Olivia
Online
Stijn Volckaert
@StijnVolckaert
Associate Professor @KU_Leuven @DistriNet. Working on Systems Security. Anti-Cheat Developer. Ethical Hacker. Maintainer of Unreal Tournament for OldUnreal.
Ghent, Belgium
Joined October 2017
200 Following
196 Followers
180 Posts
The release preview for the updated Unreal Tournament 2004 is out now!
Thank you to @StijnVolckaert and the team at OldUnreal for their never-ending patience in making this happen.
https://t.co/x9K5uBUe9K
@FATAL1TY We (OldUnreal) are about to release a preview of our UT2004 installers and reboot patch!
https://t.co/piT0g7mmtF
Who to follow
Cristiano Giuffrida
@c_giuffrida
Full Professor in Systems Security @VUamsterdam. Co-leads @vu5ec
Eric Eide
@eeide
Research Associate Professor, University of Utah Kahlert School of Computing • Personal account • Opinions my own • RTs not endorsements • @[email protected]
Alexios Voulimeneas 🇬🇷
@systemsgreek
Tenured Assistant Professor @tudelft @CyberSecTUDelft Research on #OS, #Systems, #Security
Happy to receive the @EuroSecWorkshop'25 Best Paper Award for our paper "CUDA, Woulda, Shoulda: Returning Exploits in a SASS-y World" 🎉
Great recognition for @RoelsJonas' hard work!
Check the 📜 here: https://t.co/z1XiE4ddXh
Happy to share that both our @EuroSecWorkshop papers got accepted!
Congrats to Jonas and Anton for producing such great research so early in their PhD.
See you in Rotterdam! Also for @EuroSysConf and @ASPLOSConf after :)
📜: https://t.co/z1XiE4ddXh
📜: https://t.co/V9aXH4VqRV
After an embargo of 8 months, we are glad to finally share our USENIX Security '25 paper! We found more than 4 MILLION vulnerable tunneling servers by scanning the Internet.
These vulnerable servers can be abused as proxies to launch DDoS attacks and access internal networks.
I'm in this picture and I like it 😁
Congratulations to this year's second #ACSAC2024 distinguished paper award winners: André Rösti, Stijn Volckaert, Michael Franz, Alexios Voulimeneas 👏👏👏 The talk "I’ll Be There for You! Perpetual Availability in the A8 MVX System" is Thursday in the "System Security" session!
We mogen verdorie als land trots zijn op topexperten zoals @bpreneel1 (en COSIC) en de vele andere Europese stemmen die de draak van #ChatControl hebben tegengehouden.
Maar je ziet: de nieuwe directeur van Child Focus & BFF Annelies proberen het toch gewoon opnieuw.
Great chatting with @EvanDornbush about bounds checking and how to do it (im)properly, cfr. our recent @wootsecurity paper!
The Rochefort was a nice touch :)
Please share this far and wide. As far and wide as you can. NIST Password Guidelines for 2024 are in the process of being updated.
This is a HUGE pet-peeve of mine (when vendors in particular are still operating like its 2017 and keep changing passwords every 60 days, STOP DOING THIS, it's outdated and has been shown to put you MORE at risk than less -- NIST explains why it does in this document, meticulously outlining user behavior**) so I'm sharing this in the hopes all of you will pass it along to your bosses.
The Special Publication series governing passwords is SP 800-63 "Digital Identity Guidelines".
The 2024 version is 800-63-4.
Here: https://t.co/oX8YEJHxXg
The companion docs are also on that link. They are 800-63A, 800-63B and 800-63C. These are different documents for different scenarios in play at your org.
The previous update was in2020.
The changes in the 2020 version from the 2017 version were numerous but one of them was that the password verification method should NO LONGER require passwords be changed at specific intervals (i.e. every 60 days) but in the following circumstances instead:
1. After a breach/compromise
2. User request
2024 repeats this and adds a bunch more guidlines but here is a screenshot of page 13 of the new 800-63-4 (note the # 4 after it) which outlines how your systems should now and moving forward, be handling passwords.
This goes for Active Directory, too. All your systems which have passwords should align with these guidelines provided there isn't another standard or framework you must adhere to which overrules this.
Most frameworks, however, have moved away from arbitrary password resets and complexity rules.
**We cybersec researchers and hackers use wordlists from breaches in a variety of different ways. Hackers use them in tooling to crack passwords whereas researchers use breach dumps to see the kinds of passwords users are creating and the psychology behind them.
Using complexity rules gets you the user psychology of:
Password1
Password2
and so on
Use phrasing instead and allow for spaces, which is important. Humans type phrases with spaces. They also mention phish-resistant methods and most vendors are on-board with MS going to be turning off all Legacy Auth next month, across all free accounts and tenancies.
I'm so excited for the new changes!
Ok I'm off my soapbox.
Share the love! Thank you!
Our paper has been accepted for publication at @ACSAC_Conf. Congratulations to André who led this work and my other co-authors Michael Franz and @StijnVolckaert.
@DistriNet @UCIrvine @tudelft
See you in Hawaii!!!
Did you think to be safe with store-only bounds checking? Definitely something to reconsider after reading the paper “Not Quite Write: On the Effectiveness of Store-Only Bounds Checking” by @a3_jacobs
#woot24
In our latest @wootsecurity paper, @StijnVolckaert and I demonstrate a fundamental weakness of store-only bounds checkers: invalidly-loaded pointers (through unchecked reads) give the attacker a near-arbitrary write primitive!
paper: https://t.co/lems5nHWUa
@mer__edith We still have one day to stop this #ChatControl mass surveillance madness, especially if you're from IT, FI, CZ, SE, SV, EST, GR, PT. Act NOW: https://t.co/nGzsX2eX8W
📣Official statement: the new EU chat controls proposal for mass scanning is the same old surveillance with new branding.
Whether you call it a backdoor, a front door, or “upload moderation” it undermines encryption & creates significant vulnerabilities
https://t.co/g0xNNKqquA
Congratulations to @Karel_Dhondt for successfully defending his PhD thesis titled 'Analysis of User Privacy in Online Location-Based Services'. We wish you all the best in your career! #security #privacy #kuleuven
Woke up this morning and, about ten minutes in, got a paper acceptance notification. Excited to talk about it, but will have to wait until the next DL is over. In utmost brevity: We're using DRAM Rowhammer PUFs with software diversity to prevent reverse engineering. 🎉
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers