Olivia
Online
TEAM SUID
@_setuid0_
Vulnerability Researchers focusing on IoT, Embedded Systems and E-Voting #Cybersecurity
Joined February 2019
0 Following
146 Followers
52 Posts
We're happy to present...D-LINKGATE - A Preauth RCE to Root Chain on D-Link DAP-2020 devices. Patch your devices ASAP (https://t.co/vm3DO1Jgo8) #CyberSecurity #VulnResearch
https://t.co/7RQsMSsYjS could we please have a list on how you got to 17'000.-? From our calculations based on https://t.co/nV3x7DnMdK we have counted only 2'000.- @bazonline @swisspost
Who to follow
Joe Grand 
@joegrand
Hardware hacker, computer engineer, former L0pht member and juvenile delinquent, sometimes known as Kingpin.
Privacy Tools π οΈ
@privacytoolsIO
Privacy tools and services to counter mass surveillance with encryption for better internet privacy. Established in 2015.
Will Dormann is on Mastodon
@wdormann
I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here:
@[email protected]
https://t.co/hXggdAVkSQ
#PIT Starter Guide aka. proof on why the PIT is nothing but a pr stunt
https://t.co/0XHd0vH9j7
#EVoting #Cybersecurity
@ChrFolini @swisspost Will there be such a thing before the system goes live? This software decides about our democracy and should not be taken easily. Errors in it could cause actual riots.
@ChrFolini At the real voting process some inside threat has access to it and exploits it. That's a real issue. Our solution: Provide admin access (auth is over certificates, right?) and let people have a look at it. It's a win-win situation. If not, it feels like getting tricked. 2/2
@ChrFolini We think option 2 would be the way to go. A secure application would withstand it even if the functionality was exposed. Let's assume there would be a vulnerability in the admin interface. We don't have access and can't test it. 1/2
@ChrFolini Or only through post exploitation. But still, there's a lot of functionality that can't be looked at because of this, which leaves the pit with 9 rest endpoints in scope...
@ChrFolini I think you are missing our point. We are NOT mad that the e-voting system will be protected with a firewall. That's a very reasonable thing to do. The problem is that the pit portrays the admin interface as testable when in reality it isn't accessable/testable.
There really are some creepy coincidences in this world. While discussing #EVoting over the phone these were our telegram verification icons... ππ
@ppzs @postschweiz Eine weitere mΓΆgliche 'HintertΓΌr' welche einem lokalen Mitarbeiter erlaubt beliebigen Code ΓΌber das System auszufΓΌhren...
https://t.co/YjTXOpmxhz
We just published Release #2 featuring the officialy approved X-Forwarded-For HTTP Header Injection and a #pit starter guide for new participants. Get it on https://t.co/R0FrtUhdlL #Evoting #Cybersecurity #Bugbounty
@ChrFolini @Julian_Wampfler @microhardy @swisspost How should a security researcher test your admin interface if you drop it at network level/restrict it till NA? It changes NOTHING on the code quality. You can still restrict all you want after the pit and after security analysts had the chance to check the software quality...
@ChrFolini @microhardy @swisspost We agree, but then you should sell it to the public like this:
That only 2% of the application will be tested in the PIT and
that you are doing security through firewalling/airgapping and
NOT by secure code standards.
@ChrFolini @microhardy @swisspost We didn't say it's not FUNCTIONAL, we said it's not ACCESSIBLE (only through post-exploitation) - You haven't submited any proof otherwise. This is a bad representation of the scope!
@swisspost if you have any corrections we are will correct our opinions/assumptions.
@ChrFolini @microhardy @swisspost iptables -P INPUT DROP;
iptables -P FORWARD DROP;
iptables -P OUTPUT DROP;
@ChrFolini @microhardy @swisspost Hosting a PR pushed "public hacker test", which basically has a hard shell
soft core principle, that's the problem! Your evasive answers like these are actively deceiving the public.
We don't want to get OUR democracy get ruined due to security theater. 2/2
@ChrFolini @microhardy @swisspost You are ALWAYS saying that we are complaining about having "a hard time exploiting".
We are complaining about a fake scope which is firewalled and is made to seem bigger than it is. Ofc. firewalling is a valid sec. approach. 1/2
Last Seen Users on Sotwe
πΉπππ βπ¦ππ₯ππ£π₯Ψ§ΩΨ΅ΩΨ§Ψ―πΉIβοΈ
the Baron
Seen from Brazil
Nelayan-id
Seen from Singapore
goddess
Seen from United States
bull/massager
Seen from Pakistan
giuli β΄οΈΛqβ
Seen from Italy
ND π€
Seen from Mexico
pemuas tante, mama muda, binor, ibu stw π¦π¦
Seen from Indonesia
Fatihπ₯Buse Γift Antalya
Seen from Turkey
Jolian
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers