Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
  • Post
  • Reply
Number19
May 14, 2003

HOCKEY OWNS
FUCK YEAH




this dude has his tweets posted in the security fuckup thread sometimes. he legit owns and has done a ton to make everyone's computer more secure over the years. tavis is a security researcher with google's project zero. lately he has been looking at entire categories of software that he thinks have problems and picks them to pieces. he has such a reputation now that him sending a tweet like this:

https://twitter.com/taviso/status/832744397800214528

is cause for red alert at your company. you never want to see your company/software mentioned in a tweet like that from him. that tweet was in reference to cloudflare loving up and leaking private data to everyone through their SSL caching tool and having it indexed by all search engines: https://bugs.chromium.org/p/project.../detail?id=1139

he also famously decided to pick apart the entire av industry: https://bugs.chromium.org/p/project....com+&cells=ids

he's also entertaining because he will call people out on their poo poo on twitter, especially when they push back at him about something he's an expert at:

https://twitter.com/taviso/status/949810502925828097

he will also outright troll other organizations to get them to fix their poo poo:

https://twitter.com/taviso/status/919193639422537728

tavis ormandy loving owns. normally i wouldn't suggest people read someone's twitter but his is legit worth it and you should follow him if you like this kind of poo poo

Adbot
ADBOT LOVES YOU

Roargasm
Oct 21, 2010

Hate to sound sleazy
But tease me
I don't want it if it's that easy


tavis is a stupid rear end in a top hat and I hate him and yes he did poo poo on my product

Number19
May 14, 2003

HOCKEY OWNS
FUCK YEAH




Roargasm posted:

tavis is a stupid rear end in a top hat and I hate him and yes he did poo poo on my product

fukkin owned

Farmer Crack-Ass
Jan 2, 2001

one stripe on the sleeve means lieutenant moose to you, asshole

Roargasm posted:

tavis is a stupid rear end in a top hat and I hate him and yes he did poo poo on my product

show us on the monitor where he penetrated your code

Doom Mathematic
Sep 1, 2008


Of course he's cool, he's a professional bounty hunter.

Cybernetic Vermin
Apr 18, 2005

I GET REALLY MAD WHEN I AM TOLD THAT MY POSTS ARE WORTHLESS GARBAGE AND ACT LIKE A PEDANTIC FUCKWIT WHEN CALLED OUT ON IT

I ALSO HUFF MY OWN FARTS


appreciation /station/

ffs

Feisty-Cadaver
Jun 1, 2000
The worms crawl in,
The worms crawl out.

Cybernetic Crumb

i work with a guy who used to sit next to tavis at the goog and he confirmed to me that he is literally a wizard

Trashman
Sep 11, 2000

You trash eating stink bag!


Roargasm posted:

tavis is a stupid rear end in a top hat and I hate him and yes he did poo poo on my product
lmao owned

maskenfreiheit
Dec 30, 2004
Probation
Can't post for 25 days!


hot take: tavis and all the other bigshot security researchers should just be like "oh, trump doesn't like NORMS? how about we start dropping 0days with zero warning, on twitter, daily. after all... responsible disclosure is just something those Georgetown fucks at NIST thought up"

Dongslayer.
May 25, 2009

We don't need Rome telling us what to do.


i shall call my newborn son tavis

Plorkyeran
Mar 21, 2007

Plorky Pig, let's get that Maria+Holic typesetting done yeah? You're starting to develop the requtation of lazy and slow, so ammend that for your own sake


maskenfreiheit posted:

hot take: tavis and all the other bigshot security researchers should just be like "oh, trump doesn't like NORMS? how about we start dropping 0days with zero warning, on twitter, daily. after all... responsible disclosure is just something those Georgetown fucks at NIST thought up"

"responsible disclosure" is a term coined by butthurt vendors and security researchers hate it

Deep Dish Fuckfest
Sep 6, 2006

NINETEEN
EIGHTY X
AD


maskenfreiheit posted:

hot take: tavis and all the other bigshot security researchers should just be like "oh, trump doesn't like NORMS? how about we start dropping 0days with zero warning, on twitter, daily. after all... responsible disclosure is just something those Georgetown fucks at NIST thought up"

they should just skip the middleman: use the 0days themselves and drop the piss tape

Cocoa Crispies
Jul 20, 2001

Vehicular Manslaughter!



Pillbug

Deep Dish Fuckfest posted:

they should just skip the middleman: use the 0days themselves and drop the piss tape

bump_fn
Apr 12, 2004

aaaaaaaaaag


Ham Wrangler

Cybernetic Vermin posted:

appreciation (((station)))

I HAVE GOUT
Nov 23, 2017


maskenfreiheit posted:

hot take: tavis and all the other bigshot security researchers should just be like "oh, trump doesn't like NORMS? how about we start dropping 0days with zero warning, on twitter, daily. after all... responsible disclosure is just something those Georgetown fucks at NIST thought up"

Dont understand the logic going through here. Seems to be:
-Trump is bad
-Tiwtter isnt banning trump
-Therefore we should unleash havoc on twitter

Or maybe relating to dropping 0days against government softwares. idk.

But I do agree that responsible discloser is poo poo. It's mostly socially-inept security dudes agreeing to do something because thats what everyone else is doing. And then u get a measly 4 figgies for your work. Good job.
OORRRR you could not do that. You can sell the exploit and get lotsa figgies. Or utilize it yourself (i.e. find a twitter bug and use it to make celebrititties tweet about a product ur selling with a link to your web. youll get mega bank that way). Theres hardly any reason to ever report security bugs.

Adbot
ADBOT LOVES YOU

Captain Foo
May 11, 2004

devil on your shoulder





Clever Betty

tavis is a harbinger of software destruction, i can't think of anything a major software vendor would like to see less on twitter than tavis asking for their sec team

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply