Sign in with Twitter

Username:

Secure Tips @SecureTips San Francisco, CA

Tips to help you stay secure!

1 Following   10,360 Followers   263 Tweets

Joined Twitter 1/24/11


@lunasorcery memcpy(dst, src, strlen(src)+1)
3/12
2018
@bobby85323 It cant be disabled. Find a phone that is 5+ years old and use only that.
Retweeted by Secure Tips
10/5
2018
Protip: Avoid the intel kernel memory protection flaw by running all of your code within Minix inside Intel Managem… https://t.co/oxP7o7bU3h
Retweeted by Secure Tips
1/4
2017
Linux kernel developers have been following @SecureTips advice closely! https://t.co/InQUJiHUkc https://t.co/TA7WWU03mY
10/22
2017
https://t.co/9L9pUUdcXn
10/16
2017
Only allow 0-9 A-F character set for users' passwords to disguise their hashing method from attackers (and auditors… https://t.co/1z06LLcQNw
10/4
2017
With the SEP firmware decrypted and exposed, @SecureTips recommends downgrading to an older iPhone without SEP for… https://t.co/9ioWrrO7Rn
8/18
2017
Thinking about upgrading from WinXP? Critical security patches like #WannaCry are still being released by MSFT, so you can hold off for now!Save money on enterprise backup solutions. Let #WannaCry handle the heavy lifting and help support their crowdsourced backup platform.
5/15
2017
Pro-tip: Build debugging capabilities in before you need them. Full keyboard event logs may be necessary for debugging audio device issues.
5/12
2016
Once execute-only memory is commonly available, it will be an ideal opportunity for people to hide their GPL violations. #justsaynotoXOM
Retweeted by Secure Tips
9/13
2016
.@NotTimothy Anything pre-QSEE (the unpatched Qualcomm vulns), so Galaxy S 5, Nexus 5, Droid Maxx, T-Mobile G1 are good bets.In the wake of recent widespread iOS vulnerabilities, @SecureTips can no longer recommend iOS as a secure mobile platform. Use Android, plz!
8/29
2016
Single-quotes you the best of both worlds. Faster performance than " and easier to find on the keyboard than `. https://t.co/JVJWZjfs7cMost laptops come with built-in security right out of the box. If you re-image them, you'll lose security features! https://t.co/UTqGxHxWuo
5/31
2016
SecureTips says... https://t.co/H3CqdZIVZZ
4/23
2016
Prevent your Samba passwords from being stolen by #BadLock by switching all your Samba shares to anonymous read/write access.
4/12
2015
OH: "My technique [for security tips] is to take old dino tweets and just slightly modify them. But not from his @SecureTips account."
12/30
2015
Cyber Monday special on Dell laptops: Buy one Inspiron laptop, get one Atheros signing certificate free! https://t.co/4Szc60CvOyLooking for a great holiday gifts for the loved ones? @SecureTips recommends the Dell Inspiron series laptops!
11/24
2015
Easy performance tip to squeeze the most out of native C codebases: Just run s/strncpy/strcpy/g, benchmark, and profit! /cc @hdmoore @taviso
10/14
2015
Unique passwords are bad, since they can be linked back to you. Using the same password as everyone else is better camouflage for privacy.rm -f /usr/bin/gcc #poormansexploitmitigations
Retweeted by Secure TipsWhatever happened to @SecureTips ?
Retweeted by Secure Tips
10/9
2015
Like @pizzahut, you should also filter potentially dangerous characters from being used in passwords! https://t.co/5hHTgyM8W2
7/9
2015
For the record, we know it's PalmOS > Blackberry > Meego for security, & that's what we recommend when people at risk walk out our door.
7/7
2015
@jackyalcine Right as rain, my main man Jacky. I'll be presenting at @nysecsec next month, come learn more! @dinodaizovi Seriously, I'm having trouble seeing how your individual OKRs map to our team and company OKRs. Can you make them more punchy?JogLam shows that DH and all derivatives (ECDHE, etc) are broken by NSA and Five Guys. Revert back to SSLv2 as a temporary precaution. @dinodaizovi Make sure it's only 0.7-0.8 of your stretch goal! @dinodaizovi SHOW ME YOUR OKRS!I, Dino of @SecureTips, apologize for the lack of tweeting recently. Middle management is hard and time-consuming. https://t.co/al3R1SJ6Lx
5/21
2015
Warning: updating to MySQL 5.7.3 will cause a reduction in performance due to the overhead of SSL. Tread carefully. https://t.co/DVZQ26Ue9S
4/30
2015
After testing many threat intelligence & visualization platforms, this one has definitely been SecureTips approved - http://t.co/9XFOnH0c5p
4/25
2015
Cisco party? I thought this was the Thong Song party. #sisqo #CiscoDarkArts
4/23
2015
Enable kernel caching in Windows IIS to effectively scale and improve Web server performance. https://t.co/4z8ZqSuESa
4/15
2015
@tmanning We recommend Elliptic CRC for any use cases that require an AEAD cipher mode. Just make sure to MAC-then-Encrypt.
3/30
2015
Looking for a secure platform to host your Bitcoin exchange? @SecureTips recommends WordPress! https://t.co/FWkBizUKWm
3/24
2015
Using the Apple 30-PIN connector is 3.75x more secure than the 8-PIN Lightening bolt. Both are more secure than a 4-digit PIN screen lock.
3/21
2015
We recommend attending @SummerC0n this year to obtain the latest security update from GOBBLES https://t.co/hbjlaYUiu2
3/16
2015
mmap your memory with PROT_READ, PROT_WRITE, and PROT_EXEC so that your OS can apply the #RowHammer patch through the MMU.The #RowHammer vulnerability can be patched, but all memory protection must be disabled for the patch to apply successfully to the RAM.
3/11
2015
If you had followed @SecureTips advice, you wouldn't be affected by the TLS FREAK attack! https://t.co/hZPO1ZP1zG
3/3
2015
Public service announcement: If you're worried about #superfish, install PrivDog to secure your Lenovo laptop: https://t.co/CRzj9Y8f6N
2/27
2015
@4Dgifts @dinodaizovi Why only 10? You need to read them all to be a SecureTips-certified developer and earn your CPEs. @dinodaizovi @chrisrohlf @4Dgifts @tqbf Note that since VLAs are static compile-time allocations, they're immune to mem corruption issues. @dinodaizovi @chrisrohlf @4Dgifts @tqbf Correction: we recommend avoiding malloc whenever possible and leveraging VLAs on the stack.
2/26
2015
@SecureTips Always use = instead of == for comparisons in C code to avoid unnecessary performance overhead.
Retweeted by Secure Tips
1/2
2014
Sweetie @SwiftOnSecurity, I love you but I got to say that @SecureTips is the best twitter ever !
Retweeted by Secure Tips
12/15
2014
@rantyben @SwiftOnSecurity @dakami Busted!
11/22
2014
Much like heartbleed, #sandworm now has its own awareness page: http://t.co/821ZHbWKpJExcited to be mentioned in article about #sandworm https://t.co/DKKE5Fq0oB
10/14
2014
Always build for 32-bit. 64-bit processes offer more places for attackers to hide payloads, making it more difficult to find them!
10/9
2014
@attrc @thegrugq Security Engineering by Ross Anderson.An all-time favorite tip for secure development! http://t.co/Btb8O5grnwAll of my @SecureTips wisdom contained in one hardcover book! http://t.co/51mH8RbcYXRemember: no patch == no reversing == no exploits! Security-conscious vendors like Oracle agree - no #Shellshock fixes for most products!
10/8
2014
@SecureTips Match your browser and OS versions for best performance. Use Firefox 10 and Chrome 10 on Mac OS 10 and Windows 10.
Retweeted by Secure TipsProject Zero has eliminated the last of the OS X / iOS sandbox escapes! Great work, @scarybeasts! http://t.co/1R8Mym4hBs
10/3
2014
@i0n1c @jduck @defendtheworld jduck never gets uid 0! ZING!
9/27
2014
@richinseattle @taviso Yep, bash actually integrated Chrome's auto-updating mechanism (Omaha) so no need to worry about future updates.After a hectic day, @SecureTips recommends taking tomorrow off now that bash is fully patched. Get off email/Twitter for a bit, 'sall good.ALERT! Bash is found to be insecure in default configurations. If you re-link against NSS (add "-lnss" to your Makefile), you're good to go.
9/25
2014
Also, including MD5 in your SSL/TLS cipher suite is an effective workaround (and faster performance) to Google's sun-setting of the SHA1.To ensure that your SSL/TLS ciphers are compatible and compliant with international standards, always use "EXPORT" cipher suites.
9/12
2014
We've independently tested @ExodusIntel's I2P/TAILS 0-day exploit and found that Firefox 17 is not vulnerable. Downgrade until it's patched!
7/24
2014
To cut down on log noise and prevent rogue users from forging authentication events in your Windows logs, disable all logon event auditing.
7/16
2014
Running Pidgin as root gives OTR access to better entropy sources. The More You Know
7/15
2014
@chriseng @violetblue What do you mean by joke account???
7/9
2014
Prevent two factor authentication bypass attacks by disabling support for two factor enabled accounts
6/25
2014
Heartbleed is the first real example of being able to download more RAM. http://t.co/0UnQPsO4g2 #ShowerThoughts
6/23
2014
In the market for a budget honeypot? Automate changing all your passwords to "password" for 10 secs every 30 mins while logging everything.
6/20
2014
In the year 3000 - All washed-up "security researchers" will have shitty brown painted portraits for their social media avatars.
6/17
2014
We're really sad to hear about the end of TrueCrypt, but excited to endorse its successor: CryptoLocker, which also supports Android!New @crowdstrike blog post: Chinese PLA unit <random number> codenamed <adjective> Panda attacks US <vertical> industry. News at 11!
6/10
2014
@sidroast @GldRush98 7.2 fixes some pretty critical security bugs, so best to upgrade now before exploit code is made public! #truecryptAwesome, new version of TrueCrypt is out, upgrade immediately! http://t.co/P5QfkQlrRp
5/29
2014
@ErrataRob @scarybeasts OpenSSL follows SecureTips advice: https://t.co/InQUJiIs9Koh, wow OpenSSL: strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
Retweeted by Secure Tips
4/18
2014
@copumpkin @Brian_Sniffen @bitemyapp Security is in the eye of the beholder, my good sir.
4/14
2014
Akamai has an impressive secure allocator for OpenSSL. Deploy it immediately to production to mitigate Heartbleed: http://t.co/KOMd5inECw
4/13
2014
Upgrading to the bleeding edge version of OpenSSL may have unintended security implications. Beware.
4/10
2014
WARNING: Disabling TLS heartbeats will cause compatibility issues with Schannel-based Win32 clients, including WinXP. #heartbleedBugs like CVE-2014-0160 are why you should never use SSL/TLS on production web servers.
Retweeted by Secure Tips
4/8
2014
@i0n1c my friend @securetips (aka @dinodaizovi ) said to properly terminate string you should: dst[strlen(dst)] = 0x0;
Retweeted by Secure Tips
4/4
2014
@grsecurity @comex Bradley's KASLR bypass only works if kptr_restrict=1 as seen in the video. Set it to 0 to avoid leaking the kernel offset @rantyben You! You sir are in trouble.
4/1
2014
Apple should have wrote their OS in a secure language that doesn't support "goto", like PHP 4.GOTOs can be unreliable, always use two!
2/23
2013
@ErrataRob ErrataRob virus can see you through your window!Just like tape protects against webcam surveillance, it can also protect against TEMPEST. We recommend taping your whole screen if possible.You thought #badbios was rough? Wrap your computer in soundproof foam to prevent side channel crypto attacks http://t.co/Yg1gIYf5Hi
12/19
2013
Wrap your laptop in tin foil to prevent #badbios ultrasonic communication and normal social interactions.
11/1
2013
To avoid getting infected by #BadBIOS and limit its capabilities, use older & less sophisticated BIOSes (pre-2006 or even pre-1999)!As SELinux has been found to be an NSA backdoor in Linux & Android we recommend disabling any similar MAC features in your OS
10/29
2013
Cutting-edge protocol-agnostic "reverse shell" techniques use netcat & base64. Ensure your IPS can detect these & block their SYN packets!
10/10
2013
We're glad a company so "good" at temporary "fixes" has moved into physical "protections". Appropriate marketing. http://t.co/lH0LxwK8X3
8/29
2013
Secure your sensitive communications by adding Whistle IM to your privacy tool arsenal!
8/20
2013
SecureTips is very excited to be attending the Cryptocat Hackathon to share certified secure development tips!Generate crypto key material client-side on your Android apps. Modern mobile devices are fast enough to efficiently generate keys!
8/16
2013

0