Apple debuting their new A14 processor for iPad at #AppleEvent. Most of the talk obviously on performance, battery and ML performance, but for infosec, A14 is what'll bring Armv8.5-A memory tagging extensions into the mainstream. Memory corruption exploits getting hard y'all.
If this is on new iPad, pretty good chance that'll be in their new iPhone v-next in a whenever-that-comes too.
Come a long, long way from the 90s where finding a crash in a program was easy, and having a working exploit was twelve minutes of work. It is a looooooooong journey from bugs to exploits now on these hard targets.
Hacking a fully up-to-date iPhone is already six or seven distinct ground-breaking Black Hat talks worth of research, and that number is steadily creeping higher.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Pwn All The Things

Pwn All The Things Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @pwnallthethings

27 Sep
"My opponent is senile and unable to perform basic human tasks like giving a speech, but also must be on performance-enhancing drugs because no human could achieve his ability at performing basic tasks like giving a speech"
It's all part of the heads-I-win-tails-you-lose reality distortion bubble for the base. "He is dumb and senile because I made a supercut of him stumbling over a word, but when you see any counterevidence of that claim, it is actually a conspiracy, don't believe your own eyes"
All of it is like this. All of it. That's what it's for.

E.g. "My opponent is an anarchist who wants to tear down government, but also a big-state socialist who loves big government, idk, throwing mud here, pick whichever one scares you most to justify your vote for me"
Read 7 tweets
27 Sep
This. 👇

I know it's tempting for folks in infosec to talk about election infrastructure security during elections in dire terms. And yes, some of it's not great. But read the room and be cautious with the hyperbole (always, but especially this election).
It's like the IT guy at STRATCOM saying "but installing Windows updates is very important" to the STRATCOM commander after all the machines in the control room go to the updating screen five minutes after they detect a possible launch. Sure. Narrowly correct. But timing, my peeps
The thing about elections is they really only solve one problem: transitioning power with social confidence in the result. And when both of those things are under substantial and sustained attack, hyperbole about machines that *are live and voting right now* helps nobody.
Read 4 tweets
25 Sep
This is a very good set of guidelines
A point perhaps worth adding:

Be particularly aware of "rolling leaks" (like the 2016 Podesta leak). It is explicitly an attempt to game the media landscape.
Rolling leaks spread out relatively mundane information over a series of leaks so as to dominate multiple news-cycles with something that, if it had been released in a single dump, would justify far, far less overall attention.
Read 5 tweets
24 Sep
This is such a disingenuous framing of what's going on
Setting aside the backwards logic of how *introducing legislation* could "enable breaking [domestic] law", the whole point here is MI5 should be able to recruit sources inside actual terror organizations
Being a member of, say, ISIS is a criminal offense. It's a proscribed terror organization. MI5 is a counterterror agency. Part of its job is to recruit agents in those terror organizations. It *necessarily follows* that those agents are breaking the law.
Read 4 tweets
23 Sep
I mean, this is right in a sense. Lots of folks (imo) conflating chance of illegitimate attempts to subvert the election (certain) with chance they succeed (less much less certain).

The problem is the latter of those is a low-likelihood but cataclysmically consequential event. As in, and I mean this without hyperbole, it would break the back of the American system entirely.
For those types of low-likelihood cataclysmic events you have this messy problem that, if you roll the dice and win, everything you did sounds like hyperbole. And if you roll the dice and lose, everything you did and said sounds not hyperbolic enough
Read 5 tweets
22 Sep
The "what if we didn't have any norms and just resorted to raw power" hypotheticals are not quite as fun when they're played out in realtime as an existential partisan death-match
The raiders come home, bags filled with cans taken from the rubble in the ruined city. As the fire crackles in the moonlight, one of the elders laments "in retrospect, it turns out norms are sometimes as important as constitutions".
That will be my moment.

Staring him direct in the eyes with a cold deadly fury, I stand, and check my coat pocket, eyes unflinching.

The folded paper is still there.

Reaching in, I take it, with an almost forced slowness, eyes never waivering, and unfold it, flap by flap
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!