Olivia
Online
Tatu Ylonen
@tjssh
Cybersecurity expert. Inventor of SSH - Secure Shell. Artificial intelligence, machine learning, linguistics, knowledge representation. 30+ US patents.
Helsinki, Finland
Joined December 2009
4.5K Following
7.5K Followers
825 Posts
Pinned Tweet
.@tjssh SSH access to from DEV/TEST to PROD in a real mid-sized bank, violates segregation of duties (anonymized). https://t.co/BnUEYNHKXq
I'm leaving this New Twitter. It was once a useful platform.
I'll be talking with Sam Curry tomorrow in the webinar on the Future of Security. You are welcome to join! Please register at: https://t.co/toR7R0Zoio
@antti_antinoja Even Linux sort is using 74GB to sort a trivial 78GB text file.
Who to follow
Adrian Sanabria (@[email protected])
@sawaba
🏢 The Defenders Initiative,
🎙️ Enterprise @secweekly Podcast,
🤝 Founder @bsidesknoxville,
🗣️ Faculty @IANS_Security,
🍳 Cooking,
🏎️ F1,
⛰️ Hiking
Rene Robichaud 
@ReneRobichaud
FR-EN #CyberSecurity #Security #InfoSec #CeptBiro #ISO #Risk #VulnerabilityManagement #Audit Working @CeptBiro https://t.co/xpKUxPZSjE - Tweets are my own
Ben Rothke
@benrothke
I manage information security at @Experian. Write articles & book reviews on security, privacy, risk management. Member of @CyberSecCanon.
When did it start to feel normal to run 50-150GB processes every few minutes?
@Icelandair I am unhappy with your recent obfuscation of pricing and reduction of economy baggage allowance. Your wifi usually does not work. And if you think I'll pay $5-9k for your premium economy style Saga class seats, you must be out of your minds. I'm a Saga gold member.
@TorstenBlum @bsdunix4ever @dersharky Sorry I've been away from twitter so very late answer... I think I tried to use same flags as used by rcp on systems I used... might be BSD at that time, not sure.
Is it time to regulate #IoT devices? We talk to #cybersecurity experts @samjcurry and @tjssh about the rising threats of smart devices.
@io_r_us My current understanding is that the Meltdown attack is due to speculative execution affecting caches even when access is not permitted. HW flaw. Spectre is trickier, speculative execution affecting caches on branch prediction miss. I'm not yet sure how to universally solve it.
@io_r_us It's been 15-20 years since I last wrote DMA device drivers, but my understanding is that the OS will usually map the (user/kernel) buffer to physical addresses before passing them to the DMA controller. (I'm not up to date on this)
@io_r_us My understanding is that DMA usually works with real addresses (not virtual addresses) and can access all memory anyway. There are well-known attacks via PCI bus, firewire etc that utilize DMA. They can read & write kernel data&code, unlock screen saver, and take full control.
It looks like the Intel attacks seriously affect end user systems as well and are remotely exploitable (Javascript, flash/client-side Java?). Can be injected to any unencrypted HTTP connection on the network or by corrupt server. Browser dependent. Email? https://t.co/TQD6SrxLFs
@MalinaKirn Looks like you are right. This will be bad. Apparently the Javascript exploit might be used to read memory of the entire process. This could potentially be used to read passwords, secret keys, cookies, and other sensitive data for other sites (if all tabs in same process).
@philchungny I'm not quite sure what you mean by bare metal cloud server without hypervisor. Presumably there is a provisioning system that accepts connections and commands (e.g., migrate, shutdown, configure). It authenticates the connection. Usually there is a credential or key to read.
@CyberPlayGround If the attack works as I (and some other people) speculate, I think it is difficult to exploit from Java (or Javascript) VMs. I could be wrong. In any case, client-side Java (or flash) in browsers is getting rare/deprecated. Javascript exploit would be unpleasant.
@io_r_us I hope the Russian specialist is right and its not affecting cloud hypervisors... I'm rather concerned it might be used to, e.g., read SSH keys from kernel I/O buffers from VMs, and therefore gain access to other VMs and possibly even the hypervisor. But details are scarce.
The Intel speculative execution flaw appears serious and multiuser systems (especially public cloud hypervisors) MUST be patched quickly. End user systems and appliances appear largely unaffected (single user). Not remotely exploitable. Performance penalty from fix 5-30% or so.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers