Adam Donenfeld @doadam
iOS security, politics, tech and traveling. Not really on social media anymore. 🇪🇺 Joined January 2011-
Tweets2K
-
Followers11K
-
Following344
-
Likes4K
Can’t stress this enough. High taxation incentives people to get more days off instead of more money. In NL it’s not unusual to have a 4 days work week. People call me out for working on Sundays because “it’s weird”
It's probably hard for Americans to imagine this because it's their normal But being European and living in Europe and being radically honest when I arrive in America the main feeling I get is just endless abundance Non-honest (I'd say many to most) Europeans will not be able
@levelsio Which luxury hotels are the exception in your experience?
@ace__pace I recall there was some public side channel attack a (long) while ago and Apple patched it (unlike on Linux/android)
“We can easily bypas KASLR using prefetch attack these days. Entrybleed is the most famous prefetch attack variant.” iOS security is leaving dust to any other platform. It’s hard to believe KASLR is still not a standard mitigation nowadays ssd-disclosure.com/lpe-via-refcou…
@ace__pace Whenever there is/was anything, they would make an effort to mitigate such an attack or make it unusable in production. Have you ever seen a jailbreak/ITW chains using side channel attacks on iOS?
Recently, there was a clash between the popular @FFmpeg project, a low-level multimedia library found everywhere… and Google. A Google AI agent found a bug in FFmpeg. FFmpeg is a far-ranging library, supporting niche multimedia files, often through reverse-engineering. It is entirely the result of volunteers and a marvellous piece of technology. For people who have never been on the receiving end of ‘security researchers’, it is difficult to understand why there is a pushback against them. Think about the commons. In Quebec, these are pieces of land where farmers send their cows during the summer. It is collectively owned, like FFmpeg. Everyone is responsible to care for the commons if they are using it. If you are not using it, you are supposed to stay away. Now, imagine a rich corporation comes in and sends its well-paid agents into the commons to find issues with it. Maybe a broken barrier or a dangerous hole. So far so good… But instead of fixing the issues, the corporation says “you have a month to fix the issue or else I will report you to the government”. How much love would the big corporation get in this context? Why do the security researchers insist on disclosing the issue without having contributed to fixing it? So that they can get credit for it. That's their entire scheme: find issues, irrespective of whether they affect the use case of their employer... after all, all issues no matter how small can be potentially significant at some point... and then brag about it without doing the hard work of trying to fix it. Let me be clear that no everyone working in security behaves this way. Many are good actors. But there are enough 'security researchers' behaving as parasites that it has become a recognizable pattern. « But Daniel, who should be fixing the bugs then? » If you are paying for commercial support, then get in touch with the folks you are paying. If you are not paying, then it is on you. It says so in the licenses. It is part of the moral code open source. It is part of the legal framework. Let me be clear. You do not get to bite back at Linus Torvalds if a bug in the linux kernel crashes your server. What you do is that you identify the issue, narrow it down and propose a fix. If you cannot do it, then you pay someone to do it. Or you just do not use Linux.
“Scan the codebase” ➡️ “Discover vulnerabilities” lol
Now in private beta: Aardvark, an agent that finds and fixes security bugs using GPT-5. openai.com/index/introduc…
The story gets stranger... Apparently I was never able to use the 🇪🇺 EU's GPUs in the first place Because I wasn't on their pre-approved organization list of "Horizon 2020" So how can you join the Horizon 2020 list as an organization? Well, you can't. It was made in 2014 and closed in 2020! ????
@levelsio The way I read this... aren't you excluded by default because your organization is not on the origination list for Horizon 2020?
Serious bugs often occur in third-party components integrated by other software. @ifsecure and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click. project-zero.issues.chromium.org/issues/4280754…
That’s where we see things differently. An exploit that could potentially takes month to develop so that it just gets patched a month later won’t cut it.
For kernel/launchd: it all depends on your goals. But like you mentioned before, we’re talking about real attacks. State actors would probably not stop at your
@filpizlo @chrisrohlf Retrying would send crash dumps to Apple, and it would be just a matter of time until the bug gets fixed. And you can't retry these attacks against the kernel/launchd
Extreme views and narratives are over-represented on social media, per FT:
It hasn’t been announced properly, but The Apple Wiki admins & me grab firmware keys shortly after each major & minor release (e.g. 26.0 and 26.1) We also constantly fill the gaps in the old versions & platforms, e.g. M3 Max and A7 & S1P/S2/T1 & S3 SEP theapplewiki.com/wiki/Firmware_…
@z4ziggy One of the not so many things they’re still doing right
@i0n1c If it makes you feel any better, public healthcare in 🇳🇱 is pretty much identical (perhaps slightly longer waiting times) and private healthcare does not exist. Disclaimer: I am the one who wanted those 1.5y waiting time appointments
MTE in libPas 👀 github.com/WebKit/WebKit/…
That aged badly
GeoSn0w @FCE365
121K Followers 555 Following Hacker, YouTuber & Jailbreak Developer. https://t.co/7Kkd7MDukE | Bringing You Jailbreak News @ iDevice Central: https://t.co/VrSFuS1Wtp
Elias Limneos @limneos
57K Followers 567 Following iOS Developer of AnsweringMachine,BioProtect,CallBar,AudioRecorder(1st & #1 iOS call recorder) & many more. Repo: https://t.co/Sg9izQ1VTj
[email protected]... @opa334dev
72K Followers 328 Following
tihmstar @tihmstar
61K Followers 216 Following Finding offsets since 2017 Email: [email protected] Patreon: https://t.co/FdMYUYWbqr
#WeAlliPhoneFamily @iM4CH3T3
27K Followers 3K Following 📱All about #iOS📱#iPhone • #iPad • #AppleWatch • #Exploits • #Jailbreaks • #Tweaks •Root-user best-user!!!•few jailbroken devices #checkm8 #xboxseriesx #ps5
Bas vT @AppleDry05
27K Followers 370 Following iOS developer, creating apps, patching/ hacking stuff oh and the creator of FilzaEscaped
Foxfort Mobile @foxfortmobile
27K Followers 578 Following iOS App & Tweak Developer @Blacksightapp, @mizframa
simo @_simo36
7K Followers 126 Following
The Jailbreak Hub @thejailbreakhub
36K Followers 193 Following “The ESPN of the Jailbreak Community” Provide jailbreak news! Donations Appreciated:https://t.co/8YhMNI2Pci
axi0mX @axi0mX
60K Followers 3K Following Bootrom exploit philanthropist. Apple silicon hacker. iOS jailbreaker. Join us as we dance madly on the lip of the volcano.
matteyeux @matteyeux
12K Followers 219 Following
Elias Sfeir @eliassfeir1
9K Followers 474 Following System Administrator & iOS tweaks developer current work: https://t.co/6xy85JH5sV
CoolStar @CStar_OW
133K Followers 668 Following I make iOS apps & Windows kernel drivers. I make computers run software they weren't designed to. 3623 https://t.co/QQqWTKhhac main. 28. [email protected]
Nikias Bassen @pimskeks
56K Followers 223 Following iOS Dev & Hacker, Reverse Engineer, Security Researcher | VP of Product Security @Zimperium @zLabsProject | https://t.co/g7bFFBiUKm | @checkra1n
Amelia @elihwyma
6K Followers 697 Following mastodon: @[email protected] bluesky: @anamy.gay; thoughts my own not my employers
0xor0ne @0xor0ne
91K Followers 508 Following Cybersecurity | Reverse Engineering | Vulnerability Research | Embedded & Silicon Security | My Tweets, My Opinions :)
Saagar Jha @_saagarjha
5K Followers 160 Following
matty @moski_dev
8K Followers 553 Following Creator of @ramielapp Mostly iOS dualboots/tether booting :)
autodidac @autodidaclzfm
0 Followers 4K Following
leon leon @Leon1435
120 Followers 3K Following
Jarosław Rewer @NetPortBralin
0 Followers 1 Following
Neo SXD @SxdNeo23816
0 Followers 55 Following
mbappe appemb @MAppemb1756
0 Followers 63 Following
Hyungyu Seo @wh1te4ever
5K Followers 202 Following 하얀정령 https://t.co/APT1cFX2aj Contact/PGP Key: https://t.co/9ME2jn31cA
PoiuLkjh @PoiuLkj97148459
33 Followers 3K Following
sam @sami230710
1 Followers 257 Following
Jacob @jacobprezant
7 Followers 878 Following
Andrea Sindoni @invictus1306
895 Followers 95 Following Exploit Developer & Vulnerability Researcher - Former Android Tech Lead at @XI_Research
🇺🇸 Israel Ag No... @Israel_ANY
16K Followers 6K Following I ♥ ☝🏾G-d/TMH! John 3:16 | Matrix Defector. RT≠Endorsement. Autonomist, Contractor & Evangelist Shepherd. R&D+REI https://t.co/lN7QMp3UDg
Junjie Huang @MeTu8686
0 Followers 97 Following
user_in_peace_ 007 @userinpeace_007
1 Followers 202 Following
Cyber Security Expert @cybsecEXPERT
31 Followers 235 Following Delivering expert tips, insights, and guidance in cybersecurity. Constantly alert to vulnerabilities. Trust nothing, verify everything.
ZENITH @ALIVE830
0 Followers 4K Following
Rahimi Johan @RahimiJoha98633
0 Followers 126 Following
Adi Far @c0vid0x13
8 Followers 210 Following
chenxi40 @chenxi40
2 Followers 149 Following Work on iOS reverse engineering and crawling. Free time writing tool app
Dominik Anzel @DominikAnzel
9 Followers 207 Following
Beaudin Storniolo @S3901xom
8 Followers 557 Following
what’sthis @m1_ju_
28 Followers 98 Following
Sanchit Saini @_mehverse
0 Followers 73 Following
ambient_bit @ambient_bit
15 Followers 2K Following
avamander @Avamander
171 Followers 1K Following
嘉敏 @KAfpX1FU2677351
1 Followers 75 Following
Jonathan Bar Or (JBO)... @yo_yo_yo_jbo
4K Followers 1K Following Hacker, security researcher at @Crowdstrike. Ex @Microsoft Defender. Linux, Windows, Android, MacOS, iOS, ChromeOS, bare metal. 日本語オーケーです👌
amats211.ron @amats_211
102 Followers 1K Following
Allele Security Intel... @alleleintel
1K Followers 2K Following Allele Security Intelligence is an independent company specializing in Information Security research.
Arpan Roy @cyberhero260817
1 Followers 69 Following
Arcavood @Arcavood29704
11 Followers 1K Following
Osur @Osur_Gaetano
36 Followers 2K Following Cybersecurity Analyst | Web Application Security | Bug Hunter | Backend application development
tihmstar @tihmstar
61K Followers 216 Following Finding offsets since 2017 Email: [email protected] Patreon: https://t.co/FdMYUYWbqr
Bas vT @AppleDry05
27K Followers 370 Following iOS developer, creating apps, patching/ hacking stuff oh and the creator of FilzaEscaped
simo @_simo36
7K Followers 126 Following
cts🌸 @gf_256
67K Followers 988 Following founder and hacker @zellic_io @v12sec @pb_ctf yt https://t.co/nlNai6iQCn
Project Zero Bugs @ProjectZeroBugs
37K Followers 0 Following A bot that posts the latest blog posts and disclosures from Google's Project Zero
mdowd @mdowd
33K Followers 755 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
axi0mX @axi0mX
60K Followers 3K Following Bootrom exploit philanthropist. Apple silicon hacker. iOS jailbreaker. Join us as we dance madly on the lip of the volcano.
matteyeux @matteyeux
12K Followers 219 Following
Huy Nguyen @Little_34306
25K Followers 328 Following Employee of @Calif_io, opinions are my own. Others platform: https://t.co/qY3jaBjkDn
Nikias Bassen @pimskeks
56K Followers 223 Following iOS Dev & Hacker, Reverse Engineer, Security Researcher | VP of Product Security @Zimperium @zLabsProject | https://t.co/g7bFFBiUKm | @checkra1n
0xor0ne @0xor0ne
91K Followers 508 Following Cybersecurity | Reverse Engineering | Vulnerability Research | Embedded & Silicon Security | My Tweets, My Opinions :)
Saagar Jha @_saagarjha
5K Followers 160 Following
Ivan Fratric 💙💛 @ifsecure
19K Followers 209 Following Tech lead and security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
TrendAI Zero Day Init... @thezdi
89K Followers 18 Following TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Pierre H. 🔥🌸 @pedantcoder
4K Followers 181 Following present: security (zalloc, kalloc_type, IPC, VM, …) | past: GCD, synchro, objc_direct, perf… | timeless: 🇫🇷 snark | @[email protected]
Halvar Flake @halvarflake
45K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
h0mbre @h0mbre_
16K Followers 662 Following # Exploit Reliability Engineer # Developing a full-system snapshot fuzzer: https://t.co/mfVXhwoGYD # Avi: https://t.co/3fsQfVprCf
Stefan Esser @i0n1c
108K Followers 462 Following CEO of @Antid0tecom (former CEO of @SektionEins) (contact: [email protected])
Pedro Ribeiro @pedrib1337
9K Followers 354 Following Reverse Engineer | Director @ https://t.co/KuU3tiG1Om | Exploit Chef @FlashbackPwn
Alon Ben Tsur @iamgweej
353 Followers 462 Following I must not `free(3)`. `free(3)` is the heap-killer. `free(3)` is the little-death that brings total obliteration.
tsvik6 @tsvika_m
635 Followers 1K Following As my grandfather used to say «zero clicks, tons of charm» . @RRlabs32
what’sthis @m1_ju_
28 Followers 98 Following
Hex-Rays SA @HexRaysSA
9K Followers 154 Following We are a hi-tech company focusing on binary software analysis - IDA Pro and the Hex-Rays Decompiler. ***Discourse Forum: https://community.hex-rays***
Dougall @dougallj
3K Followers 441 Following he/they | mastodon: https://t.co/d5YdiePIr8 / @[email protected]
Insiderwave @insiderwave_
135K Followers 1 Following The only app that shows you REAL data on politicians’ portfolios. available on Android and IOS for FREE. download link below 👇
sagitz @sagitz_
8K Followers 890 Following Cloud Security Researcher at @wiz_io • Microsoft Most Valuable Researcher 21/22/23 • Black Hat Speaker • Ask me anything about https://t.co/57lyhfcUee
Shayne Coplan 🦅 @shayne_coplan
202K Followers 839 Following CEO @Polymarket. Ethereum since ’14. I love music and collect art.
Hyungyu Seo @wh1te4ever
5K Followers 202 Following 하얀정령 https://t.co/APT1cFX2aj Contact/PGP Key: https://t.co/9ME2jn31cA
Joris Heijn @JorisHeijn
2K Followers 1K Following Financieel journalist, oprichter Hollands Welvaren, de nieuwsbrief die je meer inzicht geeft in de Nederlandse economie.
Pietro Borrello @borrello_pietro
3K Followers 634 Following Security Researcher | PhD @SapienzaRoma | Pwner at @TheRomanXpl0it and @mhackeroni | https://t.co/g77o9Ojdjf | https://t.co/q5KZ4e8wkX
Decart @DecartAI
21K Followers 2 Following We are an AI research lab building Realtime world and video models for anything from gaming and entertainment to physical AI
Ivan Krstić @radian
12K Followers 869 Following Head of Security Engineering+Architecture (SEAR) at Apple. I don’t speak for my employer.
DHH @dhh
711K Followers 198 Following Father of three, Creator of Ruby on Rails + Omarchy, Co-owner & CTO of 37signals, Shopify director, NYT best-selling author, and Le Mans 24h class-winner.
belle :) @belle5773198369
1 Followers 20 Following
Bill Marczak @billmarczak
13K Followers 359 Following senior researcher @citizenlab, phd @UCBerkeley, co-founder @BHWatch. كلنا راجعين
Goldi @Goldi21MB
10K Followers 129 Following XXI ∞ TASE, NYSE, NASDAQ, Options, #Bitcoin | Personal opinions | Stories | Do your own research 🇮🇱🇺🇸 EYES ON THE MARKET
Exodus Intelligence @XI_Research
12K Followers 46 Following Industry leading provider of exclusive zero-day vulnerability intelligence, exploits, defensive guidance, and vulnerability research trends.
Loay Alshareef لؤي... @lalshareef
217K Followers 2K Following Abraham Accords Peace Advocate | Historian | Middle East Affairs Speaker. Proud Nittany Lion @penn_state. 📧[email protected]
Jann Horn - jann@info... @tehjh
16K Followers 228 Following occasional human borrow checker; works at Google Project Zero; personal account; mastodon: [email protected]
Gal Weizman @WeizmanGal
2K Followers 564 Following Security Researcher of Browsers, JavaScript, Web and AI • Created SnowJS (acquired by @metamask’s LavaMoat)
Indi @ultrawavetrader
21K Followers 228 Following Options trader. 28 yrs of trading. Sharing live trades and detailed transactions📕. Challenge: $10m by end of 2026. NOT investment advice. לא המלצת למסחר
Marques Brownlee @MKBHD
6.1M Followers 483 Following Web Video Producer | ⋈ | Pro Ultimate Frisbee Player | Host of @WVFRM @TheStudio
noah @noahhw4646
484 Followers 192 Following Interested in philosophy of mind, iOS security research, hardware
Nathan @dedbeddedbed
9K Followers 425 Following minecraft and jailbreaking/messing with iOS Discord: pvpnathan My Jailbreak Repo/Site: https://t.co/18TzxHa8ag
Youming Lin @SudoR00tMe
213 Followers 364 Following
Paradigm Shift @prdgmshift
1K Followers 0 Following Premium European cybersecurity research provider, powered by a world-class team with a decade-long track record.
Sylvain HAJRI @navlys__
3K Followers 947 Following Founder @Epieos – Leveraging reverse engineering to deliver #OSINT 0days for tracking criminals. @_leHACK_ #OsintVillage founder | @OsintFr co-founder.
Epieos @epieos
7K Followers 0 Following In just 3️⃣ seconds, uncover the identity and activity behind an email address or phone number. Premium OSINT solution, exclusive intelligence.
דג הכסף @NBhgdrh
30K Followers 192 Following כלכלה, פיננסים, היסטוריה, תמונות, קריקטורות ומוזיקה; דעות אישיות ומחשבות, אין המלצותTrends for United States
You might like
