|
John Loucaides
@
JohnLoucaides
|
|
VP of Engineering at Eclypsium, building firmware and hardware security. Security Researcher.
Views expressed here are my own.
|
|
|
756
Tweetovi
|
251
Pratim
|
265
Osobe koje vas prate
|
| Tweetovi |
| John Loucaides proslijedio/la je tweet | ||
|
Yuriy Bulygin
@c7zero
|
30. sij |
|
Our new research demonstrates that DMA attacks can compromise firmware (and OS) on enterprise laptops with hardware root of trust capabilities among the best in the industry. Very proud to work with the team here at @eclypsium twitter.com/eclypsium/stat…
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
Rick Altherr
@kc8apf
|
30. sij |
|
Our research team @eclypsium is growing. If you're interested in developing detection methods for PC firmware threats and vulnerabilities, send your resume/CV to careers@eclypsium.com. Portland, USA or Córdoba, Argentina preferred. DMs open for questions.
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
James Morris
@xjamesmorris
|
29. sij |
|
Cool new work from @dwizzzleMSFT 's team which adds certificate measurement to IMA: git.kernel.org/pub/scm/linux/…
This allows IMA signing keys to be remotely attested, rather than individual signatures, which operates a whole lot better at global scale.
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
dragosr
@dragosr
|
29. sij |
|
We will reserve a talk slot for most promising new speaker, age 25 and under, picked by our selection committee, fly them out to talk. For the top four submitters, including the winner, we'll give complentary seats at a Dojo of their choice (lim 1/course, rank choice) 2/4
|
||
|
|
||
|
John Loucaides
@JohnLoucaides
|
25. sij |
|
Some good points here. I'm frequently troubled by the way people may misunderand common hardware and firmware issues based on their representation in CVE and CVSS. The answer won't be easy but awareness/accessibility will be critical. twitter.com/yanaimoyal/sta…
|
||
|
|
||
|
John Loucaides
@JohnLoucaides
|
25. sij |
|
Great summary of risks and mitigations related to cloud. Easy to see how firmware/hardware fit into this given cloudborne (targeting multi-tenancy), bmc vulns (in supply chain), and myriad of recent hw issues (often config or firmware patch related). twitter.com/NSAGov/status/…
|
||
|
|
||
|
John Loucaides
@JohnLoucaides
|
25. sij |
|
Wow. It's been a while... Fun stuff. midi.org/articles-old/d…
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
George Takei
@GeorgeTakei
|
24. sij |
|
Ahem. We are expecting some royalties from this... twitter.com/realDonaldTrum…
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
Mickey
@HackingThings
|
24. sij |
|
An excellent blog post by @teddyreedv , a highly recommended read!
"Executing custom Option ROM on D34010WYK and persisting code in UEFI Runtime Services"
casualhacking.io/blog/2020/1/4/…
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
The Register
@TheRegister
|
16. sij |
|
Free work hack for every reader:
Get out of any meeting by claiming you thought the calendar invite was a phishing email.
Also works great for messages about deadlines and feature requests.
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
Trail of Bits
@trailofbits
|
16. sij |
|
We have a working proof-of-concept exploit for ‘Whose Curve is it Anyway?’ — NSA’s bug in Microsoft’s Crypto API.
Read on for our explainer:
blog.trailofbits.com/2020/01/16/exp…
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
NSA/CSS
@NSAGov
|
14. sij |
|
This #PatchTuesday you are strongly encouraged to implement the recently released CVE-2020-0601 patch immediately.
media.defense.gov/2020/Jan/14/20… pic.twitter.com/log6OU93cV
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
Maggie
@_m46s
|
14. sij |
|
Authored a piece on threat models! While often associated with early stages of software development, the process applies to firmware & hardware as well. Check out the benefits, five key steps, & @tianocore's real life EDK II threat model example: thenextweb.com/podium/2020/01… #IamIntel
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
Nicolas Krassas
@Dinosn
|
11. sij |
|
UEFI modules analysing with BinDiff IDA plugin
yeggor.github.io/UEFI_BinDiff/
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
mdowd
@mdowd
|
28. pro |
|
Might need to get one of these for the office pic.twitter.com/3ZvC9AEDFb
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
Daniel Moghimi
@danielmgmi
|
26. pro |
|
Merry XMass!! The source code is out: github.com/vernamlab/TPM-… twitter.com/danielmgmi/sta…
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
Mark Ermolov
@_markel___
|
27. pro |
|
As part of EDK II Minimum Platform initiative Intel started publishing their UEFI Silicon Packages for a few platforms in edk2-paltforms repository (github.com/tianocore/edk2…). They are heavily stripped down of course but some interesting information is remaining
|
||
|
|
||
| John Loucaides proslijedio/la je tweet | ||
|
Death Star PR
@DeathStarPR
|
25. pro |
|
Merry Sithmas, everyone! Celebrating in the traditional way: by lighting the Alderaan Christmas tree. pic.twitter.com/I2E9rd34cP
|
||
|
|
||
|
John Loucaides
@JohnLoucaides
|
24. pro |
|
This sounds like a great idea! twitter.com/CISAgov/status…
|
||
|
|
||