Joanna Rutkowska

Joanna Rutkowska @rootkovska

RT @halvarflake: There are a lot of "open secrets" in the IT security research community. Things everybody knows are broken, and just can't… — PolitiTweet.org

Joanna Rutkowska @rootkovska

@halvarflake Yet, somehow most of us make use our (wetware) brains without diagnostic tools with pretty good effect… https://t.co/YFwjAkHEJX — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @dinodaizovi: I remember when we had to [...] to get a decent shell account on the Internet, now Google gives them away for free! https:… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @JeffDean: On behalf of the Google Brain team, I wrote a summary of some of the things we did in 2017. This is part 1 of 2. I'm very p… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @revskills: Spectre and Meltdown: Data leaks during speculative execution | J. Horn (Google Project Zero) https://t.co/qCmTdwnaDm — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @AndreaBarisani: Excellent advisory and thanks for the USB armory mention :) "The user could take [additional protection for user secre… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @nicowaisman: The Stress of Remote Working. Really good points that i experience on my early years at @Immunityinc https://t.co/nUPuUyi… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @QubesOS: Qubes Security Bulletin #37 (Meltdown and Spectre attacks): https://t.co/1WYIrxZf5b — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @halvarflake: @scarybeasts @windsheep_ @nasko One could argue that in out-of-order architectures, CPUs and trust boundaries need to be c… — PolitiTweet.org

Joanna Rutkowska @rootkovska

@IgorSkochinsky I guess @h0t_max and @_markel___ could test it in practice? — PolitiTweet.org

Joanna Rutkowska @rootkovska

@IgorSkochinsky So, how do we know there is no specexec used on the very CPU that runs ME code? — PolitiTweet.org

Joanna Rutkowska @rootkovska

FWIW, I'm in a superposition of states of both liking and disliking SGX :) https://t.co/2QOXWsTdrT — PolitiTweet.org

Joanna Rutkowska @rootkovska

Yes, privsec _within_ ME, exactly this! Remember ME's Dynamically Loaded Applications (DAL)? They are essentially… https://t.co/EruFZMkDhE — PolitiTweet.org

Joanna Rutkowska @rootkovska

Yes, pirvsec _within_ ME, exactly this! Remember ME's Dynamically Loaded Applications (DAL), which are essentially JVM for semi-untrusted code (provided by 3rd parties)? How about we Meltdown or Spectre from there? https://t.co/8rDUkp3V1O — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @Evil_X_: @rootkovska @lavados @tehjh @misc0110 @anders_fogh I wonder if there’s a way to reach SMRAM and ME stolen memory with that too… — PolitiTweet.org

Joanna Rutkowska @rootkovska

Also, since Intel essentially controls the whole toolchain (i.e. the compiler) for building SGX enclaves, I expect… https://t.co/gMxsGYegxc — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @enisa_eu: Which are the main differences between #Meltdown and #Spectre? #ENISA looks into the critical processor vulnerabilities in ne… — PolitiTweet.org

Joanna Rutkowska @rootkovska

Expected, still interesting. Also note the attack requires the victim enclave to be "specifically" designed (… https://t.co/yKXT5UIDyN — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @aionescu: RIP @ACKFlags (Jaime Cochran) and @SecureDrop (James Dolan). 2018 is shaping out to be a fucking shitty year for #infosec all… — PolitiTweet.org

Joanna Rutkowska @rootkovska

@anders_fogh @misc0110 @mlqxyz @lavados @StefanMangard @yuvalyarom Thanks! — PolitiTweet.org

Joanna Rutkowska @rootkovska

@misc0110 @mlqxyz @lavados @StefanMangard @yuvalyarom Yup, but that's exactly my point. If you get even a single bi… https://t.co/BK3n8zo5Mf — PolitiTweet.org

Joanna Rutkowska @rootkovska

@anders_fogh @halvarflake @lavados @pinkflawd @ll1t Thanks, and good luck! :) — PolitiTweet.org

Joanna Rutkowska @rootkovska

@misc0110 @mlqxyz @lavados @StefanMangard @yuvalyarom I guess you might say that there is no need to scan the whole… https://t.co/QD0IcgC7bI — PolitiTweet.org

Joanna Rutkowska @rootkovska

@misc0110 @mlqxyz @lavados @StefanMangard @yuvalyarom So, in practice, how long would you estimate it should take t… https://t.co/nctBjiMIvH — PolitiTweet.org

Joanna Rutkowska @rootkovska

@misc0110 @mlqxyz @lavados @StefanMangard @yuvalyarom Thanks. So, why is the demo pic recovery so noisy? — PolitiTweet.org

Joanna Rutkowska @rootkovska

@anders_fogh @halvarflake @lavados @pinkflawd @ll1t I'm curious what: 1) made you leave in the first place? 2) what… https://t.co/QmyFLbEg0U — PolitiTweet.org

Joanna Rutkowska @rootkovska

@mlqxyz @misc0110 @lavados @StefanMangard @yuvalyarom So, the recovered image looks quite noisy... Consequently, ho… https://t.co/p89QXMEG4P — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @qrs: Speculative execution considered harmful in 1995: "Prefetching may fetch otherwise inaccesible instructions in Virtual 8086 mode."… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @rootkovska: @tehjh @anders_fogh Something much simpler than what you did :) See below. This is part of the work Rafał Wojtczuk and I di… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @lukOlejnik: I'm chosen to the World Wide Web (@W3C) Consortium's Technical Architecture Group (@W3CTAG). I'm happy and want to continue… — PolitiTweet.org