Deleted tweet detection is currently running at reduced
capacity due to changes to the Twitter API. Some tweets that have been
deleted by the tweet author may not be labeled as deleted in the PolitiTweet
interface.
Showing page 80 of 151.
Joanna Rutkowska @rootkovska
Add to the large collection of Xen privesc vulnerabilities which do not affect @QubesOS thanks to our distrusting a… https://t.co/ZjUnZhw1Vv — PolitiTweet.org
Open Source Security @oss_security
Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe:… https://t.co/APtudpwHg9
Joanna Rutkowska @rootkovska
@bcrypt Looking forward to, looks really cool so far! — PolitiTweet.org
Joanna Rutkowska @rootkovska
@bcrypt Will the iOS version have support for that e2e encrypted syncing with, say, Linux version? — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @halvarflake: This is sad, and ridiculous, and given everything I have heard rumored about Uber, not even surprising. https://t.co/y8I2I… — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @jessfraz: So glad she was able to share this. The behavior is not exclusive to Uber. It's at many other companies but people don't talk… — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @mjg59: Just so you know almost everything in that Uber story has happened to most women you know in tech at some point or another — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @susanthesquark: I wrote something up this weekend about my year at Uber, and why I left: https://t.co/SyREtfLuZH — PolitiTweet.org
Joanna Rutkowska @rootkovska
This https://t.co/mrySpr9yU9 — PolitiTweet.org
Peter Todd @peterktodd
In security, the guys who seem nice are more likely to be peddling BS, because pointing out broken stuff inevitably… https://t.co/BSxEqwlPRF
Joanna Rutkowska @rootkovska
@mik235 Of course I assume also a compromised P̶C̶Broswer AppVM. But the article about @letsencrypt described atta… https://t.co/beZNSE63jO — PolitiTweet.org
mik @mik235
@rootkovska this is still what u2f fixes. You're assuming a compromised PC, which is an impossible model for a website to defend against
Joanna Rutkowska @rootkovska
(Incidentally this is exactly the use model we designed @QubesOS for ;) — PolitiTweet.org
Joanna Rutkowska @rootkovska
2. trigger a trusted browser (e.g. for Paypal), which the OS enforces can only connect to https://t.co/CDDnJ8FObV over HTTPS. So, ok. — PolitiTweet.org
Joanna Rutkowska @rootkovska
1. trigger a browser not allowed to get credentials from 2FA to my PayPal, so no problem the website is named https://t.co/fO9mpNfvt0, or: — PolitiTweet.org
Joanna Rutkowska @rootkovska
Instead, the OS should enforce 2FAs only to defined apps/domains. This way the phishing attempt can either: — PolitiTweet.org
Joanna Rutkowska @rootkovska
"Unspoofable 2FA" alone is not the solution, because of proxy attacks. No meaningful 2FA in an OS where every app f… https://t.co/zAk9OowLjq — PolitiTweet.org
Patrick Gray @riskybusiness
Free CA @letsencrypt on the receiving end of some serious shade. Hope it gets on top of this.… https://t.co/u9MJG3ml30
Joanna Rutkowska @rootkovska
@DrPizza As illustrated on Fig 1 and discussed in the paper, they explicitly opted not to follow this path though. — PolitiTweet.org
Joanna Rutkowska @rootkovska
Maybe in some years to come Canadians will be able to say: "We used to be decent, before it was cool to be decent".… https://t.co/elgg3Cl50T — PolitiTweet.org
The Canadian Press @CdnPress
Here's Canadian Mounties greeting refugees from Somalia who walked across the border into Canada. THE CANADIAN PRES… https://t.co/irdiRzWLKp
Joanna Rutkowska @rootkovska
@jessfraz Hugs-As-A-(micro)-Service? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@mlowdi The above precaution is less important if one *always* runs *all* Windows AppVMs in offline mode, for reason explained above. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@mlowdi Yes. I have e.g. one template only with original MS software (for work) & 2nd with many 3rd party software (e.g. flight planning). — PolitiTweet.org
Joanna Rutkowska @rootkovska
So, if you worry (hypothetically) that your Windows or app updater might want to send your data away, this @QubesOS trick will prevent this. — PolitiTweet.org
Joanna Rutkowska @rootkovska
Useful trick: start Windows template VM (which has no user data), install/upgrade apps; then start Windows AppVM (w… https://t.co/7yu8ehOslQ — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc Oh, I use Windows-based VMs all the time in @QubesOS. They are often not given any net access though ;)
Joanna Rutkowska @rootkovska
@petertoddbtc Oh, I use Windows-based VMs all the time in @QubesOS. They are often not given any net access though ;) — PolitiTweet.org
Joanna Rutkowska @rootkovska
Maybe somebody will make a ReactOS-based template for @QubesOS? :) https://t.co/9PFcQ7Ce5L — PolitiTweet.org
Christian Blichmann @AdmVonSchneider
Seriously impressive. Congrats to the ReactOS team for releasing v0.4.4! https://t.co/aCnUsiCV9P
Joanna Rutkowska @rootkovska
@marco_giglio Yeah, this is really silly, IMHO. The whole point of SGX is not to rely on a hypervisor... @petertoddbtc — PolitiTweet.org
Joanna Rutkowska @rootkovska
Perhaps. Yet we all do that routinely, don't we? super-humans -> we, sub-humans -> animals. Unless you believe all… https://t.co/b1p3kAOLDx — PolitiTweet.org
Chris Laprise @ttaskett
@rootkovska Dividing people into "super-human" and "sub-human" categories as Nazis did, is antithesis of humanism.
Joanna Rutkowska @rootkovska
@petertoddbtc link? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc In theory yes, but in practice this would be very tricky.. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc Yes, their memory can be rd/wr by the host OS, so break the whole SGX model, useless in production. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc In theory these are unrelated (read: different contracts ;) — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc But whitelisted enclave singing key is a completely different thing. W/o this you can only run DEBUG enclaves. — PolitiTweet.org
