Twitter Feed: Posts

Twitter Feed

@AlanTudyk ("alan tudyk") retweeted:

@williamlegate ("William LeGate") wrote:

guy who wants to “eradicate” transgender people off the face of this Earth spotted in 4K partying w/ drag queens

Twitter Feed

@AlanTudyk ("alan tudyk") retweeted:

@mehdirhasan ("Mehdi Hasan") wrote:

"Is it too much to ask that we, the US taxpayers, don't fund pogroms abroad?"

My @MSNBC commentary on the settler mob attack on a Palestinian village that was endorsed by a sitting Israeli minister, but described even by an Israeli general as a "pogrom."

Video:

Twitter Feed

@telegram ("Telegram Messenger") wrote:

You can delete any message in 1-on-1 chats for just yourself or for everyone. Telegram users have complete control over their digital footprint – and can make sure nobody spoils the surprise. #TelegramTips

Video:

Twitter Feed

@AnnTelnaes ("Ann Telnaes") wrote:

https://anntelnaes.substack.com/p/celebrating-women-who-tell-our-stories?utm_source=twitter&sd=pf

Twitter Feed

@33mhz ("Querelle de Brestine-Boubilie") retweeted:

@MercuryBD ("Stefan Trifunović") replied to a tweet by @MercuryBD:

Also here's the before and after spaceship redesign 😉

Video:

Twitter Feed

@olensmar ("Ole Lensmar") retweeted:

@Monokle_io ("Monokle - Git-enabled Kubernetes Config Tool") wrote:

Many tools offer validation for large Kubernetes resources. But, with Monokle you can create custom community plugins for tools like Argo CD & Prometheus!
Let the brilliant, Wito Delnat guide you through the easy process of building community plugins👇
https://loom.ly/UkQqEmw

Twitter Feed

@33mhz ("Querelle de Brestine-Boubilie") retweeted:

@sethharpesq ("Seth Harp") wrote:

Three main things you need to know for the 20th anniversary of the invasion of Iraq:

  1. all the people who did it are still in charge
  2. they're not even a little bit sorry for having killed a million innocent people
  3. the second they get the chance, they'll do it again
Twitter Feed

@schneierblog ("Schneier Blog") wrote:

New National Cybersecurity Strategy http://dlvr.it/SkRQP7

Twitter Feed

@kennyog retweeted:

@MEGAprivacy ("MEGA") wrote:

MEGA has updated its client software to address vulnerabilities that could have impacted end-to-end security, read more on our blog:
https://blog.mega.io/e2ee-security-update/

Twitter Feed

@kennyog replied to a tweet by @kennyog:

To close this thread on a round number: thanks for reading to the end, and check out the paper at: https://mega-caveat.github.io (16/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

On a personal note, working with @martinralbrecht, @M__Haller , Lenka Mareková was a blast - basically, this is the dream team when it comes to analysing “Crypto in the Wild”. (15/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

We disclosed the attacks to MEGA on 29.09.2022. The disclosure process has been super smooth again - kudos to the MEGA team and thanks for the bounty. They’re releasing an update today, their blog at https://blog.mega.io/e2ee-security-update will have details. (12/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

MEGA have made quite significant changes to their crypto - ECB is gone for RSA private key encryption, replaced with AES-GCM, the verbose error reporting is removed, and more. It’s been a complex task for MEGA to “repair the aeroplane in flight”. (13/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

Our paper “Caveat Implementor! Key Recovery Attacks on MEGA” will appear at Eurocrypt 2023. Thanks to the program chairs and committee for accepting our work. (14/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

What makes the attacks possible is that we also found an ECB encryption oracle in MEGA file-sharing. This lets us overwrite certain portions of the RSA private key with chosen data. Very handy for doing attacks, e.g. making sure all the math happens in a small subgroup. (10/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

The paper has an easter egg: an improved attack on the original, unpatched MEGA system. The original attack needed 512, this was improved to 6 logins by Keegan Ryan and Nadia Heninger in https://eprint.iacr.org/2022/914. Now we only need 2 logins. (11/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

Both attacks get us to the desired ECB decryption oracle. They need quite a lot of client logins - about 600 for the faster of the two. So quite hard to pull off - but not much harder than the previous, broken version of MEGA. (8/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

Once we have the ECB decryption oracle, we can recover the RSA private key block-by-block. But why do that when you can pull out the big guns? Naturally, we use a lattice attack to finish the job. (9/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

We managed to find two distinct attack vectors, exploiting different error messages that come up in client-side cryptographic processing. (6/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

This gives us two attacks. One of them exploits failures in modular inversion when recomputing u = q^{-1} mod p. The other is a kind of “small subgroup meets Bleichenbacher” attack. Cool new techniques here! (7/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

In one change, MEGA tightened up client-side RSA key validation. But they also made error reporting on the key validation and RSA decryption failures much more verbose. As cryptanalysts, we like error messages! (4/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

Now the RSA private key is still protected by ECB-mode encryption under a master key. So we want to build an ECB decryption oracle. Cue cut and paste games. (5/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

@MEGAprivacy is a cloud storage provider with 277 million users and 136 billion uploaded files. The service offers end-to-end encrypted storage, and claims strong security even against a malicious service provider. (2/16)

Twitter Feed

@kennyog replied to a tweet by @kennyog:

MEGA changed how their crypto works back in June 2022, in response to previous work by @M__Haller, Matilda Backendal and me. We decided to go down the rabbit-hole once again…. (3/16)

Twitter Feed

@kennyog wrote:

In a new paper, @martinralbrecht, @M__Haller, Lenka Mareková, and I took a fresh look at @MEGAprivacy. TL;DR: we broke the fixed version with attacks that can recover user RSA private keys and file keys. Paper and more at: https://mega-caveat.github.io (1/16)

with quote tweet:

@kennyog wrote:

MEGA - Malleable Encryption Goes Awry: I'm excited to share details of some new research on the security of @MEGAprivacy. Details at: https://mega-awry.io (1/28)

Twitter Feed

@BeeBabylon_ ("Bee Babylon 🌐") wrote:

Show á Íslandi í júní!!

with quote tweet:

@BeeBabylon_ ("Bee Babylon 🌐") wrote:

Tix are on sale for my Fringe preview in Iceland 🥳
Bringing along: @MarjoleinR @angusmaroon @MsKrystalEvans @StuartJayMurphy

https://tix.is/is/event/14996/bylgja-babylons/

Twitter Feed

@fakedansavage ("Dan Savage") wrote:

Not the obituary I wanted to read today.

https://www.theguardian.com/world/2023/mar/06/worlds-first-openly-transgender-mp-georgina-beyer-dies-in-new-zealand-aged-65

Twitter Feed

@olensmar ("Ole Lensmar") retweeted:

@JediCowboyEric ("Eric Irwin") wrote:

Who is using @Testkube_io ? I am curious what people have done to extend it and take advantage of it as an operator.

Any gotchas or lessons learned worth sharing?

Twitter Feed

@fakedansavage ("Dan Savage") retweeted:

@realzoestrimpel ("Zoe Strimpel") wrote:

My latest: the age of the male hag https://www.spectator.co.uk/article/the-age-of-the-male-hag/ via @spectator

Twitter Feed

@Blklivesmatter ("Black Lives Matter") retweeted:

@interruptcrim ("Interrupting Criminalization") wrote:

"Abolition is a vision for the future, a world where we’ve divested from police, courts, and prisons; because instead of pumping money into the criminalization of the most disenfranchised among us, we’ve put that money into addressing the root causes..." https://theappeal.org/abolition-is-a-vision-for-the-future/