Twitter | Pretraživanje | |
John Loucaides
VP of Engineering at Eclypsium, building firmware and hardware security. Security Researcher. Views expressed here are my own.
756
Tweetovi
251
Pratim
265
Osobe koje vas prate
Tweetovi
John Loucaides proslijedio/la je tweet
Yuriy Bulygin 30. sij
Our new research demonstrates that DMA attacks can compromise firmware (and OS) on enterprise laptops with hardware root of trust capabilities among the best in the industry. Very proud to work with the team here at
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
Rick Altherr 30. sij
Our research team is growing. If you're interested in developing detection methods for PC firmware threats and vulnerabilities, send your resume/CV to careers@eclypsium.com. Portland, USA or Córdoba, Argentina preferred. DMs open for questions.
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
James Morris 29. sij
Cool new work from 's team which adds certificate measurement to IMA: This allows IMA signing keys to be remotely attested, rather than individual signatures, which operates a whole lot better at global scale.
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
dragosr 29. sij
We will reserve a talk slot for most promising new speaker, age 25 and under, picked by our selection committee, fly them out to talk. For the top four submitters, including the winner, we'll give complentary seats at a Dojo of their choice (lim 1/course, rank choice) 2/4
Reply Retweet Označi sa "sviđa mi se"
John Loucaides 25. sij
Some good points here. I'm frequently troubled by the way people may misunderand common hardware and firmware issues based on their representation in CVE and CVSS. The answer won't be easy but awareness/accessibility will be critical.
Reply Retweet Označi sa "sviđa mi se"
John Loucaides 25. sij
Great summary of risks and mitigations related to cloud. Easy to see how firmware/hardware fit into this given cloudborne (targeting multi-tenancy), bmc vulns (in supply chain), and myriad of recent hw issues (often config or firmware patch related).
Reply Retweet Označi sa "sviđa mi se"
John Loucaides 25. sij
Odgovor korisniku/ci @1o57
Wow. It's been a while... Fun stuff.
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
George Takei 24. sij
Ahem. We are expecting some royalties from this...
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
Mickey 24. sij
An excellent blog post by , a highly recommended read! "Executing custom Option ROM on D34010WYK and persisting code in UEFI Runtime Services"
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
The Register 16. sij
Free work hack for every reader: Get out of any meeting by claiming you thought the calendar invite was a phishing email. Also works great for messages about deadlines and feature requests.
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
Trail of Bits 16. sij
We have a working proof-of-concept exploit for ‘Whose Curve is it Anyway?’ — NSA’s bug in Microsoft’s Crypto API. Read on for our explainer:
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
NSA/CSS 14. sij
This you are strongly encouraged to implement the recently released CVE-2020-0601 patch immediately.
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
Maggie 14. sij
Authored a piece on threat models! While often associated with early stages of software development, the process applies to firmware & hardware as well. Check out the benefits, five key steps, & 's real life EDK II threat model example:
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
Nicolas Krassas 11. sij
UEFI modules analysing with BinDiff IDA plugin
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
mdowd 28. pro
Might need to get one of these for the office
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
Daniel Moghimi 26. pro
Merry XMass!! The source code is out:
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
Mark Ermolov 27. pro
As part of EDK II Minimum Platform initiative Intel started publishing their UEFI Silicon Packages for a few platforms in edk2-paltforms repository (). They are heavily stripped down of course but some interesting information is remaining
Reply Retweet Označi sa "sviđa mi se"
John Loucaides proslijedio/la je tweet
Death Star PR 25. pro
Merry Sithmas, everyone! Celebrating in the traditional way: by lighting the Alderaan Christmas tree.
Reply Retweet Označi sa "sviđa mi se"
John Loucaides 24. pro
This sounds like a great idea!
Reply Retweet Označi sa "sviđa mi se"