Everyone's been sending me the deepfake CFO article. I'm not sure if it's real, so waiting for facts to emerge. But, here's what I'd do if it's accurately reported 🧵
amp.cnn.com/cnn/2024/02/04… Make sure you follow the four-eyes rule: Use access controls that require two (or more!) person approval for transfers above a risk threshold. Banks like @mercury and @meow make this easy.

Here's the most correct recap of what's happening with OpenSea right now.

tl;dr The security of web3 platforms depend entirely on wallets with universally poor security UX, and there's very little the platforms can do about it.

https://twitter.com/0xfoobar/status/1495208279210876930

If you're looking for sites to revoke your approvals and limit your exposure to phishing attacks, here are 3 sites that work right now:

https://twitter.com/adrianhetman/status/1495209424868233221

My scooter was stolen last week. Unknown to the thief, I hid two Airtags inside it. I was able to use the Apple Find My network and UWB direction finding to recover the scooter today. Here’s how it all went down: The theft occurred on Monday night. I went out to dinner and locked it to a grate with motorcycle handcuffs. I find them easier to use than a cable lock, but apparently I forgot to lock one cuff. It was gone after ~2 hours.
amazon.com/gp/product/B00…

MDM is a pain in the ass, and we’ve been looking for a new vendor since Fleetsmith was acquired by Apple (and then disabled 90% of their product). Their agent barely worked, and frequently mishandled security updates. Fleetsmith had clearly become a burning bridge when they failed, again, to apply 10.15.6 to our machines (one of their few remaining features). We found Kandji and within 3 days, their solutions team helped us plan and execute a one-way migration to their product.

We're hired to provide industry-best advice @trailofbits, and that's exactly what we provided to @HegicOptions. How, then, were bugs found in their code mere hours after they deployed it to mainnet? (1/n)

https://twitter.com/HegicOptions/status/1253937104666742787

In 3 days earlier this month, we identified 10 critical flaws in @HegicOptions that could harm users. We noted a lack of tests, a lack of documentation, and that the time afforded to review their code was insufficient.

Bottom line: we told them to hold off deploying.

Most people are now aware that @trailofbits conducted a security review of the Bitcoin Cash client on behalf of @BitcoinSVNode. While we cannot release our report in its entirety yet, I wanted to share a few details of what we found…

https://twitter.com/JimmyWinMedia/status/1101668023335833601

First, as far as we are aware, this was the first time a professional services firm reviewed the security of a Bitcoin client. We began with a comprehensive review of the bitcoind attack surface and surveyed previous attempts to fuzz it.

Google sure is good at plagiarizing my work. I released @AlgoVPN, an open-source, self-hosted VPN solution, in 2016. I find it hard to believe @Jigsaw was unaware since I’ve met their engineers more than once.
wired.com/story/alphabet… Since I released @AlgoVPN, it’s attracted ~7500 Github stars, 700 external contributions from 80 contributors, and endorsements from @motherboard, @kennwhite, @TheRegister, @thegrugq, @TechCrunch, @lifehacker, and more.

So this AMDflaws.com business... CTS Labs asked us to review their research last week, and sent us a full technical report with PoC exploit code for each set of bugs. Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works.

I’d like more women to apply to Trail of Bits. 30x more men apply than women on average today. Here are some ways I have tried improving it: I co-developed and sponsored NYU’s Cybersecurity Symposium for Women to bring in new midcareer pros blog.trailofbits.com/2014/09/29/nyu…