Erling Ellingsen

@steike

ex-fb prodsec

Oslo, Norway
alf.nu
Se unió en agosto de 2008
10 fotos y videos Fotos y vídeos

Tweets

Bloqueaste a @steike

¿Estás seguro de que quieres ver estos Tweets? Ver los Tweets no desbloqueará a @steike

  1. Tweet fijado
    23 feb. 2017

    Make your own colliding PDFs:

    6 respuestas 295 retweets 280 Me gusta
    Deshacer
  2. 9 ago. 2018

    Ooh! On DOS, this was a much faster way to allocate space than writing zeros—but you would get whatever was on disk (so, random data from deleted files). This led to an early privacy panic when private data turned up inside the cache files of some online service client… Prodigy?

    I learnt about ✨file holes✨ on Unix!
    4 Me gusta
    Deshacer
  3. 22 may. 2018

    Someone should set up a meta-tags-as-a-service company that keeps track of all the new browser features and automatically opts your site out of the ones that create unnecessary attack vectors

    This is a bad idea.
    1 respuesta 2 retweets 6 Me gusta
    Deshacer
  4. retwitteó
    3 abr. 2018

    Do I even want to know why Debian has a security update for beep(1) today?

    34 respuestas 427 retweets 1.073 Me gusta
    Deshacer
  5. 13 mar. 2018

    This is so great. Also, to save some work: If you have a crazy hetereogenous setup, it's enough to automate the setup for one domain. You can CNAME _acme-challenge.[everything else] to that (once) and just serve all the TXT records from there (extra garbage is ignored)

    Let's Encrypt wildcard certificates and ACMEv2 are available today! More information can be found here:
    3 Me gusta
    Deshacer
  6. 16 feb. 2018

    Online shopping is a lot easier when you take into account that (1) humans make systems (2) reliably comparing free-format street addresses is a difficult but unsexy problem

    1 retweet 5 Me gusta
    Deshacer
  7. 7 ene. 2017

    Posted four old browser bugs and a new one

    1 respuesta 36 retweets 53 Me gusta
    Deshacer
  8. 24 nov. 2016

    today

    Deshacer
  9. 24 nov. 2016

    In progress. and are back up, soon.

    Any plans to revive ? I can't get it to work through .
    1 respuesta 1 retweet 9 Me gusta
    Deshacer
  10. 28 ago. 2016

    Oh hey, that's CVE-2011-3441! (except on iOS no extra tricks were needed, just 1.2.3.4%20.victim.㏄ and get cookies)

    Blogged again! Explaining same origin policy bypass in Firefox (CVE-2015-7188) thanks to quirk in IP address parsing
    1 retweet 3 Me gusta
    Deshacer
  11. 11 ago. 2016

    It looks like the same solution should work in all the modern browsers with small modifications. This is surprising.

    En respuesta a @steike
    And by the way - are you going to perhaps provide us with some hint for random4? ;)
    1 respuesta 1 Me gusta
    Deshacer
  12. 3 ago. 2016

    Had a bunch of alert(1)-to-win levels left over that weren't really security related. General ecmascript golf time!

    1 respuesta 14 retweets 18 Me gusta
    Deshacer
  13. 7 abr. 2016

    Is your entire domain 'X-Frame-Options: DENY', but not your error pages? Now's as good a time as any to fix it… (iframe UXSS in Safari)

    2 respuestas 4 retweets 15 Me gusta
    Deshacer
  14. 18 mar. 2016

    We gave the whole internet keys so airport security won't break open your luggage. They do anyway. In other news, an FPGA dev kit is a bomb.

    1 retweet 3 Me gusta
    Deshacer
  15. 10 mar. 2016

    "Can you please provide me the last 4 characters of the cPanel password to verify ownership of the account?" - cc :-)

    1 respuesta 1 Me gusta
    Deshacer
  16. 7 feb. 2016

    fin-fin wifi, men utløpt sertifikat på . Bonus om den kan bli synlig i DNS for de som bruker ⒏⒏⒏8 e.l

    1 respuesta
    Deshacer
  17. 15 dic. 2015

    @Fridababy_HQ assuming you don't have an online phramacy seo side business, your web server is hacked

    Deshacer
  18. 5 oct. 2015

    "Code cleanup and fixes"

    1 respuesta 2 retweets 1 Me gusta
    Deshacer
  19. retwitteó
    10 sept. 2015

    Slides for my talk about FireEye:

    6 respuestas 257 retweets 168 Me gusta
    Deshacer
  20. 22 jun. 2015
    En respuesta a

    @JamEngulfer221 Sort of. Each user gets a sandbox branch. Hmm, I guess there should be a way to request a merge...

    1 respuesta
    Deshacer

@steike no ha twitteado todavía.

Parece que el contenido está tardando un poco en cargarse.

Puede que Twitter esté saturado o experimentando un problema momentáneo. Inténtalo de nuevo o visita el Estado de Twitter para más información.

    También te puede gustar

    ·