@AnnTelnaes ("Ann Telnaes") wrote:
Take a look at this wonderful long form visual commentary by @elerimai --->
Mama’s Gotta Work | The Nib https://thenib.com/mamas-gotta-work/?utm_source=thenib.com&utm_medium=twitter&utm_campaign=share via @thenib
@AnnTelnaes ("Ann Telnaes") wrote:
Take a look at this wonderful long form visual commentary by @elerimai --->
Mama’s Gotta Work | The Nib https://thenib.com/mamas-gotta-work/?utm_source=thenib.com&utm_medium=twitter&utm_campaign=share via @thenib
@volkadav ("Mike Jackson (see also: @volkadav@hachyderm.io)") retweeted:
@DavidLublin ("David Lublin") replied to a tweet by @DavidLublin:
Sam is almost accidentally right about one thing, there was a major generational shift, it happened when schools were desegregated and public funding for universities were cut because whites didn’t want to pay to educate black people. This led to our current student loan crisis.
@AnnTelnaes ("Ann Telnaes") wrote:
"It's not how you start, it's how you finish"
#KevinMcCarthyhttps://wapo.st/3ZjXCqP (free link)
@Extrawurst ("Stephan D.") retweeted:
@rust_analyzer ("rust-analyzer") wrote:
Changelog #163
This release adds enum discriminant hints, improves multi-character token support in macros, fixes a type inference bug with integer variables and adds ZIP-compressed Windows releases, which now include debug symbols.
https://rust-analyzer.github.io/thisweek/2023/01/09/changelog-163.html
@telegram ("Telegram Messenger") wrote:
You can suggest any photo or video for your contact to use as their profile picture – letting them add a new look for the new year in just two taps. #TelegramTips
@kumailn ("Kumail Nanjiani") retweeted:
@FastCompany ("Fast Company") wrote:
Kumail Nanjiani on being present, trusting yourself, and embracing chaos http://f-st.co/GOxWsZN
@bpreneel1 ("Bart Preneel") wrote:
Coordinated vulnerability disclosure requires a fair and constructive attitude from all parties. Bad-mouthing the researchers who help to improve your product is unacceptable.
New Year's resolution for all companies with software out there: don't do a Threema.with quote tweet:
@ThreemaApp ("Threema") wrote:
There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol
@schneierblog ("Schneier Blog") wrote:
Identifying People Using Cell Phone Location Data http://dlvr.it/SgbrYT
@gregoryneven ("Gregory Neven") wrote:
This is not the way to welcome a free, benevolent, and responsibly disclosed public analysis ( https://breakingthe3ma.app) of your protocol, @ThreemaApp. No need to turn a #securityfail into a #prfail, too.
with quote tweet:
@ThreemaApp ("Threema") wrote:
There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol
@martinralbrecht ("Martin R. Albrecht") wrote:
I've seen some bad vendor takes around public disclosures of vulnerabilities, but this one takes the cake. Flabbergasting!
with quote tweet:
@ThreemaApp ("Threema") wrote:
There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol
@CSatETH ("ETH CS Department") wrote:
ETH cryptographers @kennyog, @winterdeaf and @kientuong114 have conducted a security analysis and discovered various vulnerabilities in the secure messaging app Threema. Read their full paper here: http://breakingthe3ma.app
#threema #Security #messenger
http://bit.ly/3vPkhxE
@olensmar ("Ole Lensmar") retweeted:
🫣 Think (non)-functional tests are too complex and too expensive to implement thoroughly?
See how @LeanderReimer makes running security tests easy using #ZAP and #Testkube directly on your #Kubernetes cluster against your microservice #OpenAPIs 👇
@kumailn ("Kumail Nanjiani") wrote:
This was a good talk.
with quote tweet:
@BritishGQ ("British GQ") wrote:
After a decade of comedy success (and a bit of light blockbusting with Marvel and Star Wars), Kumail Nanjiani (@kumailn) is wading into the unknown with true crime drama Welcome to Chippendales.
https://bit.ly/GQKumailNanjiani
@Maryxus ("Maryxus Maddly") wrote:
J. W. GOD
with quote tweet:
@OvertimeGG ("Overtime Gaming") wrote:
Spell your name without these letters…😳
@Maryxus ("Maryxus Maddly") retweeted:
@jessiegender ("Jessie Earl") wrote:
Lol, I have dated multiple trans women and most trans people I know date other trans people. Walsh routinely proves he knows nothing about trans people outside of the straw man he peddles to his audience. But so do all transphobes.
with quote tweet:
@MattWalshBlog ("Matt Walsh") replied to a tweet by @MattWalshBlog:
Also it's always interesting to note how "trans women" never date other "trans women." It's almost like they recognize and act upon the very distinction that they demand everyone else ignore.
@kaepora ("Nadim Kobeissi") wrote:
Imagine charging money for an infinitely inferior product to the free, secure, nonprofit, open source @signalapp secure messenger, and then accusing the world-class team auditing your security for free of "overselling".
with quote tweet:
@ThreemaApp ("Threema") wrote:
There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol
After a constructive engagement with @ThreemaApp during responsible disclosure, this is unexpectedly dismissive. We broke their protocol 6 ways. They updated it, thanks to our work (http://breakingthe3ma.app). So of course our work applies to an old version.
with quote tweet:
@ThreemaApp ("Threema") wrote:
There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol
@gloupin ("Olivier 🐿️") wrote:
Researchers did responsible disclosure allowing the company time to fix the flaw.
Company: Hey look, they are attacking an old version of the protocol, booooooh.So, Threema, is this an invitation to directly publish the exploit, next time? :o
with quote tweet:
@ThreemaApp ("Threema") wrote:
There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol
@raphaelrobert ("Raphael Robert") replied to a tweet by @kennyog:
@kennyog Congratulations! I’m surprised how dismissive Threema’s reaction is:
with quote tweet:
@ThreemaApp ("Threema") wrote:
There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://threema.ch/bp/new-paper-on-old-threema-protocol
@1Br0wn ("Ian Brown 🇮🇨 🦣") replied to a tweet by @kennyog:
@kennyog Great work 😍 An interviewee told me last year: “users are unhappy with the disparity in the #E2EE and other security properties of the proliferation of current messaging clients… [let’s] take the best E2EE design and proliferate it via tech standards” https://openforumeurope.org/wp-content/uploads/2022/11/Ian_Brown_Private_Messaging_Interoperability_In_The_EU_DMA.pdf
@winterdeaf ("Matteo") wrote:
Much broken crypto, one common thread: bespoke, ill-designed cryptographic protocols.
Matrix, Mega, Threema, Telegram: secure primitives are not enough in complex applications. The new mantra shall be "don't roll your own protocol".
with quote tweet:
We (@winterdeaf @kientuong114 and I) took a deep dive on Threema, a Swiss-made secure messaging app. We found 6 new cryptographic vulnerabilities. Full paper at http://breakingthe3ma.app; mini-thread follows. #threema
@BeeBabylon_ ("Bee Babylon 🌐") wrote:
How does the drone know how old the coffins are?
with quote tweet:
@historyinmemes ("Historic Vids") wrote:
Drone discovers mysterious cave lined with 1,800 year old coffins
@Maryxus ("Maryxus Maddly") wrote:
I've always hated this argument, even when I was a Christian. It's a convenient excuse to force your beliefs on others, rather than spreading the word like Jesus said: through your good deeds and generally not being a selfish asshole
with quote tweet:
@remembrancermx ("Yonah Gerber") replied to a tweet by @remembrancermx:
Several Christians also informed me that proselytizing is a core part of Christianity so my not wanting it done to me or my family was infringing on their religious beliefs. The infringement of our family’s religious beliefs was not discussed.
@Maryxus ("Maryxus Maddly") retweeted:
@jessiegender ("Jessie Earl") wrote:
Im *totally* not talking about any recent controversy at all, but men can have boob jobs and still identify as men. Fuck the idea of rigid gender and body norms.
@Maryxus ("Maryxus Maddly") retweeted:
ok this looks based af
with quote tweet:
@Ha_Matar ("Haggai Matar") wrote:
Now: at least 20k people marching in Tel Aviv against the government. Many are chanting against apartheid, alongside pro-LGBTQ and anti-fascist messaging
@kientuong114 ("Kien Tuong Truong") wrote:
In early 2022 I started working with Kenny and Matteo on analyzing Threema, the messenger used by 🇨🇭govt, army and 🇩🇪 chancellor. Happy to say that the disclosure period is over and results are out! Fun vulnerabilities included :)
Check out our website: https://breakingthe3ma.app
with quote tweet:
We (@winterdeaf @kientuong114 and I) took a deep dive on Threema, a Swiss-made secure messaging app. We found 6 new cryptographic vulnerabilities. Full paper at http://breakingthe3ma.app; mini-thread follows. #threema
@kennyog replied to a tweet by @kennyog:
Enjoy our paper and commentary at http://breakingthe3ma.app; feedback welcome.
@kennyog replied to a tweet by @kennyog:
Lessons learned 3: be proactive rather than reactive - do security analysis (proofs) at the design stage and avoid the break-fix-release cycle.
@kennyog replied to a tweet by @kennyog:
Lessons learned 3: took a proactive (not reactive) approach to security: think about security proofs at the design stage.
@kennyog replied to a tweet by @kennyog:
Lessons learned 2: watch out for cross-protocol attacks (we found 2); use good key separation.