Show threadDeirdre Connolly¹ ²Mar 11
telecom just broadcasting in the clear #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
"It's really hard to disclose vulns to foreign militaries" #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
US gov, when we finally got in contact, took config mistakes very seriously #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
😓 #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
satcom.sysnet.ucsd.edu #realworldcrypto

🛰️ SATCOM Security
🛰️ SATCOM Security

Research project homepage for SATCOM Security: papers, source code, and recent satellite communications vulnerabilities.

Show threadDeirdre Connolly¹ ²Mar 11
Next up, '(Dis)patches from the Web PKI: Fina, Static CT, MTC, and PLANTS', presented by Luke Valenta #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Merkle Tree Certs! #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
🚰 #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Shorter cert lifetimes #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
PQ sigs are beeg #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
In TLS in browsers will add ~7KB to each handshake, ~10% slowdown #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Instead of achieving transparency by logging what is issued, we issue by logging and get both at once #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Smaller even when using PQ sigs, no cert explosion #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
'landmark' MTCs, faster than classical? #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
🎉📈 #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Join PLANTS! datatracker.ietf.org/wg/plants/ #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Next up, 'Private Key Leaks in the Wild: Insights from Certificate Transparency', presented by Guillaume Valadon and Gaëtan Ferry #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Leaking private keys #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Cert revocation is rarely used #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
measuring exposure duration #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
😭 #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
🤔 #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
yeesh #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Public log of leaked private keys? #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Next up, 'Self-Auditable Key Transparency at Scale', by Hossein Hafezi #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Nice #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Oop, trusted setup ia.cr/2025/1580 #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Next up, 'DTLS-SRTP: The Protocol Everyone is Using But Nobody is Checking', presented by Robert Merget #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Let's build a scanner! #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Found 53 DTLS instances #realworldcrypto
Show threadDeirdre Connolly¹ ²
Missing auth checks, vulnerable to network man in the middle, including Webex #realworldcrypto
Mar 11 at 7:19amWeb
Show threadDeirdre Connolly¹ ²Mar 11
Sev: high bug in Zoom #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Q: Did you look at E2EE real time communication that used sframe as well? A: MIght've been Zoom, didn't observe any other cases #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Next up, 'The widespread popularity of insecure proprietary network encryption in the Android ecosystem', presented by Mona Wang #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
😅 #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Chinese mobile apps are encrypting way less ieeexplore.ieee.org/document/110... #realworldcrypto

WireWatch: Measuring the Secur...
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
So broken! #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Keyboards, browsers, analytics, ads, device data, etc— all fucked #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
These look like fun CTFs #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
"I can't sleep, knowing what I've seen" #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
lol wtf #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
😭 #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
None of the schemes tried to provide cryptographic integrity or authenticity, except for MMTLS #realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
#realworldcrypto
Show threadDeirdre Connolly¹ ²Mar 11
Are these backdoors?????? (No) #realworldcrypto