rene_mobile’s avatarrene_mobile’s Twitter Archive

9,166 tweets

Recent:

  1. This will probably be my last direct post to Twitter. My account may or may not stay active, and I may or may not get to delete old posts. Auto-syncing from @rene_mobile@infosec.exchange has now been disabled. Please follow me on the Fediverse for further updates.
  2. Success! I can finally - selectively - screen share with a #flatpak-sandboxed #Zoom client (I certainly don't run that thing without a sandbox) running in a #KDE #Plasma session under #Wayland. There are two main parts required: 1. Set enableWaylandShare=true in (1/4)
  3. This is German article about the Binarly report of old OpenSSL in UEFI updates. RT heise_security: In einem BIOS-Update fanden Experten mehrere OpenSSL-Versionen, teils mit uralten Sicherheitslücken. Das wirft ein Schlaglicht auf Risiken von PC-Firmware. heise.de/news/UEFI-BIOS-mit-bekannt-unsicherem-Code-gespickt-7351884.html?wt_mc=rss.red.security.security.atom.beitrag.beitrag
  4. googleprojectzero.blogspot.com/2022/11/mind-the-gap.html has an interesting summary of ARM Mali security issue. Seemingly, this work finally closed a 0-day known and sold for some time that was never reported by that side of the market. Go, #ProjectZero, Go.
  5. googleprojectzero.blogspot.com/2022/11/mind-the-gap.html has an interesting summary of ARM Mali security issue. Seemingly, this work finally closed a 0-day known and sold for some time that was never reported by that side of the market. Go, #ProjectZero, Go.
  6. TIL: GTK/cairo applications - like #Firefox - don't like font antialiasing together with embedded bitmaps like in #emoji fonts. If e.g. unicode.org/emoji/charts/full-emoji-list.html doesn't display anything in the "Browser" column for you in #Firefox, then disabling antialiasing and/or allowing (1/2)
  7. In case anybody wants to play with the PQC key agreement #Google is currently using between internal systems (in addition to classic #X25519) as published at cloud.google.com/blog/products/identity-security/why-google-now-uses-post-quantum-cryptography-for-internal-comms, the code is available as open source: github.com/google/boringssl/blob/master/ssl/test/runner/key_agreement.go
  8. CW: #politics #climatecrisis Ok, I need to say this. I am terribly angry and frustrated about the #COP27 failure to make progress in reducing #CO2 emissions. Instead of agreeing on legally binding steps, (1/6)
  9. I documented some of my measurements and experiments with #OPNsense #unbound as a #DNS resolver: mayrhofer.eu.org/post/opnsense-unbound-performance/ TL;DR: unbound can be fast, even with blocklists and DNSsec validation, but suffers under heavy load with many concurrent requests.
  10. binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html Let's try to to better with software supply chain security, please? We are starting a new research lab on that front. If you are interested in pursuing a PhD along these lines, please reach out!
  11. Thank you! Now I can happily delete my Twitter account 😅 @internetofshit/1593493390007861248
  12. To all my followers: please find my follow-up account at infosec.exchange/@rene_mobile. With my security and privacy hat on, I am not sure how much longer Twitter remains a tenable option at this point. I might be requesting a deletion of all my Twitter account data on short notice.
  13. I have _never_ used the official Twitter mobile app, and never will. #Twidere has served me well for years, and is now excellent during the #twittermigration. @stevekrenzel/1589700721121058817
  14. If this instance keeps being slow, I might be moving over to infosec.exchange at some point. Luckily, the migration makes this pretty easy, but I would really, really like to be able to move old posts as well.
  15. Happy to have our last version of "The Android Platform Security Model" now included in the official August 2021 edition of ACM Transactions on Privacy and Security: dl.acm.org/doi/10.1145/3448609. Fully open access - download, read, share, feel free to use however it's helpful ;-)

Popular:

  1. Our paper on the Android Platform Security Model is now finally public: arxiv.org/abs/1904.05572. Many thanks to all the (partially anonymous) reviewers whose feedback has helped significantly to improve on earlier drafts as well as the many AOSP contributors. @DaveKSecure/1116531835071127552
  2. …in reply to @rene_mobile
    PS: Dear @nest, it is, technically speaking, perfectly possible to turn on heating locally without cloud services. See e.g. @openHAB
  3. Secure key handling for backdoors with multiple parties has not been shown workable in practice. Not a single time - and many have tried - did this work out securely at scale (at least we don't know any cases in public). So from our current best knowledge, we can't do it. @zackwhittaker/1235308493906812931
  4. Anybody, not just Apple (and our own P0, obviously): please do that for Android! We all benefit from learning about and fixing security vulnerabilities. If you find anything, please reach out and we'll happily support publication of details as soon as the fix is out, as usual. @mattblaze/1170109132260683776
  5. Happy to have our last version of "The Android Platform Security Model" now included in the official August 2021 edition of ACM Transactions on Privacy and Security: dl.acm.org/doi/10.1145/3448609. Fully open access - download, read, share, feel free to use however it's helpful 😉
  6. Nice - creating cloned fingerprints using off-the-shelf inkjet printer and have them work on current smart phones: cse.msu.edu/rgroups/biometrics/Publications/Fingerprint/CaoJain_HackingMobilePhonesUsing2DPrintedFingerprint_MSU-CSE-16-2.pdf

I’ve retweeted other tweets 6,736 times (73.5%)

Most Retweeted

  1. matthew_d_green 296 retweets
  2. binitamshah 235 retweets
  3. Snowden 138 retweets
  4. schneierblog 122 retweets
  5. torproject 89 retweets
  6. random_walker 82 retweets
  7. xkcdComic 77 retweets
  8. rootkovska 72 retweets
  9. acm_wisec 69 retweets
  10. sweis 62 retweets

Most Retweeted (Last 12 months)

  1. matthew_d_green 22 retweets
  2. acm_wisec 17 retweets
  3. lwnnet 13 retweets
  4. MishaalRahman 11 retweets
  5. xkcdComic 11 retweets
  6. mjg59 9 retweets
  7. evacide 9 retweets
  8. DaveKSecure 9 retweets
  9. internetofshit 8 retweets
  10. random_walker 7 retweets

Replies and Mentions

13.2% of my tweets are replies (×1,210)

Most Replies To

  1. matthew_d_green 87 replies
  2. taviso 11 replies
  3. rootkovska 11 replies
  4. collinrm 10 replies
  5. LeaKissner 9 replies

Most Replies To (Last 12 months)

  1. matthew_d_green 15 replies
  2. flo_walther 3 replies
  3. ciphergoth 2 replies
  4. MishaalRahman 2 replies
  5. ShaneHuntley 2 replies

I’ve sent someone a mention 40 times (0.4%)

80.7% of the links I’ve posted are using the https: protocol (3,141 of 3,891)

95.8% of the links I’ve posted in the last 12 months are using the https: protocol (364 of 380)

Top Domains

  1. twitter.com 930 tweets
  2. github.com 215 tweets
  3. xkcd.com 160 tweets
  4. lwn.net 71 tweets
  5. youtube.com 59 tweets
  6. schneier.com 58 tweets
  7. googleblog.com 54 tweets
  8. google.com 43 tweets
  9. nasa.gov 38 tweets
  10. jku.at 38 tweets

Top Hosts

  1. twitter.com 926 tweets
  2. github.com 207 tweets
  3. xkcd.com 83 tweets
  4. m.xkcd.com 77 tweets
  5. lwn.net 71 tweets
  6. www.youtube.com 58 tweets
  7. www.schneier.com 58 tweets
  8. apod.nasa.gov 38 tweets
  9. bit.ly 34 tweets
  10. medium.com 31 tweets

My tweets have been given about ♻️ 2,005 retweets and ❤️ 7,484 likes

Top 5 Emoji Used in Tweets

  1. 😉 used 17 times on 17 tweets
  2. 😅 used 15 times on 15 tweets
  3. 🤣 used 9 times on 9 tweets
  4. 😀 used 5 times on 5 tweets
  5. 👍 used 4 times on 4 tweets

38 unique emoji on 101 tweets (4.2% of all tweets***)

Top 5 Hashtags

  1. androidsecuritysymposium used 31 times
  2. signal used 7 times
  3. openwrt used 6 times
  4. supernexus used 6 times
  5. usmile used 5 times

320 hashtags on 316 tweets (13.0% of all tweets***)

Top 5 Swear Words

  1. d_mn used 2 times

2 swear words on 2 tweets (0.1% of all tweets***)

***: does not include retweets