Twitter | Search | |
thaddeus e. grugq
Security Researcher :: Cultural Attaché :: grugq@comae.com :: PGP :: Не верь, не бойся, не проси :: you can’t fight a meme with an exploit
280,419
Tweets
358
Following
101,966
Followers
 
View more photos
Tweets
thaddeus e. grugq 1m
Replying to @thegrugq
It should also be added that the “DNC hack” was actually attacks against multiple targets, included falsified data, and was a blatantly obvious Russian attack. Which was covered to death by infosec at the time. There was no mystery there.
View conversation · Reply Retweet Like
thaddeus e. grugq retweeted
Porkus Bellius III 7m
Replying to @thegrugq
Also when the stolen data is being trickled out to manipulate news cycles, and the publications absolutely know they are being played but stay quiet about it because they don't feel like they have any other choice.
View conversation · Reply Retweet Like
thaddeus e. grugq 7m
Replying to @SushiDude @k8em0
Don’t forget to add up the scores on how critical they are!
View conversation · Reply Retweet Like
thaddeus e. grugq 8m
You should back this awesome project to extract data on hacker history from the public record to public access.
View details · Reply Retweet Like
thaddeus e. grugq retweeted
Micheál Keane 12m
Replying to @thegrugq
The other big failure was the conflation of the publicly released Clinton SOS emails, the Podesta hack and the DNC hack into one single amorphous But Her Emails story. Thanks to the coverage, I wager most voters thought Wikileaks leaked Clinton's private server emails
View conversation · Reply Retweet Like
thaddeus e. grugq retweeted
Joseph Cox 13m
New from us: this is absolutely mad. A hacker broke into two apps used for GPS tracking cars; monitoring for employers etc. But the hacker gained the capability to remotely cut the engine, which is built into the product
View summary · Reply Retweet Like
thaddeus e. grugq 12m
Replying to @thegrugq
Dealing with stolen data that is provided as an exclusive scoop to an media outlet is a very hard ethical problem. It doesn’t get easier when multiple outlets have the material. This issue needs to be addressed now, while there’s time, before it is too late.
View conversation · Reply Retweet Like
thaddeus e. grugq 14m
Replying to @SushiDude @k8em0
Well, Linux does have more bugs so at least part of that is true? Or how does it go again?
View conversation · Reply Retweet Like
thaddeus e. grugq 15m
The “hack and leak and media coverage” attacks were far and away the most effective information operations of 2016. Media outlets are having a great time berating Twitter & Facebook (rightly so), but how about dealing w/the beam in their own eye before the mote in social media’s?
View details · Reply Retweet Like
thaddeus e. grugq retweeted
Donie O'Sullivan 58m
NEW w/: Most of the news organizations that CNN contacted for this story did not reveal any sweeping changes to its rules about publishing hacked materials since the 2016 election.
View summary · Reply Retweet Like
thaddeus e. grugq retweeted
John Regehr 21m
quick blog post on what has become my favorite first example of program verification to show students
View details · Reply Retweet Like
thaddeus e. grugq retweeted
Daniel Schauenberg 1h
Yubikeys are still one of my fav things. And in an ongoing attempt to move them more away from magic towards tech I understand I recently read the U2F protocol overview and it was such a fun read
View details · Reply Retweet Like
thaddeus e. grugq retweeted
Deadprogrammer 12h
AWS is not about paying for what you use, it’s about paying for what you forgot to turn off.
View details · Reply Retweet Like
thaddeus e. grugq 21m
Replying to @GossiTheDog
And honestly, it’s looking great. You go Greenland, be the best you!
View conversation · Reply Retweet Like
thaddeus e. grugq 21m
Replying to @k8em0
Geez. Way to be a negative nelly!
View conversation · Reply Retweet Like
thaddeus e. grugq retweeted
Katie Moussouris 54m
"“It's like an oversubscribed cell network,” Moussouris said. The idea that bug bounties provide “continuous coverage” because someone is always poking at the system looking for vulnerabilities “is predicated on a bottomless skilled labor market..that doesn’t exist"
View details · Reply Retweet Like
thaddeus e. grugq retweeted
Doyensec 1h
On insecure zip handling, Rubyzip and RCE (CVE-2019-5624). A new blog post is out! We look forward to the first(?) Metasploit module against Metasploit itself.
View details · Reply Retweet Like
thaddeus e. grugq retweeted
ringzerØ.training 1h
If you’re interested in vulnerabilities and Defense, there’s no better source to learn than from the masters themselves. and teach “SYSTEM FIRMWARE ATTACK AND DEFENSE” at . There’s scholarships too cc
View details · Reply Retweet Like
thaddeus e. grugq retweeted
glyph 12h
Replying to @lucaswiman @craigstuntz
If you're using a theorem prover to write & verify your C, you're not really *writing* C, you're using C as an incredibly tedious compiler backend. As I understand it, SEL4 was developed as an executable specification in Haskell before it was semi-automatically translated to C.
View conversation · Reply Retweet Like
thaddeus e. grugq retweeted
quarkslab 4h
"Android Application diffing: Engine Overview" In this blog post and describe the challenges of spotting changes between two versions of the same Android app and how they addressed them
View details · Reply Retweet Like
Load older Tweets