Olivia
Online
Lol. @HackenProof a reputable bug bounty platform sends out invites for their program to attack Russian critical infrastructure (SCADA, banks, energy). Crazy times & Happy hunting. #StandingWithUkraine https://t.co/2Sc6bvXzTP
Angreifer könnten digitale Unterschrift in LibreOffice und OpenOffice fälschen https://t.co/G3888VyXOj #LibreOffice #OpenOffice
If you build #Ghostscript from source, apply this patch to counter the latest RCE (now known as CVE-2021-3781):
https://t.co/OfQXzYbDTl
0day RCE in #Ghostscript going wild. This issue was found independently by @emil_lerner and @jensvoid. Fun fact: GS is everywhere. Even LESS(1) is affected.
Who to follow
Project Zero Bugs
@ProjectZeroBugs
A bot that posts the latest blog posts and disclosures from Google's Project Zero
Samuel Groß
@5aelo
Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
Nicolas Grégoire
@Agarri_FR
Web hacker and Burp Suite Pro trainer
Refer to https://t.co/D5tRH7U2hg for trainings
Follow @MasteringBurp for free tips and tricks
@RDerenzy @emil_lerner ImageMagick is *not* required (but can be used as a vector to call Ghostscript). The 9.50 to 9.54 releases are vulnerable. I don't use Windows.
@1AKDJ @emil_lerner Kali Rolling (less 551); likes to convert all kinds of obscure file types to plain text before displaying to the user; thereby increasing the attack surface
@lambdafu & @jurajsomorovsky evaluate the real-world attack surface of web browsers and widely-deployed email and FTP servers in lab experiments and with internet-wide scans in this #BHUSA Briefing https://t.co/c7EF2aaFOY
@mniemietz @HGI_Bochum @HSNiederrhein Congrats Marcus, and thanks for shepherding me into @HGI_Bochum back in the days!
We found another flaw in the design of TLS! If you have servers that share certificates across services you might want to take a look at this: https://t.co/jwRODhaHmE. 🧵👇
New paper: "ALPACA: Application Layer Protocol Confusion -Analyzing and Mitigating Cracks in TLS Authentication" to be presented @USENIXSecurity '21. Joint work with @lambdafu @dr4ys3n @ic0nz1 @dues__ @jensvoid @jurajsomorovsky @JoergSchwenk. 1/
"PhD Defense" can finally be crossed off that to-do list. So long @HGI_Bochum, and thanks for all the fish!
@nitro_sam @Klose7 Please read your emails to [email protected] (RCE in Nitro Reader/Pro; never got an answer)
New paper on how to fix #efail style attacks against e2e encrypted email, including OpenPGP and S/MIME. Joint work with @JoergSchwenk @lambdafu @dues__ @jensvoid @jurajsomorovsky @seecurity. To be presented at @acm_ccs 2020. Thread:
My fault. Even though Thunderbird removed the mailto:?attach feature, it still seems present in distros that apply xdg-email to parse mailto URLs.
Thanks to @j_o_n__w and @Ug_0Security for all the debugging :).
Original report for Thunderbird now public: https://t.co/IIeOL7FNhX
Have you ever heard of the mailto:?attach=~/… parameter? It allows to include arbitrary files on disk. So, why break PGP if you can politely ask the victim's mail client to include the private key? (1/4)
@j_o_n__w @Ug_0Security Sry, the line is "ATTACH=$(/bin/echo -e $(echo "$MAILTO" | grep '^attach='..." in the run_thunderbird() function of xdg-email. Thanks.
@j_o_n__w @Ug_0Security Can you confirm that you are using xdg-email (e.g., by commenting out line 51 in /usr/bin/xdg-email and then testing if it still works)?
@j_o_n__w @Ug_0Security This is bad. It had been fixed in/by TB in the past. But imho xdg-email re-opens the attack surface: https://t.co/4efWSuaM4K
@JamesHenstridge @jensvoid Yes. See me other answer, for some reason this escaped KDE Security Team radar and i thought it had not been reported to KDE while it had indeed been.
Last Seen Users on Sotwe
Türboo
Seen from Indonesia
AMMU
Seen from Japan
Oya Okar
Seen from Turkey
Kontak STW bermahar
Seen from Indonesia
Bunga
Seen from Indonesia
RASIM&MERVE EVLİ ÇİFT
Seen from Turkey
Tanımazsın Boşver
Seen from Turkey
Suka STW Lokal
Seen from Indonesia
José Arias
Seen from Algeria
X Porn Hub 
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers