Olivia
Online
Platform Security Summit
@platformsec
Conference on composable software supply chain integrity and hardware-assisted platform security, with OpenEmbedded, OpenXT and other ecosystems
Joined April 2018
4.3K Following
987 Followers
9.7K Posts
The TPM classes at OST2 are a great way to learn about the most widely available hardware-backed security mechanism for the low-low price of $0 from the comfort of your own emulator :)
New blog post on reverse engineering and modifying HDD firmware. In this part I cover obtaining, analyzing, and modifying firmware, using backdoor commands to hot patch code in RAM, and using JTAG to debug a live HDD https://t.co/9vVt26JHxO
This information class was added only a few years ago.
In the age of trillion dollar spending on AI code reviews and security, codeQL, KASAN and more, the world’s leading operating system kernel still added code to increment an arbitrary user controlled pointer in a system call
Gatekeepers decided what platform security capabilities shipped.. [now] joined by open-source, specialized firms and manufacturers with AI-augmented teams. Can future supply chains configure platforms for device fleets, threat models and regulations at the speed customers expect?
Really great read for those in software. And for product managers, discipline is still key as pointed out in the comments.
Who to follow
UEFI Forum
@UEFIForum
The UEFI Forum advances globally-adopted firmware specifications through enhanced security to the evolution of devices, firmware and operating systems.
Dasharo
@Dasharo_com
Dasharo is open-source firmware distribution focusing on long-term maintenance, transparent validation and privacy-respecting implementation.
Eclypsium
@eclypsium
A supply chain security platform that builds trust in every device.
Excited to see @Google launch Intrusion Logging, the first purpose-built system to enable forensic investigations of advanced attacks on mobile.
@AmnestyTech has worked with @Android as a design partner, during the development of Intrusion Logging and Advanced Protection Mode
It is hard to understate how much more hardened Apple's Application-Processor-side of WiFi is than any other operating system out there. Between MIE and the XZM allocator there's some serious hardening on the latest iOS and iPhone 17. We spend a lot of time in wifi land and Apple's the gold standard here.
The first big thing to know about Apple's WiFi on iOS is that they removed attack surface from the kernel and brought it into userland with DriverKit (https://t.co/qJrIKJQMRM). The concept was initially formed by Simon Douglas while he was at NeXT, Inc working for Steve Jobs and brought to Mac in 2019 by Douglas and team. Most memory corruption can't get far by design and it should be exceedingly difficult to see another Ian Beer type wifi exploit (https://t.co/d7X7A42p6F)
This use after free bug occured in `wifid`, a root userland process on iOS and can be triggered without any user interaction.
CFP for LPC 2026 is open!
Important dates:
Thursday, April 23, 2026: Deadline to submit proposals to host a microconference
Sunday, June 28, 2026: Deadline to submit LPC Refereed Track Presentations Proposals and Kernel Summit Presentations Proposals.
https://t.co/o2ULatesd9
📢 🐧 The schedule for Linux Security Summit North America (LSS-NA) 2026 is published!
➡️ https://t.co/ahEICJ6R9R 👀
LSS-NA 2026 will be held May 21-22 in Minneapolis, MN, co-located w/ OSS.
✏ Register: https://t.co/i2rpZ6d9tu
#linuxsecuritysummit #linux #infosec
If AI finds the zero-day, writes the exploit, and patches the code, who trains the next generation of security researchers? Chris St. Myers' "Cognitive Rust Belt" essay kicked off a debate we couldn't stop having.
Apple Podcasts
https://t.co/caiDEI1fpt
@ryanaraine I do. https://t.co/OWvx9J6tag, https://t.co/SW1s7VGtDa
This stirred a lot of thinking and emotion. I'd read it closely 👇🏽
Two weeks after the DarkSword iOS hacking tool was revealed, Apple is taking the rare step of pushing a security fix to older iOS 18 iPhones rather than just telling users to update to iOS 26, as it had previously done. (Which left millions vulnerable.) https://t.co/TiF6vusi4m
Intel SGX has fallen! Its most important key is in our hands: we extracted the Global Wrapping Key from an instance of the Intel Gemini Lake platform
This is made possible by executing arbitrary microcode on the DFX-locked system. And although this was a truly challenging task, we were able to do it after researching in details the interaction between PMC and PUNIT
The marginal effects here mean we are getting some amazing data about the types of bugs that were most exposed to AI, and once these waves of fixes go in and if things taper we’ll see the ongoing bug stream as a frontier capability signal.
The “foreign routers ban” is being enforced at the FCC certification stage. If you don’t know what that means, here’s a quick explainer:
Once you (the manufacturer) have FINALIZED your new hardware design, you produce a few units and send them off to a specialized lab to test the radio emissions from your device. If everything goes perfectly (no test failures), 2-3 months later you will have a FCC certification. Then you have to apply the FCC label to your product.
Without the completed FCC cert, you cannot legally market, import, or sell in the USA. So, mass production typically doesn’t start until after the cert happens, unless you are very confident that you will one-shot the lab tests without any hardware revisions. Else, you’d be stuck with tons of hardware you can’t sell.
This FCC change will be especially painful to anyone who was about to get their new device certified. The requirement to have an on-shoring plan is probably going to be the most significant hurdle for manufacturers.
If this ban included all current routers (it doesn’t), it would have been way more painful. Not just from the consumer side with supply impact. But imagine every existing router having to go through a 3+ month process with labs that would be instantly booked with backlog for years. Sure, some sort of leaned down re-cert process would have been more probable, but you get the point.
FCC Updates Covered List to Include Foreign-Made Consumer Routers https://t.co/Gn5qDV1aRG (https://t.co/LgGF1cYGyC)
The FCC today updated its list of products that can't be sold in the U.S. to include *all* consumer routers made in foreign countries. It's a big but potentially disruptive move to limit supply-chain security risks to U.S. networks. https://t.co/q8PBOyTySn
Just remembered about this awesome video by @oxidecomputer where they discuss debugging powering on the board for the first time, including using AMD’s socket stress tool.
“Twitter Space 12/6/2021 -- Tales from the Bringup Lab” https://t.co/Dlx6ND8ygo
@never_released It would be nice for an iPad to start macOS when a keyboard is connected. Could be a quick boot VM based on a snapshot. Maybe with access to the files app on the host.
Last Seen Users on Sotwe
Peshawar Boy
Seen from Malaysia
Gagal Semok
Seen from Indonesia
Kk Tt
Seen from Indonesia
Pupafterdark
Seen from United States
ℙ𝔼𝕄𝕌𝔸𝕊 𝔹𝕀ℕ𝕆ℝ & 𝕊𝕋𝕎
Seen from Indonesia
Hasharia 
Seen from India
PORNO PAYLAŞIM
Seen from France
Sedap Malam
Seen from Malaysia
Ks Videolar🫎
Seen from Turkey
Mehmet
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers