Tillmann Werner

@[email protected]
114 Followers
101 Following
57 Posts
Malware Reverse Engineer. Honeypot Pioneer. Liberator of Botnets. Aibohphobia. Pineapple-on-Pizza Allergy.
Twitterhttps://twitter.com/nunohaien
GitHubhttps://github.com/tillmannw
Tillmann Werner2d ago
Myk4d ago
right now the astronauts are calling houston because the computer on the spaceship is running two instances of microsoft outlook and they can't figure out why. nasa is about to remote into the computer
#nasa #artemis #outlook #microsoft #microslop
Show threadTillmann Werner5d ago
@G33KatWork habe die nicht so eine Feedback-Wand im Flur? Häng's zwischen die Fußabdrücke von Neugeborenen.
Show threadTillmann Werner6d ago
@oilheap https://github.com/anthropics/claude-code/pull/41447 😆
feat: open source claude code ✨ by gameroman · Pull Request #41447 · anthropics/claude-code

Closes #59 Closes #456 Closes #2846 Closes #22002

GitHub
Tillmann Werner6d ago
@lcamtuf prior art! https://github.com/lattera/freebsd/blob/master/lib/libjail/jail.c
freebsd/lib/libjail/jail.c at master · lattera/freebsd

FreeBSD's source with custom patches. Contribute to lattera/freebsd development by creating an account on GitHub.

GitHub
Tillmann Werner6d ago

Two scenarios possibly resulting from today's Claude Code source code leak¹:

1. Attackers study the built-in permission system to figure out how to bypass it. Claude Code is the target here. It is strange that the software requesting permission is the same that enforces security boundaries, anyway.

2. Attackers distribute custom builds that
do nasty stuff like stealing API keys, running commands, backdooring code. Here, a specially crafted Claude Code is the attack vector.

¹: https://x.com/Fried_rice/status/2038894956459290963

Chaofan Shou (@Fried_rice) on X

Claude code source code has been leaked via a map file in their npm registry! Code: https://t.co/jBiMoOzt8G

X (formerly Twitter)
Show threadTillmann Werner6d ago
@hatr warum sehen die so aus wie Toni Kroos und Mats Hummels?
Tillmann WernerMar 10
SignalMar 9

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.

To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts.

Tillmann WernerMar 9
Michael FehrMar 8

Ach wie cool, unsere Kamera auf dem Sportplatz Kleinenbroich hat den Meteoriten eingefangen:

#Meteorit #Kleinenbroich #NRW

Tillmann WernerFeb 26
Show threadDenzelFeb 26

@G33KatWork Cool to see this published, and pop up on my feed! I actually consulted with the writers of that video on the tech details of the backdoor.

If you’d like a much less polished (but more technical) explanation, I gave a lecture about a month after it happened: https://youtu.be/Q6ovtLdSbEA

Deep Dive into XZ Utils Backdoor - Columbia Engineering, Advanced Systems Programming Guest Lecture

YouTube
Tillmann WernerFeb 21
Frontier models for code security are dual-use technology, and vendors are well aware: License terms that disallow the scanning of third-pary code are the equivalent of "for research purposes only" disclaimers in exploitation frameworks. But hey, the amount of vibed code is only getting bigger! Charge 'em twice!