Joanna Rutkowska

Joanna Rutkowska @rootkovska

RT @matthew_d_green: You can log into a Mac as root/(null)? How does a bug like that even happen? — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @wdormann: The Apple High Sierra root issue is bad. If you have exposed "Screen Sharing", you can allow people into your machine with f… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @NielsProvos: Apple MacOS High Sierra Security Flaw Lets Anyone Get Root Access, No Password Required https://t.co/vcrMGQEHW1 — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @halvarflake: TIL the term "paperware", as in "vaporware that was only written for an academic paper and fails to generalize outside of… — PolitiTweet.org

Joanna Rutkowska @rootkovska

Yes, but SCONE seems to be 1) paperware(?), and 2) I don't like its proxing architecture. The authors seems to be c… https://t.co/tIogRf9Cyo — PolitiTweet.org

Joanna Rutkowska @rootkovska

@alt_kia So, this sounds like a smart solution, which, after more thought, is not so. Consider e.g. the victim went for a walk to the park. — PolitiTweet.org

Joanna Rutkowska @rootkovska

A well known attack via proxying of the token. Applies as well to computer tokens. There are only(?) two solutions… https://t.co/v6BnvCHO6A — PolitiTweet.org

Joanna Rutkowska @rootkovska

A well known attack via proxying of the token. Applies as well to computer tokens. There are only(?) two solutions AFAIK: 1. Fit a button on the token (e.g. Yubikey), 2. Introduce _latency_ limitation for the challenge-response (I heard car manufactures actually use this, no?) https://t.co/tIiSydPLD — PolitiTweet.org

Joanna Rutkowska @rootkovska

Anyone can recommend a project similar to Graphene-SGX [1] only... with better code quality? So, a libOS-like arch… https://t.co/5IB0LBSRzD — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @QubesOS: Qubes OS 4.0-rc3 has been released! https://t.co/gBynBb2frd — PolitiTweet.org

Joanna Rutkowska @rootkovska

This! (PED = Pin Entry Device). https://t.co/R9Wvot4OJS — PolitiTweet.org

Joanna Rutkowska @rootkovska

@whvholst Please stop! :) — PolitiTweet.org

Joanna Rutkowska @rootkovska

@whvholst So what? Have the user send the same amount, just to a different account. In a more sophisticated scenari… https://t.co/16LJ59bCTX — PolitiTweet.org

Joanna Rutkowska @rootkovska

Valid question. The difference is in the cost of the attack and, even more so, in the PR damage, if they shipped ba… https://t.co/2pyfL5uLod — PolitiTweet.org

Joanna Rutkowska @rootkovska

This is a classic misunderstanding: if the app/software stack is compromised, the hardware token usually helps litt… https://t.co/zvY6xiHuwG — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @mruef: German infosec researcher find severe issues in 31 banking apps. They withhold *ALL* the infos until the end of year to announce… — PolitiTweet.org

Joanna Rutkowska @rootkovska

@letoams I'm afraid somebody else would have to do this... Too busy living my life ;) — PolitiTweet.org

Joanna Rutkowska @rootkovska

Some high-level info about Dell BIOS updates in the paper (2013) linked below. Smbdy can please start gathering all… https://t.co/wkpLz2ced4 — PolitiTweet.org

Joanna Rutkowska @rootkovska

Thanks! (And they say @QubesOS ISO download & verification is not very user friendly... ;) https://t.co/lO1GhCtjWK — PolitiTweet.org

Joanna Rutkowska @rootkovska

@luizrmgarcia But I am a regular user! ;) — PolitiTweet.org

Joanna Rutkowska @rootkovska

I have specifically asked about authenticity & integrity, not about trustworthiness/harmfulness. Please re-read my… https://t.co/YC4N3KTZwI — PolitiTweet.org

Joanna Rutkowska @rootkovska

Dear @Dell, how can I verify authenticity & integrity of the BIOS updates for your XPS laptops you publish on your… https://t.co/o97kAfUAJt — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @unixterminal: I am seeking feedback on my Awesome UNIX list on @github: https://t.co/Dq4Sci2Ogg. Please open issues/PRs there. @nixcraf… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @Lesism: Can you find the circles in this image? Thy are actually VERY obvious, but you're not going to see them so clearly until you'v… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @petertoddbtc: @rootkovska Remind me never to waste time writing an exploit and just focus on making software that's secure by design... — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @k8em0: Paying a ransom isn't illegal, not should it be. Evading breach notification laws is illegal because the laws were made to stop… — PolitiTweet.org

Joanna Rutkowska @rootkovska

#infosec :/ https://t.co/PC1SbcMR5V — PolitiTweet.org

Joanna Rutkowska @rootkovska

"[The hackers] demanded $100,000 to delete their copy of the data." "Uber [paid the ransom]. [Then] pushed them t… https://t.co/yCpuTCwTkS — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @biggzi: Top 100 #Cryptocurrencies described in 4 words or less! Very handy for anyone new to #Crypto #Bitcoin & #Blockchain https://t.c… — PolitiTweet.org

Joanna Rutkowska @rootkovska

RT @parityzero: @tehjh Intel advisory generator: "Multiple unspecified issues in unspecified component in unspecified platform of unspecifi… — PolitiTweet.org