Tillmann Werner

@[email protected]
114 Followers
100 Following
50 Posts
Malware Reverse Engineer. Honeypot Pioneer. Liberator of Botnets. Aibohphobia. Pineapple-on-Pizza Allergy.
Twitterhttps://twitter.com/nunohaien
GitHubhttps://github.com/tillmannw
Tillmann WernerMar 10
SignalMar 9

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.

To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts.

Tillmann WernerMar 9
Michael FehrMar 8

Ach wie cool, unsere Kamera auf dem Sportplatz Kleinenbroich hat den Meteoriten eingefangen:

#Meteorit #Kleinenbroich #NRW

Tillmann WernerFeb 26
Show threadDenzelFeb 26

@G33KatWork Cool to see this published, and pop up on my feed! I actually consulted with the writers of that video on the tech details of the backdoor.

If you’d like a much less polished (but more technical) explanation, I gave a lecture about a month after it happened: https://youtu.be/Q6ovtLdSbEA

Deep Dive into XZ Utils Backdoor - Columbia Engineering, Advanced Systems Programming Guest Lecture

YouTube
Tillmann WernerFeb 21
Frontier models for code security are dual-use technology, and vendors are well aware: License terms that disallow the scanning of third-pary code are the equivalent of "for research purposes only" disclaimers in exploitation frameworks. But hey, the amount of vibed code is only getting bigger! Charge 'em twice!
Tillmann WernerFeb 19

RE: https://infosec.exchange/@lcamtuf/116095874356241345

We're on a mission from Claude.

Tillmann WernerFeb 3
systemd-jaded.timerFeb 3
"i would rather debug a linker" is sure a phrase to describe just how bad something else is
Tillmann WernerFeb 2

RE: https://infosec.exchange/@lcamtuf/115999120392207358

The software supply chain is such a soft target, and open-source projects are particularly at risk. A huge attack surface where security is diametrically opposed to the open nature, low budgets, and limited volunteer time.

Tillmann WernerJan 8
Em Jan 7

Periodic reminder to boost the posts you like to keep the Fediverse alive.

WE are the algorithm here  

#Mastodon

Tillmann WernerJan 2
PhilipJan 1
Slowly documenting and publishing all the software, electronics and mechanical details of the LED cube installation at #39c3 It also contains plans on how to build the small 20cm³ version from the @cccac assembly https://github.com/Phaeilo/emergent-order
Tillmann WernerDec 29
PhilipDec 29
/dev/emergent_order (a.k.a. that LED cube under the escalator) is now awaiting YOUR content. Go to https://emergent-order.de to check it out (Congress network only). #39c3
Update: the cube is gone from CCH, but its structure is preserved in the control tool and anyone can still play around with it.