Twitter Feed: Posts

@AlanTudyk ("alan tudyk") retweeted:

@jordanzakarin ("Jordan Zakarin") wrote:

The GOP bill says that kids ages 14-17 are banned from meatpacking, factory, and construction work… unless as part of an approved educational program.

Who approves the educational programs?

The Iowa Workforce Development Board, which is run by corporate lobbyists.

with quote tweet:

@MorePerfectUS ("More Perfect Union") wrote:

NEW: We uncovered the origins of Iowa's extreme child labor bill, which would allow kids as young as 14 to work in meatpacking and construction.

The bill began in the office of Gov. Kim Reynolds and was written by top corporate lobbyists, led by the restaurant association. 🧵

Video:

@kennyog replied to a tweet by @kennyog:

🥚A little Easter egg if you read this far - check out the appendix of Daniele's report for a super-cute RSA-OAEP key overwriting attack that does not quite work against Nextcloud - but in another universe it deserves to...

@kennyog replied to a tweet by @kennyog:

To finish up the thread: this work was done in the Applied Cryptography group at ETH Zurich. Come join us! https://appliedcrypto.ethz.ch/ @CSatETH

@kennyog replied to a tweet by @kennyog:

It's 2023, and E2EE-secure cloud storage is apparently still a huge mess. We need to fix that!

@kennyog replied to a tweet by @kennyog:

Issue 1: using uninitialised keys. 😱
Issue 2: IV reuse in AES-GCM when a file is re-encrypted after an update. 😱😱
Issue 3: a malicious server can place a chosen key in a victim user's encrypted keystore; the user then rotates everything to that key on next login/update. 😱😱😱

@kennyog replied to a tweet by @kennyog:

These flaws are pretty severe, IMHO. The last one arises from a lack of understanding of the security properties of public-key encryption (it just can't provide any guarantee of data origin authenticity, no matter how much we might wish it did).

@kennyog replied to a tweet by @kennyog:

Kudos to the folks at Nextcloud for getting these fixed fairly promptly.

@kennyog replied to a tweet by @kennyog:

So what went wrong?

@kennyog replied to a tweet by @kennyog:

And each flaw has its own CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28999

@kennyog replied to a tweet by @kennyog:

Each flaw has a separate vulnerability announcement: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr

@kennyog replied to a tweet by @kennyog:

Pro-tip 1: upgrade all your Nextcloud clients and servers to the latest versions.

Pro-tip 2: do it today.

@kennyog replied to a tweet by @kennyog:

We found 3 distinct vulnerabilities in Nextcloud, each practically breaking the E2EE guarantees of the service. Ouch.

@kennyog replied to a tweet by @kennyog:

Daniele worked with @martinralbrecht, Matilda Backendal and me to look in excruciating detail at Nextcloud uses cryptography to build a (supposedly) E2EE file storage service for the cloud.

@kennyog replied to a tweet by @kennyog:

Nextcloud is pretty massive in Europe, with plenty of impressive reference customers. Check out the list of case studies at: https://nextcloud.com/whitepapers/

@kennyog wrote:

Big congrats to Daniele Coppola on his completed Master's semester project studying cryptography in Nextcloud @nextcloudupdate https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf

Short thread 👇

@AlanTudyk ("alan tudyk") retweeted:

@KrangTNelson ("america's lounge singer") wrote:

every trump event in nyc is just 8-12 of staten island's most unemployed weirdos surrounded by several hundred lanyard-clad press photographers popping a knee like they are abt to capture the mai lai massacre. embarrassing for everyone involved

with quote tweet:

@davidmackau ("David Mack") replied to a tweet by @davidmackau:

This guy rollerblading as he spins a basketball on top of a flag is among the most incredible things I’ve ever seen

Video:

@BarackObama ("Barack Obama") wrote:

Congrats to @UConnMBB! They were dominant throughout the tournament – and five titles since 1999 is pretty impressive.

with quote tweet:

@UConnMBB ("UConn Men's Basketball") wrote:

2023 NATIONAL CHAMPIONS ‼️

#HU5KIES

@zilmer ("Priidu Zilmer") wrote:

OH: fake it till you break it guy.

@DemSocialists ("DSA 🌹") retweeted:

@ClayFor46 ("Neighbors For Angela Clay") wrote:

Starting off the day strong!! Consider voting in the morning to avoid possible evening storm ⛈️

@DemSocialists ("DSA 🌹") retweeted:

@railroadworkers ("Railroad Workers United ✊") wrote:

🚨Press Release: Each year these companies siphon billions into share buybacks, dividends, and bonuses rather than into the vital maintenance and infrastructure growth we need to build a safe, modern, and thriving rail industry. #railsafety

@DemSocialists ("DSA 🌹") retweeted:

@BernieSanders ("Bernie Sanders") wrote:

Here's what happens with the American people: They work longer hours, their standard of living is in decline, and they turn on their television, but they do not see a reflection of that reality in the news media.

Video:

@DaveHolmes ("Dave Holmes") wrote:

Yeah, would you?

with quote tweet:

@aarparrow ("The Arrow") wrote:

Hi, friends. For some crazy reason, we're currently in 1st place for a coveted #Webbys People’s Voice Award. Would you be our best friends ever and vote for us? We owe you an unironic high-five! http://wbby.co/32045N

@DaveHolmes ("Dave Holmes") wrote:

Don’t forget that this is the United States of America in 2023, so whatever happens today will be the tackiest possible outcome.

@schneierblog ("Schneier Blog") wrote:

North Korea Hacking Cryptocurrency Sites with 3CX Exploit http://dlvr.it/SlzThm

@HillaryClinton ("Hillary Clinton") wrote:

Do you (or someone you know) vote in Wisconsin?

It's Election Day!

Spread the word: vote Judge Janet Protasiewicz to protect our democracy and defend reproductive freedom. https://myvote.wi.gov/en-us/

@LolOverruled ("Lolo") replied to a tweet by @LolOverruled:

The freaks are out

@LolOverruled ("Lolo") wrote:

Historical event at court fit check

@TracketPacer wrote:

i need like a shoulder angel & demon but instead it’s 3 of them & they’re Cisco Arista and Juniper & i can ask them any little question i want at any time & i dont have to leave things in my google search history like “will [vendor switch] let me do this unholy thing”

@RikerGoogling ("Riker Googling") wrote:

perv planet

@rantasmo retweeted:

@gdholtby ("Geoff") replied to a tweet by @jordanbpeterson:

@jordanbpeterson @JustinTrudeau