Twitter | Search | |
Marc Rogers
Ramblings of a Mad English Hacker: Hacker behind BBC's The Real Hustle & USA's Mr Robot. Head of SecOps for DEF CON. VP Cybersecurity Strategy for Okta.
10,229
Tweets
1,326
Following
12,838
Followers
Tweets
Marc Rogers Oct 15
America, you need serious help. Possibly an intervention of some kind.
Reply Retweet Like
Marc Rogers Oct 9
....or you could just use Kardia Mobile which has an Android client.
Reply Retweet Like
Marc Rogers Oct 8
Well for starters you can point out that he’s welcome to show up in Hamburg but he’ll be disappointed as the next CCC is in Leipzig. As for DEF CON maybe he should enter a few contest and prove his skill. Im sure the Packet Capture village will be a good place for a n00b.
Reply Retweet Like
Marc Rogers Oct 8
So dissed claiming “Apple made the first consumer wrist based EKG” (Kardia launched the Kardiaband in 2017). Yet it turns out Apple’s iWatch 4 (just got mine) doesn’t even ship with the feature enabled (later this year supposedly). Weak.
Reply Retweet Like
Marc Rogers Oct 4
Replying to @xphreckx @spacerog
Also just ordered a few different boards, for educational purposes.
Reply Retweet Like
Marc Rogers Oct 4
Replying to @xphreckx @spacerog
Also shares :)
Reply Retweet Like
Marc Rogers Oct 4
Replying to @spacerog
I don’t disagree, and Amazon’s rebuttal makes mincemeat put of the lack of supporting evidence.
Reply Retweet Like
Marc Rogers Oct 4
Replying to @spacerog
Also, is now a good time to start buying boards on Amazon? Asking for a friend.
Reply Retweet Like
Marc Rogers Oct 4
Replying to @spacerog
Its not a huge leap to get from hardware implants, firmware malware, chip microcode backdoors and supply chain attacks to this. Guess the ball is in Bloomberg’s court now.
Reply Retweet Like
Marc Rogers Oct 4
Replying to @thegrugq
Seems like Amazon is between a rock and a hard place. Ball now in Bloomberg’s court. 1 all, second serve.
Reply Retweet Like
Marc Rogers Oct 4
Replying to @fmanjoo @sethr and 2 others
However each also raised the defense bar, which is a good thing. Until systems and architectures are secure by design end to end, there will always be weak links. SSO is a great way for companies to manage specific elements of risk, but they still need to ensure secure designs.
Reply Retweet Like
Marc Rogers Oct 4
Replying to @fmanjoo @sethr and 2 others
Defences, like the threat landscape constantly evolve. We started with credentials, then SSO and 2FA, now its MFA and confirmed identity. Each solved problems each moved the risk further down the chain. Next up is zero trust and continuous evaluation of connection legitimacy.
Reply Retweet Like
Marc Rogers Oct 4
Replying to @fmanjoo @sethr and 2 others
No one security tool is a panacea. SSO wasn’t the issue in the Facebook hack. A flawed architecture that allowed exposure of system tokens and then exploitation via re-use of the same widely scoped internal tokens was the issue.
Reply Retweet Like
Marc Rogers Oct 3
Reply Retweet Like
Marc Rogers Oct 3
Replying to @RealTonyBradley
You were deliberately excluded. Only the chosen will survive.
Reply Retweet Like
Marc Rogers Oct 3
From now on I am calling these Presidential alert messages “Orange Alerts”.
Reply Retweet Like
Marc Rogers Oct 3
On the Facebook breach and its implications - RT : Facebook was breached. Here’s what we know (and don’t)
Reply Retweet Like
Marc Rogers Oct 3
I plead the 5th.
Reply Retweet Like
Marc Rogers Oct 1
confirming what most of us suspected: token was an internal post AuthN access token. So 2FA/U2F wouldn’t have helped. Also means passwords weren’t involved. Though downstream app security could be at risk. Attacker likely got messages, profile info, political info etc
Reply Retweet Like
Marc Rogers Sep 28
Replying to @anshublog
Not sure that would help much with an issue like this. You’d have to ask FB about any design decisions though.
Reply Retweet Like