Watch This Space @wtsdev
Watch This Space: A security research blog. wts.dev The Interwebs Joined August 2024-
Tweets2K
-
Followers606
-
Following539
-
Likes8K
@cultcrit @LouiseS1996 @ShamashAran That is a valid criticism.
@cultcrit @LouiseS1996 @ShamashAran The command in the screenshot is (arguably) safe. But the more you get used to this, the easier it is for threat actors to trick you down the line with fake lookalike pages if you don't read the script every time you paste. And, as mentioned, they have been successful with that.
@cultcrit @LouiseS1996 @ShamashAran Easy to fall for if your metric for trust is if the website looks and feels familiar and isn't about reading everything closely. And when you just want to get the thing installed, it's easy to just copy paste and not check. /end
@cultcrit @LouiseS1996 @ShamashAran "as long as they're from a trusted source" is doing a lot of heavy lifting. Homebrew uses this install method and there've been successful malware campaigns where they just copy the homepage and change the script. /1
@vatsal_manot The "Automation" permission (granted per app), behind the scenes, allows (or disallows) the ability to send Apple events to specific target apps (with each target controlled individually). I see no reason why they wouldn't be able to do the same or similar for Accessibility. /end
@vatsal_manot They could still heavily lock down the full-size Accessibility permission and just add granularity. The granular perms would likely not be of interest to most bad actors, but would be very much of interest for legitimate programs. Apple already does this for Apple events. /2
@zeroxjf Honestly, I feel like it was a bit too wordy and lacked a clear direction. It meandered around different points that I don't think were bad to make, but it just all blends together.
@mysk_co cc @OrdinaryInds (who can confirm) To my knowledge, they at least add random noise to the percentage to mitigate tracking / privacy concerns.
@BitcoinComfy @tonygo_ I never said "marked as duplicate" didn't happen. I never said any of this "didn't happen". There are details the post I quoted added to the stories that are not supported in the context I see.
50% of this tweet is not supported by the actual context I've seen. I hate misinformation.
🚨APPLE ADVERTISES $2 MILLION FOR FINDING SECURITY BUGS.. THEN CALLS YOUR DISCOVERY A "DUPLICATE".. PATCHES IT SILENTLY.. GIVES YOU NOTHING.. AND BANS YOUR APPLE ID IF YOU COMPLAIN.. Two researchers found a critical macOS vulnerability that let attackers steal passwords,
@HowWeLostTheWar Very interesting! I think it would definitely be an approach not many bounty programs take.
@emanueledpt @theo @sound4movement OWL is not open source (well, everything is open source if you know how to reverse engineer! /j)
@SpiderMorpheus @yo_yo_yo_jbo Yeah, I saw @mattjay talking about that. It's definitely something I think we should talk about more.
@yo_yo_yo_jbo Maybe I'm just autistic and rule-brained, but I feel like that's how change *should* happen. Compiling stories about how bad MSRC (et al) is and vaguely asking them to "do better" isn't going to solve things. Give concrete suggestions, don't just complain. /end
@yo_yo_yo_jbo In my opinion, paths forward involve actual substantive policy arguments. Should vendors pay every reporter instead of just the first? Should vendors not be allowed to be CNAs for their own products? *Those* are things we should talk about if we want things to get better. /3
@IntCyberDigest @midwestneil This is incorrect, according to my reading. @mysk_co posted, upset abt not getting a bounty due to their report being a duplicate (+ not being told until the end). @midwestneil said "apple did this to me". I assume "this" is not paying a bounty for a dupe, not "stonewalling".
Lil Bindle @YungBindlestiff
101 Followers 5K Following
AT @Adrien_Thuau
19 Followers 2K Following
Volker @volkertech
0 Followers 46 Following
キリル @khgoblinn
3 Followers 175 Following
d3thtripp3r @d3thtripp3r
0 Followers 342 Following
d4rkc0nd0r @d4rkc0nd0r
271 Followers 864 Following
theonexc @theonexc1
0 Followers 5K Following
impostor @impost0r_
2K Followers 422 Following prompt engineer for binaries | reverse engineer, exploit developer, equally bad at both | https://t.co/FJ88dlQw7W | mastodon: @[email protected] former s.c
whitecyberduck @whitecyberduck
4K Followers 669 Following Ayub Jabril Yusuf | 🇸🇴🇺🇸 (he/him) | Hacker @SpecterOps | GSE • OSCP
Teodor Sorescu @teodorsorescu
1 Followers 25 Following
cem @cemonatk
10 Followers 617 Following
Whyteee @whyteee404
5 Followers 50 Following
jon jacobsons @jonjacobsons
44 Followers 4K Following
Jamf Threat Labs @JamfThreatLabs
203 Followers 30 Following Mac security research and threat hunting team. Sharing findings discovered by @JamfThreatLabs at @JamfSoftware.
Abhishek Chaudhary @abhizz
134 Followers 4K Following Now - Security minion. Before - A bit of cloud
Colee Gideon @coleegideon
1 Followers 576 Following
Ellie Winters @N104AP
485 Followers 380 Following administrating your systems since never, administrating my own systems since ages ago, attempting to secure shit, follow requests subject to vibe check
Jessy🇮🇪 @Jessycakeboi
110 Followers 706 Following I play roblox and I love messing with Windows OS: Windows 10, Android 15, iPadOS 18.7.8 I help Asher get streams on @KreekVODArchive on yt ALT: @TrueRobloxPro
Danielle Cortez @DaniByTheBeach
1K Followers 3K Following
Snakesan @Snakesan
673 Followers 1K Following Creating assistive technologies | OVERSEER // ACK // NEON FLUX // VITALITY.SYS // Protocol: Hydration | Cybersecurity hobbyist | I use X more as a dev log
Mohammed | مُحَم... @mmuteb_
3K Followers 1K Following Mobile (Development/Security/Forensics) | DevSecOps
Jopraveen @jopraveen18
891 Followers 728 Following { 23 y/o | VR @zoho | CTFs with @Infobahn_ctf | https://t.co/OFX17OHmJX }
Tu Tri Mi @trimituvn
22 Followers 2K Following
johnny @zeroxjf
4K Followers 164 Following iOS & MacOS Researcher (AI-Assisted). https://t.co/4vu4rvK5b5
Hajorda @thehajorda
0 Followers 27 Following
Mark Vella @mark__vella
109 Followers 517 Following typesafety e2e, nvim tinkering, selfhosting, mech kbs, bjj, arsenal fc, f1 trivia, etc retweeting bangers
Su Ho @vansu_ho
18 Followers 480 Following Engineering Lead @ Nimble. Software engineer at heart. Talks about AI/LLMs, leadership, engineering growth.
Rishikesh S @rishikesh_s_18
4 Followers 147 Following
crux @cruxya
1 Followers 361 Following
hamayoon khan @khan_hamay39080
2 Followers 138 Following
cesar @cesar_az1
36 Followers 382 Following
Camil Blanaru @camilblanaru
192 Followers 822 Following Systems Engineer with a passion for clouds. Building https://t.co/CbEYr7xPDX
Vivien Chantrel @vivienchtrl
4 Followers 197 Following
Steven Matthews @sfmatthews
158 Followers 633 Following Steven Matthews, CTO for Greenville-based non-profit.
Andre Alves @andrecoramdeo
0 Followers 336 Following
lcamtuf @lcamtuf
40K Followers 499 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
twolays @twolays
904 Followers 1K Following swe student, ex econ student, sweden or poland, 19, he/him. my pfp is my cat, her (ginger females are kinda rare, 20% chance) name is molly and she's 1.5y old
Nightmare Eclipse @ChaoticEclipse0
9K Followers 574 Following
Ashish Kunwar @D0rkerDevil
13K Followers 6K Following ex @Microsoft | Vulnerability Research | ios/mac research 🙂
d1ngbat @d1ngbat_
534 Followers 419 Following musician turned infosec analyst. premium goofs as a service. my employer has no clue this account exists but my thoughts are my own.
trish ang @feesh
2K Followers 1K Following Designer slash developer, climber of rocks, boarder of snow. EM @slackhq. Volunteers @oakland_cm. Hella gay. she/they 🌈
Michael Gillespie @demonslay335
37K Followers 66 Following Loves cats, bunnies, and coding. #Ransomware Hunter. Creator of the service ID Ransomware. Views expressed are my own.
MalwareHunterTeam @malwrhunterteam
254K Followers 37 Following Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.
キリル @khgoblinn
3 Followers 175 Following
d4rkc0nd0r @d4rkc0nd0r
271 Followers 864 Following
Malware Village @MalwareVillage
2K Followers 93 Following Founded by @LambdaMamba & @cybersyrupblog | Run by World Cyber Health Non-Profit | Discord: https://t.co/JE25nRRco6 | Email: [email protected]
Haus of Decline @hausofdecline
267K Followers 2K Following Hank of Decline Website - https://t.co/x1yxb0BWDM Patreon - https://t.co/Awbuy7xogD
_ZN4DionC1Ev @justdionysus
5K Followers 1K Following I write software and drive around Baltimore looking for stuff to do.
Bruce Dang @brucedang
5K Followers 1K Following Sweeping the floor at https://t.co/CM8ErzxC5z (we are hiring). Previously at Microsoft/Veramine/Apple. author of Practical Reverse Engineering.
Alex Rad @defendtheworld
2K Followers 1K Following On a mission to make networking secure and simple. https://t.co/NnoAMwpuYA
Corbin Crutchley @crutchcorn
7K Followers 479 Following VP of Software Engineering | @GitHub Star | @Microsoft MVP | @Playful_Program Partner | @tan_stack Maintainer
Dillon Mulroy @dillon_mulroy
31K Followers 4K Following principal engineer @cloudflare • tweets about functional programming, typescript, neovim, & formula 1 • https://t.co/6Vr6DiQUoM • https://t.co/tlUe9v9eZC
Linghua Jin 🥥 🌴 @LinghuaJ
5K Followers 2K Following cofounder @cocoindex_io infra & AI, ex-google tech lead star ⭐ https://t.co/Hd5tSRgQi8
clairebear @geckotailzz
19K Followers 170 Following reformed edgelord / Black Lives Matter / Trans Rights are Human Rights / comics: @geckowo / asexual
Safia 👩🏾💻 @captainsafia
23K Followers 515 Following building at @warpdotdev, prev: @microsoft • dream big and follow through even bigger
David Stern @vorporeal
388 Followers 237 Following Engineer, thinker, procrastinator, idealist. Too many projects, not enough time. He/him. Currently @warpdotdev; formerly @youtube, @gmail.
eric zakariasson @ericzakariasson
69K Followers 584 Following @cursor_ai & tinkering. https://t.co/udyDUjFI0i
Xint @xint_official
1K Followers 16 Following What if the world's best hackers rebuilt AppSec from the ground up with AI? Meet Xint - autonomous, comprehensive, fast, and actionable.
Bob Ippolito @etrepum
4K Followers 3K Following @missionbit board member. Former founder/CTO of Mochi Media and Fig. Sometimes enjoys writing code. he/him https://t.co/8VABmVoPGI & https://t.co/XjXgNrSq8s bsky
Josh Cohenzadeh @jshchnz
7K Followers 509 Following co-founder, ceo @emergetools (backed by yc, acquired by @sentry) vibing on https://t.co/zd1VJilHqz
Alex Matrosov @matrosov
20K Followers 2K Following Security REsearch @Anthropicai · Breaking & Fixing AI Failure Modes | Founder @binarly_io · @SBOM_Tools · @REhints | Author “Rootkits & Bootkits" (https://t.co/1wd2dfYHY6)
john @nyan_satan
17K Followers 149 Following demonic beast from another era (with F20.0) | https://t.co/W7w9FmL4Fd
Barrel Of Lube @barre_of_lube
2K Followers 735 Following 21, Stay Freaky, math + stat, @hexclave, ex @orchid_hq music n people enjoyer
Jamf Threat Labs @JamfThreatLabs
203 Followers 30 Following Mac security research and threat hunting team. Sharing findings discovered by @JamfThreatLabs at @JamfSoftware.
Ellie Winters @N104AP
485 Followers 380 Following administrating your systems since never, administrating my own systems since ages ago, attempting to secure shit, follow requests subject to vibe check
安坂星海 Azaka ||... @AzakaSekai_
14K Followers 7K Following ‧₊˚ ⋅ VTuber ⊹˚. Employed CTI Researcher ♡‧₊˚ SV Cover Artist @azakasekaip ✧・゚https://t.co/h3frxp4AWO *:・˚ @jamama_666 / @MomoiroKohi / @justNovaj / #artsyaz
Felix Rieseberg @felixrieseberg
64K Followers 720 Following Claude Cowork / Code @AnthropicAI, Co-Maintainer https://t.co/g4potti8nq
Iru @officiallyiru
2K Followers 46 Following Iru unifies endpoint security & management, identity & access, and compliance automation to collapse the IT stack.
Feross @feross
41K Followers 2K Following ⚡️ Founder + CEO @SocketSecurity (https://t.co/7g1opA7Tr8) • 🌲 Visiting lecturer @Stanford (https://t.co/yw9prxLiLe) • ❤️ Open source @WebTorrentApp + @StandardJS
Nicholas Cecere @nicholascecere
17 Followers 42 Following
𝚊𝚕𝚔𝚊𝚕�... @alkalinesec
3K Followers 594 Following mobile security / symbolic execution. opinions are mine. @[email protected] . he / him
Lina @d0rkph0enix
39K Followers 10K Following Infosec dork, boxer, poker player, dog owner/operator, spiller of things. Cars, vidya games, and cooking are my jam. #ChiefsKingdom and Royals fanatic. #SecKCYou might like
