Deleted tweet detection is currently running at reduced
capacity due to changes to the Twitter API. Some tweets that have been
deleted by the tweet author may not be labeled as deleted in the PolitiTweet
interface.
Showing page 118 of 151.
Joanna Rutkowska @rootkovska
:) https://t.co/SXZLKsq74E — PolitiTweet.org
Avi Kivity @AviKivity
@amidvidy maybe @rootkovska can explain it to me when she's back from her can't-trust-the-processor crusade
Joanna Rutkowska @rootkovska
@AviKivity @amidvidy IMHO only SGX offers a viable role to do this somehow meaningfully (TPM and TXT not so much). SGX requires custom code. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@rootkovska CC @Tails_live — PolitiTweet.org
Joanna Rutkowska @rootkovska
Proliferation of such attacks is a challenge esp. for Tails-like OSes. The "stateless laptop" might be a solution. https://t.co/A5dKXHgbXD — PolitiTweet.org
Dmytro Oleksiuk @d_olex
I wrote SMM callout vulnurability exploit for ThinkPad T450 that disables PRx SPI flash write protection https://t.co/suWs4qyp5A
Joanna Rutkowska @rootkovska
RT @A24: The Largest Analysis of Film Dialogue By Gender, Ever via @polygraphing https://t.co/9XYjJySI3a https://t.co/cp2YWhYR4b — PolitiTweet.org
Joanna Rutkowska @rootkovska
@CopperheadSec True, but we can defend against these pretty well. — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @ThePracticalDev: Things are mostly fine https://t.co/hVzuMRiIfx — PolitiTweet.org
Joanna Rutkowska @rootkovska
@rootkovska @CopperheadSec Also, for ME it's not the attack surface that we worry about most, it's the potential maliciousness of the ME. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@CopperheadSec I don't agree. CPU-level (RTL) backdoors would be orders of magnitude more difficult and less advanced than ME-level bdoors. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@bbhorne I think the main PITA might be our obsolete GUI in Dom0, not Qubes architecture. Sadly we've been struggling to find good UI devs.. — PolitiTweet.org
Joanna Rutkowska @rootkovska
... not to mention Intel can patch any of these "ask ME to disable itself" interfaces in no time... — PolitiTweet.org
Joanna Rutkowska @rootkovska
And it's rather dubious to rely on Intel ME to disable itself: if we trust it that much, then why not assume it simply is non-harmful to us? — PolitiTweet.org
Joanna Rutkowska @rootkovska
Sadly, the presented approaches seem either: 1) lead to a platform DoS, or 2) require asking ME to disable itself. https://t.co/1csiTzwJ8R — PolitiTweet.org
Kosyrev Serge @_deepfire
How to become the sole owner of your PC? Disabling #Intel ME / AMT on the fly: #PHDays VI talk by #PTResearch. https://t.co/e9encxGdfB
Joanna Rutkowska @rootkovska
Or maybe we should _not_ worry about the AI taking over the management of this planet? Meritocracy FTW? https://t.co/ELIhiT2PHp — PolitiTweet.org
Joanna Rutkowska @rootkovska
Shall we be worried more about the USG mass surveillance, or Silicon Valley's plans for AI to take over the world? https://t.co/pUUPb5mMn5
Joanna Rutkowska @rootkovska
Shall we be worried more about the USG mass surveillance, or Silicon Valley's plans for AI to take over the world? https://t.co/pUUPb5mMn5 — PolitiTweet.org
david moloney @cto_movidius
I agree with Andy Rubin who thinks we're on the cusp of an AI-fueled revolution https://t.co/tgMQei1TOf
Joanna Rutkowska @rootkovska
@helpnetsecurity How did you conclude I was surprised? — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @thegrugq: @rootkovska they are using security as part of their brand identity. Before that it was Linux purity. Neither market is big e… — PolitiTweet.org
Joanna Rutkowska @rootkovska
@thegrugq Sure, no problem with this. Just let's please be frank about the actual priorities and goals, shall we? — PolitiTweet.org
Joanna Rutkowska @rootkovska
I've been trying to engage Purism into making more trustworthy laptops for months. Sadly they seem to prefer launching new products and PR. — PolitiTweet.org
Joanna Rutkowska @rootkovska
Select Purism laptops are verified to run @QubesOS well. Security-wise they are not much different than other PCs. https://t.co/JJSyKhcT0H — PolitiTweet.org
PracticalPrivacy @ThePrivacyAgenC
@rootkovska you wouldn't recommend one of their laptops at the moment then?
Joanna Rutkowska @rootkovska
I wish Purism focused on making their existing laptops actually trustworthy, instead of launching new products & PR. https://t.co/LMOBeubANt — PolitiTweet.org
Engadget @engadget
Purism introduces privacy-focused 2-in-1 tablet https://t.co/lGD0GNYj11 https://t.co/vo8oeVVw6b
Joanna Rutkowska @rootkovska
Including a short talk from me on the challenges for commercializing opensource security products like @QubesOS: https://t.co/Mxo8UMEf4L — PolitiTweet.org
BlueYard Capital @blueyard
June 1st, Berlin: the mission to #upgradetheinternet & an open conversation with @Snowden https://t.co/u7el8MJb7D https://t.co/Sv7xszSF…
Joanna Rutkowska @rootkovska
RT @c7zero: @rootkovska @aionescu @d_olex We actually extracted VSM-protected creds & showed PtH attack demo on Win10 last Oct https://t.… — PolitiTweet.org
Joanna Rutkowska @rootkovska
@d_olex Because... SMM, right? @aionescu @c7zero — PolitiTweet.org
Joanna Rutkowska @rootkovska
@d_olex So, you mean you already gained (full?) access to the (physical) mem? @aionescu @c7zero — PolitiTweet.org
Joanna Rutkowska @rootkovska
In case you have no idea what VSM and Credential Guard might be, take a look at this short post from Microsoft: https://t.co/0j0n5Rt3Gw — PolitiTweet.org
Joanna Rutkowska @rootkovska
In the comments section @aionescu and @c7zero argue if @d_olex can indeed extract VSM-protected secrets (easily): https://t.co/iMdCkov5zS — PolitiTweet.org
Dmytro Oleksiuk @d_olex
Damn, I have to write my own code to parse physical memory dumps and extract Credential Guard protected information
Joanna Rutkowska @rootkovska
#DontPutNetworkingInYourTCB https://t.co/5P4fX0jtFX — PolitiTweet.org
Ryan Welton @Fuzion24
POC for remote Linux / Android kernel stack buffer overflow via WiFi https://t.co/sZW71rupja
Joanna Rutkowska @rootkovska
RT @hashbreaker: New blog post "Security fraud in Europe's 'Quantum Manifesto' ": https://t.co/wCea2azb30 #qkd #quantumcrypto #quantummanif… — PolitiTweet.org
Joanna Rutkowska @rootkovska
@marver @thegrugq @i0n1c Sure. Email clients also, especially if one combines work and personal. — PolitiTweet.org
