|
this dude has his tweets posted in the security fuckup thread sometimes. he legit owns and has done a ton to make everyone's computer more secure over the years. tavis is a security researcher with google's project zero. lately he has been looking at entire categories of software that he thinks have problems and picks them to pieces. he has such a reputation now that him sending a tweet like this: https://twitter.com/taviso/status/832744397800214528 is cause for red alert at your company. you never want to see your company/software mentioned in a tweet like that from him. that tweet was in reference to cloudflare loving up and leaking private data to everyone through their SSL caching tool and having it indexed by all search engines: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139 he also famously decided to pick apart the entire av industry: https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=reporter%3Ataviso%40google.com+&cells=ids he's also entertaining because he will call people out on their poo poo on twitter, especially when they push back at him about something he's an expert at: https://twitter.com/taviso/status/949810502925828097 he will also outright troll other organizations to get them to fix their poo poo: https://twitter.com/taviso/status/919193639422537728 tavis ormandy loving owns. normally i wouldn't suggest people read someone's twitter but his is legit worth it and you should follow him if you like this kind of poo poo
|
#
?
Jan 12, 2018 20:44
|
|
|
|
| # ? Apr 19, 2024 21:51 |
|
|
tavis is a stupid rear end in a top hat and I hate him and yes he did poo poo on my product
|
|
#
?
Jan 12, 2018 21:04
|
|
|
Roargasm posted:tavis is a stupid rear end in a top hat and I hate him and yes he did poo poo on my product fukkin owned
|
|
#
?
Jan 12, 2018 21:11
|
|
|
Roargasm posted:tavis is a stupid rear end in a top hat and I hate him and yes he did poo poo on my product show us on the monitor where he penetrated your code
|
|
#
?
Jan 12, 2018 21:27
|
|
|
Of course he's cool, he's a professional bounty hunter.
|
|
#
?
Jan 12, 2018 22:54
|
|
|
appreciation /station/ ffs
|
|
#
?
Jan 12, 2018 23:02
|
|
|
i work with a guy who used to sit next to tavis at the goog and he confirmed to me that he is literally a wizard
|
|
#
?
Jan 13, 2018 01:52
|
|
|
Roargasm posted:tavis is a stupid rear end in a top hat and I hate him and yes he did poo poo on my product
|
|
#
?
Jan 13, 2018 02:14
|
|
|
hot take: tavis and all the other bigshot security researchers should just be like "oh, trump doesn't like NORMS? how about we start dropping 0days with zero warning, on twitter, daily. after all... responsible disclosure is just something those Georgetown fucks at NIST thought up"
|
|
#
?
Jan 13, 2018 04:02
|
|
|
i shall call my newborn son tavis
|
|
#
?
Jan 13, 2018 04:45
|
|
|
maskenfreiheit posted:hot take: tavis and all the other bigshot security researchers should just be like "oh, trump doesn't like NORMS? how about we start dropping 0days with zero warning, on twitter, daily. after all... responsible disclosure is just something those Georgetown fucks at NIST thought up" "responsible disclosure" is a term coined by butthurt vendors and security researchers hate it
|
|
#
?
Jan 13, 2018 05:12
|
|
|
maskenfreiheit posted:hot take: tavis and all the other bigshot security researchers should just be like "oh, trump doesn't like NORMS? how about we start dropping 0days with zero warning, on twitter, daily. after all... responsible disclosure is just something those Georgetown fucks at NIST thought up" they should just skip the middleman: use the 0days themselves and drop the piss tape
|
|
#
?
Jan 13, 2018 05:18
|
|
|
Deep Dish Fuckfest posted:they should just skip the middleman: use the 0days themselves and drop the piss tape
|
|
#
?
Jan 13, 2018 13:03
|
|
|
Cybernetic Vermin posted:appreciation (((station)))
|
|
#
?
Jan 13, 2018 14:10
|
|
|
maskenfreiheit posted:hot take: tavis and all the other bigshot security researchers should just be like "oh, trump doesn't like NORMS? how about we start dropping 0days with zero warning, on twitter, daily. after all... responsible disclosure is just something those Georgetown fucks at NIST thought up" Dont understand the logic going through here. Seems to be: -Trump is bad -Tiwtter isnt banning trump -Therefore we should unleash havoc on twitter Or maybe relating to dropping 0days against government softwares. idk. But I do agree that responsible discloser is poo poo. It's mostly socially-inept security dudes agreeing to do something because thats what everyone else is doing. And then u get a measly 4 figgies for your work. Good job. OORRRR you could not do that. You can sell the exploit and get lotsa figgies. Or utilize it yourself (i.e. find a twitter bug and use it to make celebrititties tweet about a product ur selling with a link to your web. youll get mega bank that way). Theres hardly any reason to ever report security bugs.
|
|
#
?
Jan 13, 2018 18:38
|
|
|
tavis is a harbinger of software destruction, i can't think of anything a major software vendor would like to see less on twitter than tavis asking for their sec team
|
|
#
?
Jan 13, 2018 18:44
|
|
|
https://twitter.com/taviso/status/955540415263907840 lol tha mothafucking tavis posted:Their solution appears to be to query the client command line, get the 32-bit FNV-1a string hash of the exename and then check if it's in a blacklist. I proposed they whitelist Hostnames, but apparently that solution was too elegant and simple.
|
|
#
?
Jan 22, 2018 21:49
|
|
|
|
| # ? Apr 19, 2024 21:51 |
|
|
blizzard here. that blacklist you bindiff-ed from the latest version versus the penultimate version is old code and nothing to do with this issue.
|
|
#
?
Jan 23, 2018 05:27
|
|
