Discover and read the best of Twitter Threads about #BHUSA

Most recents (5)

#BHUSA keynote is about to start
Jeff Moss is on stage
Read 3 tweets
Today, @5aelo and I unrestricted five bugs in iMessage! Here are some highlights:
@5aelo CVE-2019-8647 is a remote, interactionless use-after-free

bugs.chromium.org/p/project-zero…

CVE-2019-8662 is similar

bugs.chromium.org/p/project-zero…
@5aelo CVE-2019-8660 is remote, interactionless memory corruption

bugs.chromium.org/p/project-zero…
Read 8 tweets
My challenge of the night: create an app for #BHUSA 1/
The 1st challenge is to get the data. At @BlackHat there is 4 types of sessions:
- arsenal
- briefings
- sponsored-sessions
- training

2/
After extracting the data from their website, I imported everything in a Firebase Realtime Database 3/
Read 6 tweets
I thought I’d know all the stuff in this talk and just went to see @Lipner. But nope...Dr Lipner is still dropping new knowledge. #bhusa @SAFECode
If you’re not big enough to “do everything” this talk is for you. My key points:

1. Have a vuln response process, use it to learn, and fix more than just what’s reported.
2. Devs are accountable for writing secure code—don’t “test it in.”
3. Do RCAs
4. Track SDL in the mainstream bug tracking workflow you track other bugs in.
5. Have a bug bar — exploitability matters.
6. Secure your 3rd party code. If you ship it, it’s your problem.
Read 7 tweets
IOTAAAAAAAA

#bhusa
"@Ethan_Heilman likes breaking hash functions for fun."
The security of the signature scheme reduces to the security of the hash function.
Read 13 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!