|
Will Dormann
@
wdormann
|
|
Vulnerability Analyst at the CERT/CC. My thoughts are my own, not my employer's.
|
|
|
3,828
Tweets
|
463
Following
|
6,121
Followers
|
| Tweets |
| Will Dormann retweeted | ||
|
raptor
@0xdea
|
Feb 2 |
|
And here’s a wonderful post by OpenSMTPD’s main developer @PoolpOrg:
poolp.org/posts/2020-01-…
Very interesting insight on how a bug enters the code and becomes exploitable over time. twitter.com/0xdea/status/1…
|
||
|
|
||
|
Will Dormann
@wdormann
|
23h |
|
It is the CA's duty to revoke certificates issued for private keys that have been compromised (e.g. released to the public).
If your social experiment is to see how a CA treats a customer who repeatedly proves that they are unable to control their private key material, go nuts? pic.twitter.com/XlrqHFk7Xz
|
||
|
|
||
|
Will Dormann
@wdormann
|
Feb 1 |
|
Just out of curiosity, how'd you pick it out? I assume it was DER (or other) encoded in process memory?
|
||
|
|
||
|
Will Dormann
@wdormann
|
Feb 1 |
|
I'm sure that the CAs are fine with this.
|
||
|
|
||
|
Will Dormann
@wdormann
|
Feb 1 |
|
It goes back to 2000, if not earlier.
guninski.com/officedll.html
@FireEye should know better than to claim they were there first without being quite sure about it. pic.twitter.com/yMG5vSOWv3
|
||
|
|
||
| Will Dormann retweeted | ||
|
Saul Procterm
@pozdnychev
|
Jan 28 |
|
Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: openwall.com/lists/oss-secu…
PS: "Did you ever play tic-tac-toe?"
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 29 |
|
I think I'd like to have a word with the folks involved with the creation/distribution of this sign.
rubiconglobal.com/blog/aspiratio… pic.twitter.com/vkj0MunesC
|
||
|
|
||
| Will Dormann retweeted | ||
|
patrick wardle
@patrickwardle
|
Jan 28 |
|
macOS 10.15.3 is out, fixing a bunch of nasty (remote) bugs! 🍎🐛
support.apple.com/en-us/HT210919
...go patch! 🛡️ pic.twitter.com/m7u73AFEjd
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 27 |
|
Huh... I can honestly say that I've never noticed/clicked the "explore" icon until now.
|
||
|
|
||
| Will Dormann retweeted | ||
|
EFF
@EFF
|
Jan 27 |
|
BREAKING: We’ve confirmed that the Ring doorbell app on Android covertly shares personally identifiable information on its users with third-party companies, including Facebook.
eff.org/deeplinks/2020…
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 27 |
|
Are you aware that abuse@chase.com doesn't allow .eml attachments, despite requesting people to "forward this as an attachment"?
I feel like I've done all that I can do here. If you folks cannot understand what I'm trying to convey in this thread, I'm afraid I'm at a loss.
|
||
|
|
||
| Will Dormann retweeted | ||
|
Joseph Cox
@josephfcox
|
Jan 27 |
|
New: leaked documents, data, contracts show how hugely popular antivirus Avast now harvests internet browsing data and sells it for millions of dollars. Clients included Home Depot, Google, Microsoft. Documents show a product called "All Clicks Feed"
vice.com/en_us/article/…
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 27 |
|
If it was indeed Citrix (or Pulse), I almost get the impression that companies should care about CVSS-10 vulnerabilities with public exploits exposed to the broad internet.
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 26 |
|
Thanks, but I don't need your help in researching whether or not it's a phishing attempt.
I was simply trying to bring to your attention that Chase is sending out emails with an HTTP:// link to your website, rather than HTTPS://
Please do better.
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 26 |
|
"Occasional"?
Best I could find is that NAT is something that you can manually add to Hyper-V via PowerShell. And even then that it doesn't provide DHCP.
I'm currently running my VM with a static IP on the NAT network that I manually created. There's an easier way??
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 26 |
|
I'll move to Hyper-V for virtualization on my home computer...
Smaller attack surface, and enables the ability to use extra exploit mitigations.
1) Broadcom network driver causes BSODs when Hyper-V bridges a VM to that network.
2) Hyper-V NAT doesn't even provide DHCP.
Sigh... pic.twitter.com/EOzzVywXHG
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 26 |
|
My complaint is not what GIMP does with alpha information. My suggestion is that GIMP is perhaps doing the wrong thing when a user hits the "delete" key on their keyboard.
I suspect that I'm not in the minority in thinking that "delete" "deletes" things instead of "sets alpha"
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 26 |
|
I'm not sure that I believe you.
1) The email came from chase.com servers
2) The email doesn't link to any site not on the chase.com domain.
If it is a phishing email, you might have an insider threat problem. And a misguided one at that. pic.twitter.com/EDebzOe2yH
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 26 |
|
Hey @Chase ,
Find somebody at your organization that appreciates the difference between HTTP and HTTPS, and listen to them.
Thanks. pic.twitter.com/keFUzkbQBw
|
||
|
|
||
|
Will Dormann
@wdormann
|
Jan 26 |
|
Undo is a thing that I could expect people to want. But to implement an anti-erase feature that persists through the act of exporting to a completely new file format... That's unique.
As in, can you name a single other photo editing program that does this?
|
||
|
|
||