/la je tweet | ||
|
sshell
@sshell_
|
2. velj |
|
Fun fact: That job screening company that scans Twitter accounts for bad words has developers that commit plaintext passwords on GitHub.
... Maybe they're scanning the wrong website.
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Dogs are the best people
@_TheBestDogs
|
2. velj |
|
We don't deserve dogs pic.twitter.com/n9OhyAPqmV
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Rick Altherr
@kc8apf
|
30. sij |
|
Our research team @eclypsium is growing. If you're interested in developing detection methods for PC firmware threats and vulnerabilities, send your resume/CV to careers@eclypsium.com. Portland, USA or Córdoba, Argentina preferred. DMs open for questions.
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Jay Beale
@jaybeale
|
30. sij |
|
Really cool DMA attack work by @HackingThings and @jessemichael, with references to @UlfFrisk's DMA work as well. Blog post here: eclypsium.com/2020/01/30/dir…
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Yuriy Bulygin
@c7zero
|
30. sij |
|
DMA attacks are often misunderstood as requiring physical access to a device. However, in many cases they can be done remotely, like in this example of exploiting firmware on Nerwork Cards twitter.com/evil_x_/status…
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Sean Lyngaas
@snlyngaas
|
30. sij |
|
When Direct Memory Access and some methods for implementing it were designed, “the hardware threat model was very different from today,” - @securelyfitz
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Sean Lyngaas
@snlyngaas
|
30. sij |
|
"The actual adoption and correct uses of these features in the hardware …lags significantly behind when the feature is introduced in the marketplace,” @jessemichael.
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Sean Lyngaas
@snlyngaas
|
30. sij |
|
New --> Why direct-memory attacks on laptops just won't go away cyberscoop.com/direct-memory-…
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Eclypsium
@eclypsium
|
30. sij |
|
Eclypsium published new research exposing vulnerabilities to DMA attacks in laptops from HP and Dell. Our principal researchers, @HackingThings and @jessemichael show that high speed DMA attacks can bypass hardware protections on enterprise devices. bit.ly/313EEqN pic.twitter.com/OWhEux8F78
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
jayynecobb
@JayyneCobb
|
29. sij |
|
Bob Rossing a fucktup Apple pic.twitter.com/7OC7vveCjN
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Matthew Garrett
@mjg59
|
27. sij |
|
As we wait for another round of microcode updates for yet another CPU information leak, a reminder that the acting president of the FSF decided that it was inappropriate to tell users they were running insecure microcode because it's non-free: lists.gnu.org/archive/html/i…
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Erinn Atwater
@errorinn
|
27. sij |
|
- setting up a new Windows machine
- enter wifi info
- account screen: non-microsoft option is gone?!?
- google says local option only appears when offline
- 'back' doesn't go back to network info
- now i'm walking up the street with a laptop to get away from wifi so i can use it
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Cybergibbons! (Project Zero Hounslow)
@cybergibbons
|
18. sij |
|
When you send a disclosure and forget about the path you used in the screenshots: pic.twitter.com/0gV5pwFFYd
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Adrienne Porter Felt
@__apf__
|
17. sij |
|
You know that open offices are working well when a yellow coffin seems like a pleasant alternative twitter.com/mjg59/status/1…
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Eclypsium
@eclypsium
|
14. sij |
|
Listen to On the Metal podcast starring Eclypsium's @kc8apf. Rick discusses #firmware as the latest attack vector, impossible bugs and the impact these attacks have on organizations. Listen here: bit.ly/3ad1jVs
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
svbl
@svblxyz
|
10. sij |
|
This is the laptop you design after watching all those bad Hacker movie scenes. 😅 pic.twitter.com/wPERXIgaPZ
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Michael Ossmann
@michaelossmann
|
7. sij |
|
"Fast" food in 2020: I had my burger within 2 minutes of walking in the door. Then I waited 5 minutes for the ice machine to complete a firmware update.
|
||
|
|
||
|
Jesse Michael
@jessemichael
|
2. sij |
|
That vendors improperly decline to defend certain trust boundaries doesn't make the security implications and attacks against those boundaries go away. I guess you could call those "insecurity boundaries".
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
Andrew Kimmel
@andrewkimmel
|
31. pro |
|
Dear @AmericanAir,
After arriving back to LA from Indonesia, I was $275 EQDs under (yet 25K miles over) from maintaining status. You asked me to pay $1875 (?!) to keep status, so instead I booked a $400 rt ticket to Mexico for 24 hrs. Here’s how my fucking night went...
|
||
|
|
||
| Jesse Michael proslijedio/la je tweet | ||
|
SwiftOnSecurity
@SwiftOnSecurity
|
21. pro |
|
Live video of the red team when the shell connect pic.twitter.com/XjcdvPQyqZ
|
||
|
|
||