Sign in with Twitter

Username:

Nasko Oskov @nasko Seattle, WA

Security geek with his own views and opinions. Hacking on Chromium to make it more secure, isolating sites from each other.

1,020 Following   2,579 Followers   8,781 Tweets

Joined Twitter 7/20/09


If you know anyone that is building products on top of Chromium codebase and cares about security, share this post… https://t.co/O59FiqZe6B @ySebp Big&complex in my case about 10k nodes and 3 or so edges per node. The main goal I'm trying to achieve is to… https://t.co/PMrZ8OO7I7
2/6
2020
Dear twitterverse, what would be good software that will allow me to visually explore really big and complex graphs… https://t.co/j6U80mgMbN
2/5
2020
Security and reliability go hand in hand and must be inherent properties of the system. Check out this awesome new… https://t.co/PCPb7KXgDI
Retweeted by Nasko Oskov
2/4
2020
Read about all the great things the @googleChrome Security team has been up to recently! https://t.co/Bs6SZpDbph
Retweeted by Nasko Oskov
2/1
2020
Manifest v3 is badly misunderstood. If you don't understand the full threat model, you can hurt privacy in your attempt to preserve it.
Retweeted by Nasko OskovRead what the @googleChrome and other @GoogleVRP​s have been up to in 2019! https://t.co/SSta7ByJt1 https://t.co/7NaXq01Ywa
Retweeted by Nasko Oskov @dseabraoliveira It is indeed great, when the setup is right. If the slides are being projected right next to the p… https://t.co/V7H5tJKuakThe "Data Science as Social Science" talk by @BecauseCulture was really really good. Very good framing of current i… https://t.co/KhCRIzUAJB"We're investing in alternative Web monetization @brave, but it's hard for these (e.g. micropayments) to work at sc… https://t.co/DWmKGMsDFx
Retweeted by Nasko OskovI ♥️ the browser, gender, experience, perspective, and patron org diversity at the #enigma2020 panel on browser pri… https://t.co/kmKAaxCDpO
Retweeted by Nasko OskovWhen it comes to improving privacy on the web and importance of browser collaboration, @ericlaw reminds us of the t… https://t.co/ou7E43oJCM
Retweeted by Nasko Oskov @enigmaconf @ericlaw @TanviHacks @justinschuh Advertisers don't need your data. They want to monetize efficiently,… https://t.co/5FinMpu4V9
Retweeted by Nasko OskovWhere @ericlaw reminds us of the 20+ year history of web browser privacy work at @Microsoft #enigma2020 https://t.co/FirArTsott
Retweeted by Nasko Oskov
1/28
2020
One day, we will have advanced technology that will allow any presenter at a conference to *just present*, not figh… https://t.co/eiHqdl59Ji
1/27
2020
I should mention I'm hiring security engineers both in Sunnyvale and Zürich. Come shape how we do automated securit… https://t.co/5jzEozxiqw
Retweeted by Nasko Oskov
1/26
2020
Chrome's TLS deprecation UI experiment has been enabled. https://t.co/ygkeK6lqPU
Retweeted by Nasko Oskov
1/24
2020
@DrGoldfire I completely agree with you! We're indeed responsible to do our best to not break users, devs, & sites.… https://t.co/yAfA5D9g3c @kylealden I use Chrome's Dev channel as my main browser and it is just fine. Breakage that impacts work such that… https://t.co/MfHXkuPFFV
1/20
2020
@agl__ @__apf__ Actual offices do work! They are just harder to rearrange, so costs of running a business with offi… https://t.co/vXOHpwJNIU
1/18
2020
@ericlaw Neat, didn't know you can import netlog into Fiddler these days!PSA: If your business depends on browsers or the web, test on Beta/Dev/Canary/Tech Preview/whatever other pre-relea… https://t.co/AglMSTtdPm+1! I wish it was easy for folks to provide quick feedback on where I can be better. I'm trying my best too to do t… https://t.co/GuvKufH4LeSome people say that just providing info is not enough to change behavior. They never clearly never met the terrify… https://t.co/lgHCYWQCHE
Retweeted by Nasko Oskov
1/17
2020
if you're going to @enigmaconf, don't miss our talk about browser privacy with @LeaKissner @justinschuh @ericlaw an… https://t.co/SOTVc1T4EX
Retweeted by Nasko OskovExcited about this work James and @domenic are driving forward. https://t.co/2EZCiye8J1
1/16
2020
Big layoffs at @Mozilla today. Anyone want a badass senior release manager, experienced in F/LOSS? Bay Area/Remote.… https://t.co/w3MU35Vs4q
Retweeted by Nasko OskovEver wanted to join Google’s Advanced Protection program but didn’t have two security keys? Starting today, you can… https://t.co/IBy7kD6U9X
Retweeted by Nasko Oskov @konklone Congrats and welcome to the team! It will be exciting to have a chance to work with you!Congrats @MSEdgeDev team on shipping stable release! https://t.co/GZ4uDCqMfLI've sent out a couple of intents that outline a plan to provide an alternative to the User-Agent string and then s… https://t.co/4Gkx4KjMyw
Retweeted by Nasko Oskov
1/15
2020
Also, shameless plug: we're hosting a panel at @enigmaconf in just 2 weeks that will have major browser vendors tal… https://t.co/YPDKLGWM4X
Retweeted by Nasko OskovWhat news media doesn't need to make money? * public media (BBC, CBC) * donation-supported (NPR, pro publica -- tho… https://t.co/M85R7Eirty
Retweeted by Nasko OskovJust to be very clear on this point: This is not about blocking a subset of 3P cookies via lists and/or heuristics.… https://t.co/VjcoTHaCcX
Retweeted by Nasko OskovWe shared an update today on our plans to phase out 3P tracking from the Web over the next two years. https://t.co/bf8lioSd3T
Retweeted by Nasko Oskov @__apf__ My wife wants to subscribe! Is it just once a month or is there a plan for higher frequency?
1/14
2020
@mattsachs Get one of them to show up? ;) @hillbrad This is amazing achievement! Congrats! Now I have a new goal to aim for ;)
1/10
2020
We're hiring a Developer Advocate to focus Security and Privacy Sandbox. https://t.co/0UaLpZdyPC Job -> https://t.co/rGg0Q706Sy
Retweeted by Nasko Oskov
1/9
2020
new version of Boneh-Shoup's magnificent book is out! https://t.co/WBP7qByr7w
Retweeted by Nasko Oskov @dok2001 @Cloudflare The blog post is my source of information and it says otherwise. If that's not the case, then… https://t.co/iNbCDxVUfq @Cloudflare Hey folks, just wanted to give you heads up that headless Chromium was never designed for general purpo… https://t.co/Nju6VKDLK3
1/8
2020
Our field isn't quite "artificial intelligence" -- it's "cognitive automation": the encoding and operationalization… https://t.co/Dr0kwprv2C
Retweeted by Nasko Oskov
1/7
2020
Folks driving in the mountains with snow/ice on the road: stay on the right and when it says you need chains, you m… https://t.co/67nk8QKmDkI requested all the data Apple had one me since the dawn of time, which goes back to 2008 with my original iPhone 1… https://t.co/zjfxy2MqAj
Retweeted by Nasko Oskov
1/4
2020
@halvarflake I think Ross nailed it here "... a new CFO was hired from Wall Street, and beating earnings expectatio… https://t.co/2L7Vr4n8xb
1/3
2020
Happy birthday to all of my colleagues in computer security 😹🎂
Retweeted by Nasko Oskov
1/1
2019
Wow, recruiters these days don't even try to send you relevant positions. "I wanted to touch base with you regardin… https://t.co/W1ZBc8AU4s
12/30
2019
You never know how the weather might be if you go higher than usual ;). https://t.co/950YT2NrSi
12/29
2019
I would generalize this to: Stop breaking password managers. If we get that along with ditching frequent password c… https://t.co/qyZZiLbQex
Retweeted by Nasko Oskov
12/28
2019
The most useful document of the year for me was Rule of 2😎 Thanks @fugueish and all for making such a great documen… https://t.co/VEmOFDjqO0
Retweeted by Nasko Oskovsome people say that mandatory code review is a waste of time, but there's really no substitute for the insight you… https://t.co/8pyesiMD8M
Retweeted by Nasko Oskov
12/27
2019
@dakami @StevensPass @TMobile Just in the lodges, not on the slopes themselves. LTE is good enough for folks that w… https://t.co/dkjbn5Ja5JI wish @StevensPass would enter this millennium and have WiFi on the mountain. It is rare that it is needed, but wh… https://t.co/UsYlluzv73Want to become a CTO security architect? Come help us secure our trading systems infrastructure and applications at… https://t.co/cSxVY8XVKj
Retweeted by Nasko Oskov
12/26
2019
Really enjoying the last couple of days, even though the weather above water is really nasty. Why couldn't the stor… https://t.co/L3wn4vgYGm
12/22
2019
Mandatory reminder: don't fuzz while driving! https://t.co/GA31amF60p https://t.co/3Dony9gmzk
Retweeted by Nasko Oskov
12/15
2019
@justinschuh It's ok, we will use vegetable related acronym for the team ;)I'm curious who can solve this challenge😀 https://t.co/4C6xvYZb80
Retweeted by Nasko Oskov
12/13
2019
Binary Transparency and software supply chain risk mitigation - https://t.co/0PELOn0zPk
Retweeted by Nasko Oskov
12/11
2019
Last day to RSVP to attend the second Bay Area Fuzzer Meetup. Come hear my talk on fuzzing native code in-browser u… https://t.co/RL0YKnDDM9
Retweeted by Nasko Oskov
12/9
2019
Awesome talk on Site Isolation in Chrome by @nasko and Charlie Reis at #BHEU ! https://t.co/mrAHvjvuRk
Retweeted by Nasko OskovIf you want to hear about browser security, Charlie and I are getting ready to talk about Site Isolation in Chrome… https://t.co/Z5yzxVC7um
12/5
2019
Great talk by @infernosec and @halbecaf on fuzzing at scale with ClusterFuzz. #BHEU https://t.co/IFnRJg7A2qExcited to be around @BlackHatEurope for the next couple of days. If you want to chat about (almost) anything secur… https://t.co/5p4n3duKNZ
12/4
2019
@jasvir @sirdarckcat @garethheyes @instart @HeWhoLived I think Google should be free of document.domain usage, but… https://t.co/lFTOtZG6sQ @jasvir @sirdarckcat @garethheyes In my own day-to-day usage, I don't think I've noticed anything obviously broken.… https://t.co/AJOB4S8FIP @sirdarckcat @garethheyes If only devs working on web sites labeled their response content types correctly ... And… https://t.co/W2DV7RlgOuMy team is moving to Edge and we are expanding! If you like finding bugs in browsers this might be the job for you… https://t.co/M3enUPE4c9
Retweeted by Nasko Oskov
11/28
2019
XSS is cool and all, but this is next level. You should all watch this to face the bugs that will plague us for the… https://t.co/WRasXNQnwj
Retweeted by Nasko Oskov
11/27
2019
If you are attending #BHEU, come to our talk about Fuzzing at Google Scale with ClusterFuzz (co-presenting with… https://t.co/fumkhVkDty
Retweeted by Nasko Oskov
11/24
2019
Let me be clear: Chrome has consistently been a more secure browser than Safari for too many reasons to list in a t… https://t.co/x8Fo1Tjxcw
Retweeted by Nasko Oskov
11/22
2019
Certificate Transparency is an important part of Internet security infrastructure nowadays. Let's Encrypt shares ho… https://t.co/j4oZ58EYQs
Retweeted by Nasko Oskov
11/21
2019
I presented about Site Isolation in Google's event called #bugSWAT🙂 / "The world of Site Isolation and compromised… https://t.co/DF72hiIc6K
Retweeted by Nasko Oskov
11/20
2019
@ericlaw It is only in docs, though, right? It would have been awesome to see real chrome://donuts.
11/19
2019
As part of @GHSecurityLab, Mozilla is launching a new bug bounty program that rewards static analysis queries - inc… https://t.co/0LzoQo7w7u
Retweeted by Nasko OskovSuper happy to be working with a ton of smart folks from which I learn every day. This week is packed with learning… https://t.co/x2Y1NnC6PF
11/14
2019
Google’s TAG is hiring disinfo analysts to join our team in Sunnyvale, CA. DMs open. Come work with us!!
Retweeted by Nasko Oskov
11/8
2019
The "Chrome wants to kill URLs" idea isn't accurate. Many top-tier papers shows that URLs don't serve many people w… https://t.co/ljCekg34Vg
Retweeted by Nasko Oskov
11/5
2019
Our state has voted to get rid of time changes due to DST, but it seems to still require federal government to appr… https://t.co/YZUkhUgsiu
11/4
2019
"Index was outside the bounds of the array." < Not exactly inspiring confidence in the web site our school district… https://t.co/ZVrrQbOak4
10/30
2019
@ericlaw If only third party "value add" software didn't interfere with shipping improvements in security ...Chromium Blog: Addressing some misconceptions about our plans for improving the security of DNS https://t.co/gW5YtCx0Mb via @ChromiumDev
Retweeted by Nasko Oskov
10/29
2019
Hey! I'm looking for a new job where I can show my C, Golang and cryptographic skills, while I still help the nice… https://t.co/ef7y2sI3rQ
Retweeted by Nasko Oskov @ericlaw Does it repro in Chrome? Is it just a (D)CHECK somewhere?
10/27
2019
We're growing our @googlechrome OS/Chromebook security & privacy team!👩‍💻👨‍💻 If you know awesome product managers… https://t.co/Vtg0kMmK6s
Retweeted by Nasko Oskov @shhnjk If you tell the bad guys your sensitive information, they have stollen it ;).
10/25
2019
2 more days left if anyone is interested in a student ticket to BlackHat EU this year. #BHEU
10/22
2019
@cramforce Thanks! The team spent lots of time and effort getting this out over the years. I don't know if we have… https://t.co/DChTYwlKIc
10/18
2019
You aren’t familiar with memory corruption or IPC, but still interest in testing Site Isolation? Check out my WinDb… https://t.co/7MpXqNRbJt
Retweeted by Nasko Oskov @hanno I don't think it does. @ericlaw is probably more of an authority on that though. @ericlaw You're welcome! : ) @epakskape @parityzero Thanks Matt!Chrome rolls out new protections preventing password and data theft https://t.co/nn0wu3xpOh by @dangoodin001
Retweeted by Nasko OskovI'm ecstatic that we have gotten to a very good state with site isolation in Chrome - https://t.co/XhnFTtHrip. More… https://t.co/so5lx3NFYZRead about what the @googlechrome security team has been up to recently: https://t.co/UvIvl5hpiT
Retweeted by Nasko OskovCan confirm; white box pentesters, forget your fancy tools -- this is the most fun and productive way to spend your… https://t.co/0Jwru5gxDC
Retweeted by Nasko Oskov
10/17
2019
@justinschuh And we also closed out 849815! Can you tell we are scrubbing old bugs ;) @justinschuh Why would I skip on the joy of sending that email ;)Feels really good to go through the bugtracker looking at old bugs and close as fixed issues filed multiple years ago!
10/15
2019

0