Joanna Rutkowska

Joanna Rutkowska @rootkovska

RT @x0rz: I don't know if this is the future or anything, but hot damn 😳 https://t.co/pNbfcotNj0 — PolitiTweet.org

Joanna Rutkowska @rootkovska

@MlleLicious @haroonmeer Ethics and empathy are two different things. One can be a very decent, ethics-obeying person, yet lacking empathy (ability to "simulate" or imagine mental states of the others in your mind, to use Hofstadter's analogy). — PolitiTweet.org

Joanna Rutkowska @rootkovska

@CipherWoman More than most people can imagine ;) — PolitiTweet.org

Joanna Rutkowska @rootkovska

@X_Cli_Public Heh, funny how I keep identifying infosec with offense, despite me spending the last nearly 10 years working on defense... Oh well, that certainly is telling ;) — PolitiTweet.org

Joanna Rutkowska @rootkovska

@hasherezade IOW, becoming a person which is too strong emotionally, too formidable, might not be such a great goal... There is beauty in vulnerability too. Not wide open exposure, of course. Just not a full bulletproofness ;) — PolitiTweet.org

Joanna Rutkowska @rootkovska

@hasherezade Being afraid that one is vulnerable, that others constantly want to exploit you, combined with strong ability to control (suppress) one's emotions (at least momentarily), makes one a very unhappy person. #IMHO — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @haroonmeer: This is an interesting observation, with interesting implications. - a lack of empathy seems correlated with “finding hole… — PolitiTweet.org

Joanna Rutkowska @rootkovska

@jarkman @blaine @attacus_au Very true. — PolitiTweet.org

Joanna Rutkowska @rootkovska

... and, of course, one infosec person I'm very intimately familiar with is... myself :/ SO much would like to be able use past simple in the former sentence, in the context of this thread at least, yet things are not that easy, unfortunately. — PolitiTweet.org

Joanna Rutkowska @rootkovska

Sadly, I think there is an inverse correlation between these inconsistencies-finding skills and the level of empathy. This makes lots of infosec people assholes. Observed these traits with many I've known :/ — PolitiTweet.org

Joanna Rutkowska @rootkovska

... and if you more of a “hole poker” type, be especially wary not to abuse this tendency in relations outside work. Won’t make you happy long term wise. #IMHO — PolitiTweet.org

Joanna Rutkowska @rootkovska

IMHO there are “only” two skills required in infosec: 1. curiosity about tech, and 2. tendency to spot holes in reasoning. Different people mix these two in various ratios. If #1 is stronger with you, you might feel more “outdated” after a longer break. — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @argvee: @WeldPond Just a quick side point... Not sure where people get their numbers from, but the levels I’ve heard are 11% in cyberse… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @WeldPond: Report: Women make up <25% of the cybersec workforce, which can lead to less innovation, inferior design, seriously underutil… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @WeldPond: How are people celebrating The Matrix 20th anniversary? https://t.co/7xituCCDTW — PolitiTweet.org

Joanna Rutkowska @rootkovska

@ProtonMail You mean an iOS app, not desktop, right? Also, any ETA for this? — PolitiTweet.org

Joanna Rutkowska @rootkovska

@krzyzanowskim @ProtonMail @CanaryMailApp I understood your earlier tweet as mocking of the idea of storing the key locally. Which is what I find reasonable. — PolitiTweet.org

Joanna Rutkowska @rootkovska

@krzyzanowskim @ProtonMail @CanaryMailApp I'm afraid that's what the idea of e2e encryption is about? :) — PolitiTweet.org

Joanna Rutkowska @rootkovska

@ProtonMail ... this kind of backdooring is, I think, significantly more difficult in case of classic app-distribution model, especially Appstore-like models. BTW, automatic updates make this distinction slightly less propounded, which is why, in some cases, some ppl might _not_ want these. — PolitiTweet.org

Joanna Rutkowska @rootkovska

@ProtonMail Some might say: today what's the difference: web or app? But I think the important difference is in the code distribution model: Web program "adhoc" distribution model makes it very easy to create nearly impossible to detect, user-targeting, ephemeral backdoors. — PolitiTweet.org

Joanna Rutkowska @rootkovska

So, to all the people recommending @ProtonMail -- it bothers me that apparently the only way to import your own keys is via their _web_ interface, rather than via the actual _app): https://t.co/V07n1hyM7F — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @QubesOS: Qubes OS 3.2 has officially reached end-of-life (EOL). We strongly urge all current Qubes 3.2 users to upgrade to Qubes 4.0 im… — PolitiTweet.org

Joanna Rutkowska @rootkovska

@valerino @raistolo @dinodaizovi @r3c0nst @barnaby_jack @Greghoglund Hey Valerino, thanks! — PolitiTweet.org

Joanna Rutkowska @rootkovska

Ah, https://t.co/lCmao5ApgQ... old times! :) — PolitiTweet.org

Joanna Rutkowska @rootkovska

@asylodev Enclave tech, TEEs. Perhaps a better, generic term would be: host-distrusting tech? — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @ErrataRob: The European Directive means that automated copyright protection tools must always err on the side of suppressing anything t… — PolitiTweet.org

Joanna Rutkowska @rootkovska

(Excuse the "leakiness" pun, @IntelSecurity ;P) — PolitiTweet.org

Joanna Rutkowska @rootkovska

I'm sure there will be criticism (false sense of security), but concept-wise I like this direction. Our industry is moving up on the ladder of abstractions with crazy speed, and we need _generic_ tech to patch the _leakiness_ of these abstractions, security-wise. — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @berendjanwever: Sounds very similar to the history of Information Security. https://t.co/XAwMTpFYuR — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @ErrataRob: So this is really, really bad. https://t.co/afOA1VrahB — PolitiTweet.org