Olivia
Online
Cem Paya
@randomoracle
@[email protected]
Personal opinions
“Character is what you tweet when you think no one is following"
ex-MSFT/GOOG/ABNB/Gemini
San Diego, CA
Joined December 2008
711 Following
2.1K Followers
10.2K Posts
More trusted systems designs like this, please:
https://t.co/lEpjvm1T7F
The point of trusted systems design is to eliminate the need to trust an organization of fallible people or AI and instead establish trust through the design, operation, and observability of the system.
4/ The results also reveal emerging risks.
Even with standard mitigations such as ASLR, stack canaries, the V8 heap sandbox, and KASLR enabled, agents still produced working exploits.
Agents also sometimes went off-script and discovered entirely different vulnerabilities than the ones they were given.
the fast16 malware was almost certainly targeting spherical implosion simulations.
left: unmodified LS-DYNA 970
right: LS-DYNA 970 modified with the relevant portions of fast16.sys
both running a spherical implosion deck
It was a quirk of original Bitcoin code that it even compiled for Windows. Most cypherpunks were diehard Linux fans, disdained all-things MSFT. Especially for software intended for fellow cypherpunks, Windows compatibility is a heavy burden to carry
@w_s_bitcoin I worked for Microsoft 2002-2003. However as a die hard unix/Linux enthusiast I got management dispensation to install a multi socket /many thread beast mode redhat server as I don't like windows. @jwilkins can confirm he was my colleague in MS passport security at that time. 😭
Who to follow
Trail of Bits 
@trailofbits
We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code.
lcamtuf
@lcamtuf
Substack: https://t.co/yFvmNisGW3
Homepage: https://t.co/iFAXZxCO5H
JP Aumasson
@veorq
Serious Cryptographer https://t.co/yOkMDW38YI
BLAKE3 SipHash SLH-DSA codesigner
@taurus_hq cofounder+CSO
https://t.co/s4Gs6ZmKe3
“The Lifetime Achievement Award isn’t about what you achieve in your lifetime. That’s part of it. It’s about how many people you influence and bring in and then take it further.” - Mudge Zatko
It was our honor to present the Lifetime Achievement Award to @dakami Dan Kaminsky at this year's Difference Makers.
Thank you to Dan's mother, Trudy Maurer who traveled to D.C. to accept the award on Dan's behalf, to Randy Howell, @dotMudge, @thedarktangent, @paulvixie, @adamshostack, Kymberlee Price, Derek Hinch, Gadi Evron, Brian Markus, Todd Jarvis, Michael J. J. Tiffany @kubla, Lena Smart, Jonathan Leitschuh, Kyle Moses, and those who did the work to put videos of Dan on YouTube so the next generation of ethical hackers can learn from him, including @defcon , @BlackHatEvents, Duo Security, r00tz, @ismg_press. @SANSInstitute
A deeper, more technical dive into a design flaw in the ScreenConnect executable that made it particularly appealing for malicious campaigns.
https://t.co/oVl52GdmYq
History Case:
https://t.co/g1lz3jbm4i
Now that GDATA also posted about this and cat is out of the bag.
Write-up on how ScreenConnect was abusing Microsoft Authenticode signatures in a way that made it ideal for malware to repurpose their installers (previously disclosed to vendor)
https://t.co/PfmxXFlDKQ
1/ 🔥 AI agents are reaching a breakthrough moment in cybersecurity.
In our latest work:
🔓 CyberGym: AI agents discovered 15 zero-days in major open-source projects
💰 BountyBench: AI agents solved real-world bug bounty tasks worth tens of thousands of dollars
🤖 Autonomously.
A pivotal shift is underway — AI agents can now autonomously do what only elite human hackers could before.
Recent work from River security team and @rmhrisk : how our discovery of bogus "River desktop app" in the wild lead to DigiCert revoking ConnectWise's code-signing certificate and invalidating all existing ScreenConnect binaries on Windows
https://t.co/YWB4BVh8ie
Mangled casings from 2 of those 4 thermonuclear weapons from the Palomares (Spain) broken-arrow incident is on exhibit at the Museum of Nuclear Science & History in Albuquerque.
https://t.co/dmYH1VdxUn
Today in history.
“We thought it was the end of the world': How the US dropped four nuclear bombs on Spain in 1966 https://t.co/WSbfAlAHBW
Thoughts on ByBit
First, the good stuff: impressive response to the hack. I've rarely seen that level of transparency + professionalism in a crisis. Usually you see slow, wishy-washy, lawyer-speak or quick meme-style responses that don't fit the seriousness of the situation. 1/n
Learned a lot about security from @randomoracle @michaelbreu back in the day. Lesson one is anything that can be penetrated will be. Software and hardware, and the practices around them, must be resilient & redundant. Every step must have integrity. No shortcuts.
Until October 30, Okta generated "the cache key" by using bcrypt to "hash a combined string of userId + username + password", which allowed full password auth bypass for usernames of 52+ bytes and apparently required only partial knowledge of the password for other long usernames
1988: The Morris worm spread like wildfire and was the first worm to get wide media attention.
After its author, Robert Tappan Morris, released his "experiment", it quickly spread and made many of the systems on the Internet unusable - an epoch for security...both good and bad.
🎉 Thrilled by the incredible enthusiasm for our LLM Agents MOOC—12K+ registered learners & 5K+ Discord members!
📣 Excited to launch today the LLM Agents MOOC Hackathon, open to all, with $200K+ in prizes & credits!
🔗 Sign up now: https://t.co/vDVJ0AF28a & join us virtually or in person @UCBerkeley!
Huge thanks to our sponsors:@OpenAI @GoogleAI @AMD @LambdaAPI @Intel @SierraPlatform @OrbyAI (and more to come)
🚀 Explore 5 exciting tracks:
1️⃣ Applications: Build cutting-edge LLM agents!
2️⃣ Benchmarks: Create innovative AI agent evaluation benchmarks!
3️⃣ Fundamentals: Strengthen core agent capabilities!
4️⃣ Safety: Address critical safety challenges in AI!
5️⃣ Decentralized & Multi-Agents: Push the boundaries of multi-agent systems!
Special thanks to my co-instructor @xinyun_chen_ @GoogleDeepMind & our amazing guest speakers for making this a great MOOC: @denny_zhou @GoogleDeepMind; @PercyLiang @Stanford; @8enmann @AnthropicAI; @ShunyuYao12 @OpenAI; @chi_wang_ @GoogleDeepMind; @jerryjliu0 @llama_index; @lateinteraction @Databricks; @gneubig @CarnegieMellon; @NicolasChapados @ServiceNow; @tydsh @AIatMeta; @drjimfan @NVIDIA; Burak Gokturk @Google
Join us to shape the future of LLM Agents! https://t.co/hbU2jzkRKQ 🤖✨ #AI #Hackathon #LLMAgents #UCberkeley
#ECJ upholds the fine of €2.4 billion imposed on @Google for abuse of its dominant position by favouring its own comparison shopping service #competition @EU_Commission 👉 https://t.co/ATb3CgbPxg
So-called experts: "Tornado Cash is a valuable privacy service used by everyday people for legit purposes"
Reality:
#delusions #KYCfail
https://t.co/FYrnKix0gV
Identity fails
With Twitter verified profiles, users at least have some confidence they are following the genuine bloviator/influencer
On GitHub still no way to know if that ace developer is really a North Korean stooge/APT operative
🤷🏽
1/ Recently a team reached out to me for assistance after $1.3M was stolen from the treasury after malicious code had been pushed.
Unbeknownst to the team they had hired multiple DPRK IT workers as devs who were using fake identities.
I then uncovered 25+ crypto projects with related devs that have been active since June 2024.
JD Vance’s dossier would have been safe if the campaign stored it on CouchDB 🤷 https://t.co/bimQM7DBQH
#Clownstrike: "Combining third-rate technology with first-rate lawyers: always ready with a DMCA takedown notice in case anyone dare criticize us"
https://t.co/oyVlSe852D
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers