Twitter | Search | |
thaddeus e. grugq
Security Researcher :: Cultural Attaché :: grugq@comae.com :: PGP :: Не верь, не бойся, не проси :: you can’t fight a meme with an exploit
280,419
Tweets
358
Following
101,966
Followers
Tweets
thaddeus e. grugq 1m
Replying to @thegrugq
It should also be added that the “DNC hack” was actually attacks against multiple targets, included falsified data, and was a blatantly obvious Russian attack. Which was covered to death by infosec at the time. There was no mystery there.
Reply Retweet Like
thaddeus e. grugq retweeted
Porkus Bellius III 7m
Replying to @thegrugq
Also when the stolen data is being trickled out to manipulate news cycles, and the publications absolutely know they are being played but stay quiet about it because they don't feel like they have any other choice.
Reply Retweet Like
thaddeus e. grugq 7m
Replying to @SushiDude @k8em0
Don’t forget to add up the scores on how critical they are!
Reply Retweet Like
thaddeus e. grugq 8m
You should back this awesome project to extract data on hacker history from the public record to public access.
Reply Retweet Like
thaddeus e. grugq retweeted
Micheál Keane 12m
Replying to @thegrugq
The other big failure was the conflation of the publicly released Clinton SOS emails, the Podesta hack and the DNC hack into one single amorphous But Her Emails story. Thanks to the coverage, I wager most voters thought Wikileaks leaked Clinton's private server emails
Reply Retweet Like
thaddeus e. grugq retweeted
Joseph Cox 13m
New from us: this is absolutely mad. A hacker broke into two apps used for GPS tracking cars; monitoring for employers etc. But the hacker gained the capability to remotely cut the engine, which is built into the product
Reply Retweet Like
thaddeus e. grugq 12m
Replying to @thegrugq
Dealing with stolen data that is provided as an exclusive scoop to an media outlet is a very hard ethical problem. It doesn’t get easier when multiple outlets have the material. This issue needs to be addressed now, while there’s time, before it is too late.
Reply Retweet Like
thaddeus e. grugq 14m
Replying to @SushiDude @k8em0
Well, Linux does have more bugs so at least part of that is true? Or how does it go again?
Reply Retweet Like
thaddeus e. grugq 15m
The “hack and leak and media coverage” attacks were far and away the most effective information operations of 2016. Media outlets are having a great time berating Twitter & Facebook (rightly so), but how about dealing w/the beam in their own eye before the mote in social media’s?
Reply Retweet Like
thaddeus e. grugq retweeted
Donie O'Sullivan 58m
NEW w/: Most of the news organizations that CNN contacted for this story did not reveal any sweeping changes to its rules about publishing hacked materials since the 2016 election.
Reply Retweet Like
thaddeus e. grugq retweeted
John Regehr 21m
quick blog post on what has become my favorite first example of program verification to show students
Reply Retweet Like
thaddeus e. grugq retweeted
Daniel Schauenberg 1h
Yubikeys are still one of my fav things. And in an ongoing attempt to move them more away from magic towards tech I understand I recently read the U2F protocol overview and it was such a fun read
Reply Retweet Like
thaddeus e. grugq retweeted
Deadprogrammer 12h
AWS is not about paying for what you use, it’s about paying for what you forgot to turn off.
Reply Retweet Like
thaddeus e. grugq 21m
Replying to @GossiTheDog
And honestly, it’s looking great. You go Greenland, be the best you!
Reply Retweet Like
thaddeus e. grugq 21m
Replying to @k8em0
Geez. Way to be a negative nelly!
Reply Retweet Like
thaddeus e. grugq retweeted
Katie Moussouris 54m
"“It's like an oversubscribed cell network,” Moussouris said. The idea that bug bounties provide “continuous coverage” because someone is always poking at the system looking for vulnerabilities “is predicated on a bottomless skilled labor market..that doesn’t exist"
Reply Retweet Like
thaddeus e. grugq retweeted
Doyensec 1h
On insecure zip handling, Rubyzip and RCE (CVE-2019-5624). A new blog post is out! We look forward to the first(?) Metasploit module against Metasploit itself.
Reply Retweet Like
thaddeus e. grugq retweeted
ringzerØ.training 1h
If you’re interested in vulnerabilities and Defense, there’s no better source to learn than from the masters themselves. and teach “SYSTEM FIRMWARE ATTACK AND DEFENSE” at . There’s scholarships too cc
Reply Retweet Like
thaddeus e. grugq retweeted
glyph 12h
If you're using a theorem prover to write & verify your C, you're not really *writing* C, you're using C as an incredibly tedious compiler backend. As I understand it, SEL4 was developed as an executable specification in Haskell before it was semi-automatically translated to C.
Reply Retweet Like
thaddeus e. grugq retweeted
quarkslab 4h
"Android Application diffing: Engine Overview" In this blog post and describe the challenges of spotting changes between two versions of the same Android app and how they addressed them
Reply Retweet Like