vinoth

@vinoth@infosec.exchange

I am Vinoth, from San Diego. I lead the silicon security architecture and silicon security operations teams at #Google. Before this, I worked on mobile silicon security at #Qualcomm.

Much of my work is about improving the security of #Pixel and other #Android devices. I will mostly talk about #mobilesecurity, #androidsecurity and #infosec.

I sometimes invest in seed stage start-ups, primarily technology companies. My portfolio includes Modumate, Akido Labs, kia.ai, Zendoc and Zeoauto. If you are building something cool, hit me up.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

jerry, to random

Perhaps there is a market for electric toothbrush shaped flipper zeros in Canada

Muddobbers,

@jerry

I have become death. Destroyer of worlds. What have I wrought on this world!

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

The US Government should 100% NOT back down from this nor weaken proposals.

https://www.theregister.com/2024/02/08/us_tech_industry_changes/

molly0xfff, to random
@molly0xfff@hachyderm.io avatar

“DAOs are like the network equivalent of homeowners’ associations,”
— Read Write Own by Chris Dixon

BleepingComputer, to random

Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States.

https://www.bleepingcomputer.com/news/security/us-announces-visa-ban-on-those-linked-to-commercial-spyware/

alex, to random
@alex@cybervillains.com avatar

AnyDesk was popped, with 170,000 advertised users.

They claim their install base is secure, but that the code signing cert was stolen. From the changelog, its clear that they knew this on January 29th but didn't announce until the end of the day on a Friday. Not cool.

Based upon their actions so far, I would recommend all enterprises kill AnyDesk across their fleet using EDR or other means for now until we know more.

https://anydesk.com/en/public-statement
https://anydesk.com/en/changelog/windows

rene_mobile,

@alex
Binary transparency logs is where we need to go as an industry for better deployment/update provenance. There have been too many documented cases of leaked signing keys to pretend that simple code signing alone still works. Coupled with a public log of known-good hashes with independent witnesses makes for a significantly stronger security posture.
The tools are all there - companies making highly privileged code bases, please use them!

arstechnica, to random
@arstechnica@mastodon.social avatar

FCC to declare AI-generated voices in robocalls illegal under existing law

Robocalls with AI voices to be regulated under Telephone Consumer Protection Act.

https://arstechnica.com/tech-policy/2024/02/fcc-to-declare-ai-generated-voices-in-robocalls-illegal-under-existing-law/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

ryanc, (edited ) to random

It's been ten years, so a short story about the "gotofail" bug.

Someone came to me about a catastrophic vulnerability in Apple's TLS implementation.

I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.

They didn't know exactly what it was, just some vague details and the key point that it allowed use of the real certificate.

This was enough for me to find the bug (yay open source), which would go on to be known as "gotofail", and produce a working exploit in less than a day.

The details were anonymously back channelled to Apple, who released a fix.

@matthew_d_green posted on Twitter about it, concerned by Apple's vague release notes.

I used a burner phone to share the details with him anonymously.

Then everyone forgot about the whole thing because heartbleed.

¯_(ツ)_/¯

mrtazz, to random
@mrtazz@chaos.social avatar

This passage from @debcha's "How Infrastructure works" is such a truth that often gets forgotten or ignored on the hunt for profit. It's a very familiar and recurring theme in resilience engineering texts and research. And it also rings true for me in this current trend of continuous layoffs that take more and more slack and capacity out of tech systems being maintained (in addition to the human cost) as remaining humans need to do more work in the same amount of time.

doyce, to random
i0null, to random

“There is a reality outside the world, that is to say, outside space and time, outside man's mental universe, outside any sphere whatsoever that is accessible to human faculties.”

  • Simone Weil
carnage4life, to random
@carnage4life@mas.to avatar

When you’re spending more time talking about problems than it takes to fix them.

spideymang, to random Spanish
@spideymang@mstdn.mx avatar

90's: "don't sit too close to the tv"
2024:

sjvn, to random
@sjvn@mastodon.social avatar

I love Elle Cordova and her clever, funny videos. This one is for all my writer and editor friends.

video/mp4

rckenned, to random

There should be job roles for burnt out Staff+ engineers to hang back, burn down the bug list, write tests, fix documentation, clean up alerts, and other assorted housekeeping. Stuff that’s impactful and soothing to engineers who’ve lost the motivation to lead from the front but still find satisfaction in those sorts of tasks.

catc0n, to random

This is exceptional: https://ciaranmartin.substack.com/p/on-the-matter-of-the-british-library

CRGonzalez, to random

Albuquerque, NM, has become the largest U.S. city to permanently make public transportation free for everyone. The city found that fares didn’t cover the administrative fees, so they actually save money by making public transportation free.

adamshostack, to random
SwiftOnSecurity, to random

Microsoft got whacked and slurped 😔

https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

rene_mobile,

@SwiftOnSecurity
Interesting definition of "vulnerability in Microsoft products or services". So email for employees is not a "Microsoft service", and/or breach of multiple high level accounts with presumably far reaching access is not a vulnerability? Well, it could be argued that it was a process vulnerability and not the implementation per se, but isn't the process part of the service, and shouldn't there be mitigations against such lateral movement (there is unsurprisingly no detail at all on this interesting titbit)?

The Corp Speak is strong in this one...
@muruenya

mattpotter, to Anthropology
@mattpotter@c.im avatar

Holy shit I love this research paper

https://www.biorxiv.org/content/10.1101/704080v1

#anthropology #anthro #academia #academicresearch #longevity

Abstract The observation of individuals attaining remarkable ages, and their concentration into geographic sub- regions or 'blue zones', has generated considerable scientific interest. Proposed drivers of remarkable longevity include high vegetable intake, strong social connections, and genetic markers. Here, we reveal new predictors of remarkable longevity and 'supercentenarian' status. In the United States, supercentenarian status is predicted by the absence of vital registration. The state-specific introduction of birth certificates is associated with a 69-82% fall in the number of supercentenarian records. In Italy, which has more uniform vital registration, remarkable longevity is instead predicted by low per capita incomes and a short life expectancy. Finally, the designated 'blue zones' of Sardinia, Okinawa, and Ikaria corresponded to regions with low incomes, low literacy, high crime rate and short life expectancy relative to their national average. As such, relative poverty and short lifespan constitute unexpected predictors of centenarian and supercentenarian status, and support a primary role of fraud and error in generating remarkable human age records. Copyright The copyright holder for this preprint is the author/funder, who has granted bioRxiv

vozercozer, to random
@vozercozer@wetdry.world avatar

😱​😱oh no not the ubuntu source code leak​😱​😱​

brainwane, to random
@brainwane@social.coop avatar

really appreciating https://blog.tidelift.com/will-the-new-judicial-ruling-in-the-vizio-lawsuit-strengthen-the-gpl by @luis_in_brief to help me understand what's potentially really exciting about a recent US court ruling

malwaretech, to random

Am I the only one who feels like still using employment rate as a metric for a healthy economy is basically just gaslighting at this point?

Employment used to mean you had a good chance of affording a home, maybe two kids, and potentially even on just a single income. Now you can have a full time job and still need food stamps or a side job just to pay bills.

Then of course, because salaries are so low relative to the cost of living, it makes employment numbers look even better because people who wouldn't have been forced to work now are. You have households where both parents have full time jobs, people with disabilities forced to work because they can't cover bills, students dropping out of college because it's now unaffordable.

Then some goober economist comes on TV and goes "well, unemployment is at record lows so obviously everything is fine"

angiebaby, to random
@angiebaby@mas.to avatar

"Looks like you're using an ad-blocker"

Looks like you're trying to install 52 trackers on my computer.

SmudgeTheInsultCat, to random
@SmudgeTheInsultCat@mas.to avatar
thomasfuchs, to random
@thomasfuchs@hachyderm.io avatar

The last 10 years or so of tech:

2013: Blockchain! It's a like a database, but slower and worse!
2016: VR! It's like monitors, but slower and worse!
2021: NFTs! It's like pictures, but slower and worse!
2023: AI! It's like algorithms, but slower and worse!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • JUstTest
  • Durango
  • everett
  • cisconetworking
  • Leos
  • normalnudes
  • cubers
  • modclub
  • ngwrru68w68
  • tacticalgear
  • megavids
  • anitta
  • tester
  • lostlight
  • All magazines
    •