ISRG is hiring an SRE to help keep the world’s largest certificate authority running. Come join our team and help us make the internet safer for all.

After a constructive engagement with @ThreemaApp during responsible disclosure, this is unexpectedly dismissive. We broke their protocol 6 ways. They updated it, thanks to our work ( https://t.co/XMu8SZBCc3). So of course our work applies to an old version.

We (@winterdeaf @kientuong114 and I) took a deep dive on Threema, a Swiss-made secure messaging app. We found 6 new cryptographic vulnerabilities. Full paper at https://t.co/XMu8SZBCc3; mini-thread follows. #threema

It takes a good six-year-old with a gun to stop a bad six-year-old with a gun.

GitHub on finally deploying IPv6.... 😊🤗 ( https://t.co/nsopICqIuL)

Don't dump LastPass because of 7 breaches, dump them for crap crypto: Padding oracle vulns, ECB pass len leaks, switch to CBC for new vaults not old ones, vault key uses AES256 but only 128 bits entropy, key webui leak, silent KDF downgrade, KDF hash log leak, keys left in mem.

🎉 https://t.co/U2xsYhMnN3 has passed 500 Online BGP sessions! Thanks to the networks that have made this possible We now have really quite good routing visibility in EU and a lot of the US, But isn't the whole world! The focus is now Africa, APAC, and LATAM!

This video of cops in Nevada searching a suspect and finding a seed phrase is pretty wild. Imagine having your seed phrase become part of public record due to it being captured by an officer's body camera!

Svaq zr ba Znfgbqba nf wctbyqoret@vbp.rkpunatr

https://t.co/2ySaDLbcMe

POV: You're a security consultant hired to be embedded in a web development team

Europe’s new cyber security legislation NIS2 officially signed! 🥂

@DaKnObCS Oh yeah, forgot about that. I'm pretty sure we have the plumbing for this, let me see if we expose it.

Pulling MikroTik into the Limelight

Fine ok you get *another* blog post, this time about why doing on-device WebAuthn (rather than requiring a separate token) is harder in the PC world than on Macs and why Linux just doesn't have a good story here yet:

I spoke yesterday about the future of Web Authentication, and you can find the recording online here: https://t.co/TaU3FdmfEv #WebAuthn #Web #WWW #Security #Authentication

The European Commission has been contemplating radical changes to the Internet in Europe that would violate #netneutrality and upend how the internet economy has worked for decades. Its proposal: the long-discredited idea that websites and apps should pay broadband providers.

I blogged about using #ACME to automatically, securely, and reliably protect all your workload connections with #mTLS and achieve authenticated End to End Encryption #E2EE: https://t.co/etnzFCbhsP

I blogged about how I’m using #ACME to issue #mTLS and #SSH certificates for my personal infrastructure: https://t.co/o6qyRidkKx My end goal is to make sure the devices I’m using don’t have access to my stuff for most of the time. I also move to 100% hardware-backed keys!