michalis

We (cc @blueminimal) are soliciting web security students & postdocs for junior PC members for #SecWeb '24 (co-located with IEEE S&P). We have a mentoring program in place to help guide the junior PC members. If interested, please fill out the form: forms.gle/AAxS1DRvfEGJ1L…

One of my favorite ways to detect if you're in a sandbox Custom dictionary sizes in VMs are always tiny.

@Laughing_Mantis @daveaitel Neat! We studied malware sandbox evasion based on similar wear-and-tear artifacts in this paper: www3.cs.stonybrook.edu/~mikepo/papers…

We are just days away from the RAID conference on October 16-18! We have an amazing program with a lot of great papers. Curious? Check out the program here: raid2023.org/program.html

Web Security vs. Binary Exploitation

Χωρίς αυτούς τους ανθρώπους δε θα μπορούσαμε να πάμε στη Θεσσαλία. Ευχαριστούμε και τους 25 απίθανους ανθρώπους που προσφέρθηκαν εθελοντικά να κάνουν τζι-τζι τους πάνω από 1100100 φορητούς υπολογιστές! Για περισσότερες από 6 ώρες έδωσαν τον καλύτερο τους εαυτό! Επίσης, μαζί μας

If you are a strong programmer, security-minded, and love operating systems, I'm looking for PhD students and interns to join me at @IMDEA_Software to work on Systems and Security related projects . More info at portokalidis.net/openings.html

CfP for @DIMVAConf #DIMVA24 is live. Submissions Dec06 and Feb14: dimva.org/dimva2024/ Join us Jul17 to Jul19 in Lausanne! cc @gannimo

Encrypted Client Hello (ECH) is a great improvement for online privacy. However, it’s important to stress that this ISN'T the last puzzle piece to privacy as stated by the article's title. ECH safeguards plaintext domain names (previously exposed via the SNI field in TLS handshake) from passive eavesdropping, but the IP address is still there, potentially carrying a lot of information about the website visited. This is especially true for many websites that are single-hosted (i.e., having a 1-to-1 domain-IP mapping with the hosting address). More details are from these research papers: AsiaCCS '20: arxiv.org/pdf/1911.00563… PoPETS '21: arxiv.org/pdf/2102.08332…

I’ve been using it for exactly 20 years, and I’m always frustrated when I have to use a touchpad..

The original Citizen Lab report correctly mentions that this required an *on-path* capability—a MitM (in-path) attack is not strictly necessary for this. Man-on-the-Side (on-path) is easier. citizenlab.ca/2023/09/predat…

Periodic reminder why plain HTTP (non-encrypted) traffic is a vulnerability: "...if the target went to any ‘http’ site, the attackers injected traffic to silently redirect them to an Intellexa site, c.betly[.]me." blog.google/threat-analysi…

It's not a simple failure, it's a catastrophe!

Introducing the ai-cli library, a command-line copilot. It attaches to programs that offer interactive command-line editing and modifies their interface so you can obtain generative AI suggestions with a single keystroke. https:/www.spinellis.gr/l/ai-cli-lib?tw230914

No, these aren't screenshots of Apple's website. These are 1970s @LEGO_Group booklets that I've collected. They were doing bento box layouts set in a bold sans-serif 50 years ago.

Exciting news! #FOCI2023, the Workshop on Free and Open Communications on the Internet, is happening in person alongside the @PET_Symposium this year! Join us for cutting-edge discussions on censorship, circumvention and more. To register, 👉FOCI.community

Before going to the beach and having your laptop off for a few weeks (I wish...), consider submitting your latest work at ISC this summer! The conference will be held in the Netherlands and we have keynotes from the best -- we will reveal, soon. :)

Joint statement from more than 300 scientists from 32 countries warning against the EU proposal for regulation to detect Child Sexual Abuse Material tinyurl.com/CSAScientistsL…… The technologies it puts forward are inadequate to solve the problem and bring huge societal risks 🧵

Best explanation of C pointers ever! From the truly wonderful book "C language programming that even a cat can understand" archive.org/details/c-2-ne…

I love reading course evaluations! "He reminds me of the Hackerman meme"