Deleted tweet detection is currently running at reduced
capacity due to changes to the Twitter API. Some tweets that have been
deleted by the tweet author may not be labeled as deleted in the PolitiTweet
interface.
Showing page 79 of 151.
Joanna Rutkowska @rootkovska
RT @Cloudflare: Incident report on memory leak caused by Cloudflare parser bug - https://t.co/rTZ4bFw3uJ — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @taviso: Cloudflare have been leaking customer HTTPS sessions for months. Uber, 1Password, FitBit, OKCupid, etc. https://t.co/wjwE4M3Pbk — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @arw: The sha1 collision blocks might have been a PDF header, but now we have them... https://t.co/v2vJRohBR0 https://t.co/FxdtQyJNyK ht… — PolitiTweet.org
Joanna Rutkowska @rootkovska
Is git susceptible to the SHA1 collision attacks also by 3rd-parties (in addition to maintainers, which it surely i… https://t.co/yuiCCzEtIg — PolitiTweet.org
Peter Todd @peterktodd
@rootkovska Tree objects may be the more concerning thing, because likely possible to hide extra data at the end of a tree obj from review.
Joanna Rutkowska @rootkovska
@petertoddbtc That I agree might be the most likely thing. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc ... which would also happen to be a valid string in the context of the commit? E.g. valid Python or C code? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc But they would need to control the hash in original sources for that? If we always place our commit on top, I don't see how? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc I'm somehow skeptical that this might work for anything other than binary blobs in PR? — PolitiTweet.org
Joanna Rutkowska @rootkovska
Otherwise the attacker might give us a benign commit which we happily merge (since benign), but have the colliding one to feed to our users. — PolitiTweet.org
Joanna Rutkowska @rootkovska
Extending this reasoning to git, I guess the "security best practices" for vendors should now be: always have your… https://t.co/XSnPcUfcbA — PolitiTweet.org
Joanna Rutkowska @rootkovska
INAC, but suspect this to be significantly harder? One of the hashes is fixed (the one for the trusted BIOS), so be… https://t.co/tixb078CuQ
Joanna Rutkowska @rootkovska
@sweis Sure, but the BIOS-nsa.bin would be colliding with BIOS-rest-of-the-world.bin only, since the NSA doesn't spy on Americans, right? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@sweis Yeah, that's what I meant: BIOS-usa.bin and BIOS-rest-of-the-world.bin, or something. — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @sweis: @rootkovska Yeah, you'd need to be able to tweak real firmware. But it would give you room to create your own malicious version. — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @ErrataRob: This SHA1 crack is for finding two colliding things. Finding one thing that collides is a different problem, SHA1 still secu… — PolitiTweet.org
Joanna Rutkowska @rootkovska
@sweis Oh, you mean like a vendor could have a backdoored version for special customers? :) — PolitiTweet.org
Joanna Rutkowska @rootkovska
INAC, but suspect this to be significantly harder? One of the hashes is fixed (the one for the trusted BIOS), so be… https://t.co/tixb078CuQ — PolitiTweet.org
Steve Weis @sweis
TPM 1.2 only supports SHA-1 and uses hashes to attest firmware and BIOS. Collisions could defeat trusted boot.
Joanna Rutkowska @rootkovska
RT @argvee: SHA-1 collisions are possible. Don't panic... just deprecate. https://t.co/AltokNuZ6j — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @FredericJacobs: Two-PDFs. Same size. Different content. Same SHA-1 hash. This is the first (known) SHA-1 collision in practice. https:/… — PolitiTweet.org
Joanna Rutkowska @rootkovska
OH: So, we've put a full blown networking stack into your TCB... But no worries, everything will be fine! https://t.co/doweMBfsy2 — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @NielsProvos: Another option for file sharing https://t.co/f2f7PYLhVu — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @zooko: The Near Future of Zcash: https://t.co/86DcUMWy8h — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @daniel_bilar: TIL: 10 reasons why two builds from same sources can be different [NetBSD fully reproc builds on amd64 & sparc64 https:/… — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @letoams: Don't trust governments or central banks, trust coders instead? Sure 😏 https://t.co/zlJnckZ0df — PolitiTweet.org
Joanna Rutkowska @rootkovska
@rbanffy Might not be your fault if your OS was compromised earlier remotely (or by Evil Maid)... — PolitiTweet.org
Joanna Rutkowska @rootkovska
@KopimiS FYI: https://t.co/wZpcRN4se6 — PolitiTweet.org
Joanna Rutkowska @rootkovska
Unless a border control can ensure this can't happen, shouldn't it be illegal to put users at risk this way? #INAL https://t.co/XGFPTTFQGU — PolitiTweet.org
Joanna Rutkowska @rootkovska
Imagine smby prepared a laptop so it actively tried to exploit border control inspection tools, and subsequently infects other ppl devices.
Joanna Rutkowska @rootkovska
Imagine smby prepared a laptop so it actively tried to exploit border control inspection tools, and subsequently infects other ppl devices. — PolitiTweet.org
Joanna Rutkowska @rootkovska
Not surprisingly this is a very similar problem to building secure VM introspection. I haven't seen a secure solution in this space yet. — PolitiTweet.org
Joanna Rutkowska @rootkovska
BTW, politics aside, there are highly non-trivial challenges in building secure tools for inspection of (untrusted)… https://t.co/GJF7Y8pcCa — PolitiTweet.org
Joanna Rutkowska @rootkovska
Add to the large collection of Xen privesc vulnerabilities which do not affect @QubesOS thanks to our distrusting a… https://t.co/ZjUnZhw1Vv
Joanna Rutkowska @rootkovska
"[The US customs] went through my computer. They were looking through Word documents (...) It was really humiliatin… https://t.co/c3cN7DyRUM — PolitiTweet.org
Xtra @dailyxtra
US Customs block gay Canadian man after reading his Scruff profile. https://t.co/NnD6DIiQNo https://t.co/SC0At2sv6X
