stf<p>huh <a href="https://chaos.social/tags/trailofbits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trailofbits</span></a> did an audit of <a href="https://chaos.social/tags/simplex" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>simplex</span></a> - only the "protocol spec" <a href="https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/simplex-chat/simple</span><span class="invisible">x-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf</span></a></p><p>quite limited scope. and last time i looked at the spec i lost my appetite, but apparently there have been updates, like addition of sntrup pq kem. so maybe this has improved? still wouldn't use it the supply chain attack surface is begging for a "soon" not an "if". and the global transcript of group chats was out of scope in this audit. so, meh?</p>
Recent searches
No recent searches
Search options
Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
10Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#trailofbits
0 posts · 0 participants · 0 posts today
Pyrzout :vm:<p>White House: Use memory-safe programming languages to protect the nation <a href="https://www.helpnetsecurity.com/2024/02/27/memory-safe-programming-languages/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2024/02/27</span><span class="invisible">/memory-safe-programming-languages/</span></a> <a href="https://social.skynetcloud.site/tags/criticalinfrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>criticalinfrastructure</span></a> <a href="https://social.skynetcloud.site/tags/softwaredevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>softwaredevelopment</span></a> <a href="https://social.skynetcloud.site/tags/Horizon3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Horizon3</span></a>.ai <a href="https://social.skynetcloud.site/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a> <a href="https://social.skynetcloud.site/tags/TrailofBits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrailofBits</span></a> <a href="https://social.skynetcloud.site/tags/government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>government</span></a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Don</span></a>'tmiss <a href="https://social.skynetcloud.site/tags/Honeywell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeywell</span></a> <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hotstuff</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://social.skynetcloud.site/tags/USA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USA</span></a></p>
Tarnkappe.info<p>📬 LeftoverLocals: Apple, AMD und Qualcomm GPUs von Sicherheitslücke betroffen<br><a href="https://social.tchncs.de/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSicherheit</span></a> <a href="https://social.tchncs.de/tags/AMD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AMD</span></a> <a href="https://social.tchncs.de/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a> <a href="https://social.tchncs.de/tags/CPUs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CPUs</span></a> <a href="https://social.tchncs.de/tags/HeidyKhlaaf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HeidyKhlaaf</span></a> <a href="https://social.tchncs.de/tags/LeftoverLocals" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LeftoverLocals</span></a> <a href="https://social.tchncs.de/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofofConcept</span></a> <a href="https://social.tchncs.de/tags/Qualcomm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Qualcomm</span></a> <a href="https://social.tchncs.de/tags/Sicherheitsl%C3%BCcke" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicherheitslücke</span></a> <a href="https://social.tchncs.de/tags/TrailofBits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrailofBits</span></a> <a href="https://sc.tarnkappe.info/af0398" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sc.tarnkappe.info/af0398</span><span class="invisible"></span></a></p>
Seldon<p><a href="https://fosstodon.org/tags/simplexchat" class="mention hashtag" rel="tag">#<span>simplexchat</span></a> seems like an intriguing <a href="https://fosstodon.org/tags/privacy" class="mention hashtag" rel="tag">#<span>privacy</span></a>-focused, <a href="https://fosstodon.org/tags/decentralized" class="mention hashtag" rel="tag">#<span>decentralized</span></a> messenger app. <a href="https://fosstodon.org/tags/trailofbits" class="mention hashtag" rel="tag">#<span>trailofbits</span></a> conducted a <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="tag">#<span>security</span></a> audit late last year and the publication is available to read if anyone is curious. However, it would be beneficial if there are a few more audits performed given the boasting on their website regarding the privacy and security of the messenger. Audits can be expensive, but the assurance our <a href="https://fosstodon.org/tags/data" class="mention hashtag" rel="tag">#<span>data</span></a> is safe is paramount. </p><p><a href="https://github.com/trailofbits/publications/blob/master/reviews/SimpleXChat.pdf" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/trailofbits/publica</span><span class="invisible">tions/blob/master/reviews/SimpleXChat.pdf</span></a></p>
Crypto News<p>CFTC adds execs from Circle, Ava Labs and Fireblocks to tech advisory group - The technology advisory committee aims to assist the CFTC in “ide... - <a href="https://cointelegraph.com/news/cftc-adds-execs-from-circle-ava-labs-and-fireblocks-to-tech-advisory-group" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cointelegraph.com/news/cftc-ad</span><span class="invisible">ds-execs-from-circle-ava-labs-and-fireblocks-to-tech-advisory-group</span></a> <a href="https://schleuss.online/tags/technologyadvisorycommittee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technologyadvisorycommittee</span></a> <a href="https://schleuss.online/tags/incadigital" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>incadigital</span></a> <a href="https://schleuss.online/tags/trailofbits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trailofbits</span></a> <a href="https://schleuss.online/tags/fireblocks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fireblocks</span></a> <a href="https://schleuss.online/tags/abalanche" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abalanche</span></a> <a href="https://schleuss.online/tags/avalabs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>avalabs</span></a> <a href="https://schleuss.online/tags/trmlabs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trmlabs</span></a> <a href="https://schleuss.online/tags/circle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>circle</span></a> <a href="https://schleuss.online/tags/cftc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cftc</span></a></p>
Guinness<p>I truly enjoyed reading Trail of Bits blog post on their security audit of <a href="https://free.gluten.space/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> ( <a href="https://blog.trailofbits.com/2022/12/22/curl-security-audit-threat-model/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.trailofbits.com/2022/12/2</span><span class="invisible">2/curl-security-audit-threat-model/</span></a> ) and <span class="h-card"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bagder</span></a></span> answer on his blog ( <a href="https://daniel.haxx.se/blog/2022/12/21/the-2022-curl-security-audit/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">daniel.haxx.se/blog/2022/12/21</span><span class="invisible">/the-2022-curl-security-audit/</span></a> ).<br>This is the way security audits should be handled, keeping clarity, addressing critical flaws, and working together towards a common path, software security and reliability.</p><p><a href="https://free.gluten.space/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://free.gluten.space/tags/trailofbits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trailofbits</span></a></p>
Harry Sintonen<p>The 2022 <a href="https://infosec.exchange/tags/Curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Curl</span></a> Security Audit by <a href="https://infosec.exchange/tags/trailofbits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trailofbits</span></a> was interesting as I've myself done quite a bit of digging into curl internals over the years. While there were many findings, only two of them were considered security vulnerabilities.</p><p>2022 security audit: <a href="https://daniel.haxx.se/blog/2022/12/21/the-2022-curl-security-audit/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">daniel.haxx.se/blog/2022/12/21</span><span class="invisible">/the-2022-curl-security-audit/</span></a></p><p>older post about increased CVE activity: <a href="https://daniel.haxx.se/blog/2022/08/22/increased-cve-activity-in-curl/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">daniel.haxx.se/blog/2022/08/22</span><span class="invisible">/increased-cve-activity-in-curl/</span></a></p>
Dr. Roy Schestowitz (罗伊)<a class="hashtag" href="https://pleroma.site/tag/trailofbits" rel="nofollow noopener noreferrer" target="_blank">#trailofbits</a> on this dual license! :) but <a class="hashtag" href="https://pleroma.site/tag/microsoft" rel="nofollow noopener noreferrer" target="_blank">#microsoft</a> <a class="hashtag" href="https://pleroma.site/tag/github" rel="nofollow noopener noreferrer" target="_blank">#github</a> :( <a href="https://blog.trailofbits.com/2020/08/12/sinter-new-user-mode-security-enforcement-for-macos/" rel="nofollow noopener noreferrer" target="_blank">https://blog.trailofbits.com/2020/08/12/sinter-new-user-mode-security-enforcement-for-macos/</a>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload