Olivia
Online
Collin Mulliner
@collinrm
security engineering
NYC metro area
Joined November 2007
703 Following
8.4K Followers
16.7K Posts
Pinned Tweet
Everyone today is a hacker in a sense but there are very few OG hackers on which shoulders we stand
Oh dude, Felix “FX” Lindner you were so much a hackers hacker and you will be missed
RIP my friend and thank you
Today I have a more serious topic than usual, please consider reposting for reach:
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/3]
Don't miss the culmination of AIxCC at @defcon. Some of the best in the world have spent two years to leverage AI for next generation cybersecurity wins.
@moyix All the best!
SummerC0n 2025 good to be back!
Gazing across the throngs at this month’s NYSEC, all we can think is: can’t wait to see you all again in July.
Summercon 2025
July 11–12 @ Littlefield, Brooklyn
Tickets: https://t.co/B40MrOxpb4
Summercon 2025 Call for Papers
Since 1987, Summercon has been where serious security research meets irreverent hacker culture.
We're looking for original, technically rigorous presentations that challenge assumptions and advance the state of the art.
CFP: https://t.co/nyd9q5n872
The submission deadline for the 11th LangSec IEEE Security & Privacy workshop https://t.co/iOTxvjuhqj is extended to January 31, 2025. Please send us your papers, research reports, posters or panel proposals! #langsec
@lcamtuf Life was real hard
Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click
https://t.co/krPcWMGLpZ
If you are a guy in your 20s, buy a Lenovo X1 even if you have to go into debt.
The highest level of security engineering is proactively building systems that make insecure states unrepresentable, attack classes rendered extinct, vulnerabilities not exploitable, and attack paths not viable for attacker gain.
Over the past few weeks, I’ve been reinvigorating a SIM swap detection platform we originally designed and built at @tagomisystems. The underlying concept was to safeguard customer accounts—especially those reliant on SMS-based MFA—by identifying whether a phone number had undergone a SIM swapping attack. This system was designed to be an early indicator of compromised accounts, even if users were using phishing-resistant MFA on our platform.
We worked closely with well known mobile network security researchers, mobile virtual network operators, and other industry intelligence sharing groups. Our goal was to ensure the solution propagated rapidly and comprehensively across the industry, given the seriousness of SIM swapping attacks.
SIM swapping remains a relatively cheap yet highly effective way to circumvent MFA, especially for high-value targets. While SMS-based MFA continues to be common for banks, investment accounts, and other critical financial platforms, it is also one of the most vulnerable methods of second-factor authentication.
What is a SIM swap? A SIM swap occurs when a mobile network operator (MNO) reassigns a phone number to a new IMSI (International Mobile Subscriber Identity), whether for legitimate reasons (changing carriers, upgrading devices) or malicious purposes (intercepting SMS messages).
Detection mechanism: By comparing the IMSI used during previous account activity with the current IMSI, we can identify a SIM swap event. At that point, service providers can apply stricter controls, such as restricting high-risk transactions or forcing more secure authentication flows.
Implementation Challenges: TMSIs (Temporary Mobile Subscriber Identities) are insufficient for detection due to their short-lived nature. Accessing IMSI information directly has become more difficult over time, largely due to expanded "privacy" concerns that limit how carriers share network-level data.
Industry Solutions: Twilio integrated this idea into a commercial API, partnering with carriers that support "SIM swap status checks". Other commercial providers like Vonage have launched similar services. These solutions are valuable, but not foolproof: If a phone number is transferred to a carrier that does not support these "SIM swap status checks", commercial API providers and service providers lose visibility. Additionally, carriers strictly control historical IMSI change logs for "privacy" reasons, preventing service providers from conducting deeper investigations or retrospective analysis.
While HLR (Home Location Register) and VLR (Visitor Location Register) lookups can still yield some actionable data, true SIM swap prevention/detection will require architecture improvements at the carrier level and SS7 routing attacks will require network level architecture improvements.
The 11th Language-theoretic IEEE Security & Privacy Workshop will take place on May 15, 2025. Please submit your work by January 20, 2025 and join us in San Francisco! https://t.co/iOTxvjtJAL #LangSec
Our Black Friday sale is on now. Unfortunately, you won't see that on mobile just yet so here it is. Follow the bouncing robot. Please share! @nostarch
NYSEC is tomorrow!
Tuesday, November 19th @ 6PM.
d.b.a.
41 1st Ave.
New York, NY 10003
lolooololo
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers