Most Recent 40 Tweets
Not including replies or retweets or mentions.
Tweets
-
This will probably be my last direct post to Twitter. My account may or may not stay active, and I may or may not get to delete old posts. Auto-syncing from @rene_mobile@infosec.exchange has now been disabled. Please follow me on the Fediverse for further updates.
-
Success! I can finally - selectively - screen share with a #flatpak-sandboxed #Zoom client (I certainly don't run that thing without a sandbox) running in a #KDE #Plasma session under #Wayland. There are two main parts required: 1. Set enableWaylandShare=true in (1/4)
-
This is German article about the Binarly report of old OpenSSL in UEFI updates. RT heise_security: In einem BIOS-Update fanden Experten mehrere OpenSSL-Versionen, teils mit uralten Sicherheitslücken. Das wirft ein Schlaglicht auf Risiken von PC-Firmware. heise.de/news/UEFI-BIOS-mit-bekannt-unsicherem-Code-gespickt-7351884.html?wt_mc=rss.red.security.security.atom.beitrag.beitrag
-
googleprojectzero.blogspot.com/2022/11/mind-the-gap.html has an interesting summary of ARM Mali security issue. Seemingly, this work finally closed a 0-day known and sold for some time that was never reported by that side of the market. Go, #ProjectZero, Go.
-
googleprojectzero.blogspot.com/2022/11/mind-the-gap.html has an interesting summary of ARM Mali security issue. Seemingly, this work finally closed a 0-day known and sold for some time that was never reported by that side of the market. Go, #ProjectZero, Go.
-
TIL: GTK/cairo applications - like #Firefox - don't like font antialiasing together with embedded bitmaps like in #emoji fonts. If e.g. unicode.org/emoji/charts/full-emoji-list.html doesn't display anything in the "Browser" column for you in #Firefox, then disabling antialiasing and/or allowing (1/2)
-
In case anybody wants to play with the PQC key agreement #Google is currently using between internal systems (in addition to classic #X25519) as published at cloud.google.com/blog/products/identity-security/why-google-now-uses-post-quantum-cryptography-for-internal-comms, the code is available as open source: github.com/google/boringssl/blob/master/ssl/test/runner/key_agreement.go
-
CW: #politics #climatecrisis Ok, I need to say this. I am terribly angry and frustrated about the #COP27 failure to make progress in reducing #CO2 emissions. Instead of agreeing on legally binding steps, (1/6)
-
I documented some of my measurements and experiments with #OPNsense #unbound as a #DNS resolver: mayrhofer.eu.org/post/opnsense-unbound-performance/ TL;DR: unbound can be fast, even with blocklists and DNSsec validation, but suffers under heavy load with many concurrent requests.
-
binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html Let's try to to better with software supply chain security, please? We are starting a new research lab on that front. If you are interested in pursuing a PhD along these lines, please reach out!
-
Thank you! Now I can happily delete my Twitter account 😅 @internetofshit/1593493390007861248
-
To all my followers: please find my follow-up account at infosec.exchange/@rene_mobile. With my security and privacy hat on, I am not sure how much longer Twitter remains a tenable option at this point. I might be requesting a deletion of all my Twitter account data on short notice.
-
I have _never_ used the official Twitter mobile app, and never will. #Twidere has served me well for years, and is now excellent during the #twittermigration. @stevekrenzel/1589700721121058817
-
If this instance keeps being slow, I might be moving over to infosec.exchange at some point. Luckily, the migration makes this pretty easy, but I would really, really like to be able to move old posts as well.
-
Happy to have our last version of "The Android Platform Security Model" now included in the official August 2021 edition of ACM Transactions on Privacy and Security: dl.acm.org/doi/10.1145/3448609. Fully open access - download, read, share, feel free to use however it's helpful ;-)
-
For helping with the #TwitterMigration, pruvisto.org/debirdify is a nice tool to automatically try to find people to follow on the #Fediverse. The heuristics for locating #Mastodon addresses seem to work pretty well if people include them in their Twitter profiles.
-
#introduction #twittermigration I am a computer scientist with additional interest in physics, philosophy and politics - my messages can therefore be expected to cover these in addition to a heavy focus on computer/network security. At the moment, I am a Professor at (1/2)
-
Although no parser ever messed up pure UTF-8 so far 😅 (Legacy protocols like DNS are hard to move.) @hashbreaker/1588135464145297409
-
The real, main advantage of Android (and the reason I have been working with/on it since 2008) is exactly this: that it is an open platform that supports innovation, flexibility, and user choice. Single gatekeepers are always a problem. 1/ @richminer/1587186280940593155
-
Following many new people on Mastodon these days and will try to boost as I see interesting topics come in. This will probably be a bit fluid for the next weeks. Still trying to stick to (mostly mobile, network, and digital ID) security, humor, and a bit of politics (1/2)
-
... on platforms that are not using a reasonably modern Android 😉 @matthew_d_green/1586459364168069120
-
I am incredibly proud of our students and researchers putting this together. @SIGFLAG_CTF was already successful before the "pause" in the last 2 years, but that restart is massive and shows the heightened interest in security. Kudos to everybody involved, and welcome to y'all. @SIGFLAG_CTF/1586109043793629184
-
For the last 10 years, whenever forced to create a #PayPal account to pay for something online, I have made it a priority to close it immediately afterwards. Too many unpleasant memories collected over time. @jeremyknauff/1584919295225729028
-
Padding is hard. Use CTR 😉 @RealTimeWWII/1585373345474048000
-
These are surprisingly informative dashboards. Well done, @BMKlimaschutz . @BMKlimaschutz/1583029221214937088
-
Licenses for auto-generated code will be even harder with ML models doing the generation. Who own the copyright? Whose IPR is involved? Which license is the compilation under, given that the generated code may have been "inspired" by code from a multitude of different sources? 1/ @DocSparse/1581461734665367554
-
Passwordless logins are a _big_ thing. Please watch this space. @ShaneHuntley/1580216935429525505
-
Because mastodon.technology is unfortunately shutting down, I am moving to a new account: @rene_mobile@mas.to. The same posting policies and automatic syncing through moa.party apply.
-
Translates nearly literally for German as well 😅 @__femb0t/1576536273501966338
-
Narrator's voice: no, they cannot. @ShaneHuntley/1572030994521427968
-
This is just brilliant. @ancient_james/1571123546033889280
-
Today I was reminded again that the #2 cause for network problems (still long after the evergreen #1 DNS) is contentious between BGP and PMTU discovery / MTU black holes. @rene_mobile/1545670612038860800
-
One of the unpredictable consequences of the whole #NFT craziness is that, nowadays, when I search for some of the more obscure @nftables incantations, I feel a much stronger tendency to bang my head against something.
-
There's something to this. I can see how incentives for PoS might actually align with contact discovery through blockchain constructs. (PoS with money attached is highly problematic, if the stake is social contracts, may less less so. Maybe.) @matthew_d_green/1563293395233443841
-
+100 Since my own PhD days, I have seen this as one of the worst parts of being in computer science academia (there are many good ones, but this one is deeply frustrating). Now, as a member of (too many) PCs, I keep losing arguments over accepting papers because of "novelty". 1/ @vardi/1562932318708310016
-
TIL: If #KDE gets blurry fonts after an upgrade (e.g. to @ubuntu 22.04), then # rm ./.config/kwinrc; kwin --replace is the magic incantation to fix it. (No, I have not debugged it any further...)
-
My @github profile github.com/rmayr has been 404ing for a while ("This page is taking too long to load."). Playing around with profile settings checkboxes didn't change anything. Dear Lazyweb: what am I missing?
-
This is your regular service announcement that container apps in Android need to be treated with care. There are some (limited) use cases for them, but often the security trade-offs are not worth it. It's much safer to use e.g. Android (work) profiles instead.
-
I'm sorry for all the users who have lost their savings in those recent issues, and so I need to say it again: reversibility of traditional bank transactions is a _feature_, not a bug. People in the loop to correct mistakes is a positive. Because other bugs *will* happen. @0xfoobar/1554627762807349249