Twitter Feed: Posts

Twitter Feed

@AnnTelnaes ("Ann Telnaes") wrote:

Take a look at this wonderful long form visual commentary by @elerimai --->

Mama’s Gotta Work | The Nib https://thenib.com/mamas-gotta-work/?utm_source=thenib.com&utm_medium=twitter&utm_campaign=share via @thenib

Twitter Feed

@volkadav ("Mike Jackson (see also: @volkadav@hachyderm.io)") retweeted:

@DavidLublin ("David Lublin") replied to a tweet by @DavidLublin:

Sam is almost accidentally right about one thing, there was a major generational shift, it happened when schools were desegregated and public funding for universities were cut because whites didn’t want to pay to educate black people. This led to our current student loan crisis.

Twitter Feed

@AnnTelnaes ("Ann Telnaes") wrote:

"It's not how you start, it's how you finish"
#KevinMcCarthy

https://wapo.st/3ZjXCqP (free link)

Twitter Feed

@Extrawurst ("Stephan D.") retweeted:

@rust_analyzer ("rust-analyzer") wrote:

Changelog #163

This release adds enum discriminant hints, improves multi-character token support in macros, fixes a type inference bug with integer variables and adds ZIP-compressed Windows releases, which now include debug symbols.

https://rust-analyzer.github.io/thisweek/2023/01/09/changelog-163.html

Twitter Feed

@telegram ("Telegram Messenger") wrote:

You can suggest any photo or video for your contact to use as their profile picture – letting them add a new look for the new year in just two taps. #TelegramTips

Video:

Twitter Feed

@kumailn ("Kumail Nanjiani") retweeted:

@FastCompany ("Fast Company") wrote:

Kumail Nanjiani on being present, trusting yourself, and embracing chaos http://f-st.co/GOxWsZN

Twitter Feed

@kennyog retweeted:

@bpreneel1 ("Bart Preneel") wrote:

Coordinated vulnerability disclosure requires a fair and constructive attitude from all parties. Bad-mouthing the researchers who help to improve your product is unacceptable.
New Year's resolution for all companies with software out there: don't do a Threema.

with quote tweet:

@ThreemaApp ("Threema") wrote:

There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol

Twitter Feed

@schneierblog ("Schneier Blog") wrote:

Identifying People Using Cell Phone Location Data http://dlvr.it/SgbrYT

Twitter Feed

@kennyog retweeted:

@gregoryneven ("Gregory Neven") wrote:

This is not the way to welcome a free, benevolent, and responsibly disclosed public analysis ( https://breakingthe3ma.app) of your protocol, @ThreemaApp. No need to turn a #securityfail into a #prfail, too.

with quote tweet:

@ThreemaApp ("Threema") wrote:

There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol

Twitter Feed

@kennyog retweeted:

@martinralbrecht ("Martin R. Albrecht") wrote:

I've seen some bad vendor takes around public disclosures of vulnerabilities, but this one takes the cake. Flabbergasting!

with quote tweet:

@ThreemaApp ("Threema") wrote:

There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol

Twitter Feed

@kennyog retweeted:

@CSatETH ("ETH CS Department") wrote:

ETH cryptographers @kennyog, @winterdeaf and @kientuong114 have conducted a security analysis and discovered various vulnerabilities in the secure messaging app Threema. Read their full paper here: http://breakingthe3ma.app
#threema #Security #messenger
http://bit.ly/3vPkhxE

Twitter Feed

@olensmar ("Ole Lensmar") retweeted:

@devseccon wrote:

🫣 Think (non)-functional tests are too complex and too expensive to implement thoroughly?

See how @LeanderReimer makes running security tests easy using #ZAP and #Testkube directly on your #Kubernetes cluster against your microservice #OpenAPIs 👇

https://youtu.be/wsZwhgGa5sE

Twitter Feed

@kumailn ("Kumail Nanjiani") wrote:

This was a good talk.

with quote tweet:

@BritishGQ ("British GQ") wrote:

After a decade of comedy success (and a bit of light blockbusting with Marvel and Star Wars), Kumail Nanjiani (@kumailn) is wading into the unknown with true crime drama Welcome to Chippendales.
https://bit.ly/GQKumailNanjiani

Twitter Feed

@Maryxus ("Maryxus Maddly") wrote:

J. W. GOD

with quote tweet:

@OvertimeGG ("Overtime Gaming") wrote:

Spell your name without these letters…😳

Twitter Feed

@Maryxus ("Maryxus Maddly") retweeted:

@jessiegender ("Jessie Earl") wrote:

Lol, I have dated multiple trans women and most trans people I know date other trans people. Walsh routinely proves he knows nothing about trans people outside of the straw man he peddles to his audience. But so do all transphobes.

with quote tweet:

@MattWalshBlog ("Matt Walsh") replied to a tweet by @MattWalshBlog:

Also it's always interesting to note how "trans women" never date other "trans women." It's almost like they recognize and act upon the very distinction that they demand everyone else ignore.

Twitter Feed

@kennyog retweeted:

@kaepora ("Nadim Kobeissi") wrote:

Imagine charging money for an infinitely inferior product to the free, secure, nonprofit, open source @signalapp secure messenger, and then accusing the world-class team auditing your security for free of "overselling".

with quote tweet:

@ThreemaApp ("Threema") wrote:

There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol

Twitter Feed

@kennyog wrote:

After a constructive engagement with @ThreemaApp during responsible disclosure, this is unexpectedly dismissive. We broke their protocol 6 ways. They updated it, thanks to our work (http://breakingthe3ma.app). So of course our work applies to an old version.

with quote tweet:

@ThreemaApp ("Threema") wrote:

There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol

Twitter Feed

@kennyog retweeted:

@gloupin ("Olivier 🐿️") wrote:

Researchers did responsible disclosure allowing the company time to fix the flaw.
Company: Hey look, they are attacking an old version of the protocol, booooooh.

So, Threema, is this an invitation to directly publish the exploit, next time? :o

with quote tweet:

@ThreemaApp ("Threema") wrote:

There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol

Twitter Feed

@kennyog retweeted:

@raphaelrobert ("Raphael Robert") replied to a tweet by @kennyog:

@kennyog Congratulations! I’m surprised how dismissive Threema’s reaction is:

with quote tweet:

@ThreemaApp ("Threema") wrote:

There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol

Twitter Feed

@kennyog retweeted:

@1Br0wn ("Ian Brown 🇮🇨 🦣") replied to a tweet by @kennyog:

@kennyog Great work 😍 An interviewee told me last year: “users are unhappy with the disparity in the #E2EE and other security properties of the proliferation of current messaging clients… [let’s] take the best E2EE design and proliferate it via tech standards” https://openforumeurope.org/wp-content/uploads/2022/11/Ian_Brown_Private_Messaging_Interoperability_In_The_EU_DMA.pdf

Twitter Feed

@kennyog retweeted:

@winterdeaf ("Matteo") wrote:

Much broken crypto, one common thread: bespoke, ill-designed cryptographic protocols.

Matrix, Mega, Threema, Telegram: secure primitives are not enough in complex applications. The new mantra shall be "don't roll your own protocol".

with quote tweet:

@kennyog wrote:

We (@winterdeaf @kientuong114 and I) took a deep dive on Threema, a Swiss-made secure messaging app. We found 6 new cryptographic vulnerabilities. Full paper at http://breakingthe3ma.app; mini-thread follows. #threema

Twitter Feed

@BeeBabylon_ ("Bee Babylon 🌐") wrote:

How does the drone know how old the coffins are?

with quote tweet:

@historyinmemes ("Historic Vids") wrote:

Drone discovers mysterious cave lined with 1,800 year old coffins

Video:

Twitter Feed

@Maryxus ("Maryxus Maddly") wrote:

I've always hated this argument, even when I was a Christian. It's a convenient excuse to force your beliefs on others, rather than spreading the word like Jesus said: through your good deeds and generally not being a selfish asshole

with quote tweet:

@remembrancermx ("Yonah Gerber") replied to a tweet by @remembrancermx:

Several Christians also informed me that proselytizing is a core part of Christianity so my not wanting it done to me or my family was infringing on their religious beliefs. The infringement of our family’s religious beliefs was not discussed.

Twitter Feed

@Maryxus ("Maryxus Maddly") retweeted:

@jessiegender ("Jessie Earl") wrote:

Im *totally* not talking about any recent controversy at all, but men can have boob jobs and still identify as men. Fuck the idea of rigid gender and body norms.

Twitter Feed

@Maryxus ("Maryxus Maddly") retweeted:

@djmuel_ ("dj muel") wrote:

ok this looks based af

with quote tweet:

@Ha_Matar ("Haggai Matar") wrote:

Now: at least 20k people marching in Tel Aviv against the government. Many are chanting against apartheid, alongside pro-LGBTQ and anti-fascist messaging

Video:

Twitter Feed

@kennyog retweeted:

@kientuong114 ("Kien Tuong Truong") wrote:

In early 2022 I started working with Kenny and Matteo on analyzing Threema, the messenger used by 🇨🇭govt, army and 🇩🇪 chancellor. Happy to say that the disclosure period is over and results are out! Fun vulnerabilities included :)

Check out our website: https://breakingthe3ma.app

with quote tweet:

@kennyog wrote:

We (@winterdeaf @kientuong114 and I) took a deep dive on Threema, a Swiss-made secure messaging app. We found 6 new cryptographic vulnerabilities. Full paper at http://breakingthe3ma.app; mini-thread follows. #threema

Twitter Feed

@kennyog replied to a tweet by @kennyog:

Enjoy our paper and commentary at http://breakingthe3ma.app; feedback welcome.

Twitter Feed

@kennyog replied to a tweet by @kennyog:

Lessons learned 3: be proactive rather than reactive - do security analysis (proofs) at the design stage and avoid the break-fix-release cycle.

Twitter Feed

@kennyog replied to a tweet by @kennyog:

Lessons learned 3: took a proactive (not reactive) approach to security: think about security proofs at the design stage.

Twitter Feed

@kennyog replied to a tweet by @kennyog:

Lessons learned 2: watch out for cross-protocol attacks (we found 2); use good key separation.