Francisco Dominguez

18.8K posts

Francisco Dominguez banner
Francisco Dominguez

Francisco Dominguez

@FSDominguez

Katılım Nisan 2011
733 Takip Edilen997 Takipçiler
Francisco Dominguez retweetledi
Owen Brake
Owen Brake@OwenBrakes·
Rip every radio out of your phone. It will still leak your inputs. Capacitive touchscreens scan sequentially. Your finger touching the screen affects the local impedance and modulates the emissions. Able to extract keystrokes and pin inputs from 15cm away with ~90% accuracy.
Owen Brake tweet mediaOwen Brake tweet mediaOwen Brake tweet media
English
69
213
3.6K
272.2K
Francisco Dominguez retweetledi
Nicolas Krassas
Nicolas Krassas@Dinosn·
google/mantis: A modular, stack-agnostic toolkit of security review skills for AI coding agents to autonomously find, reproduce, and patch vulnerabilities. github.com/google/mantis
English
0
15
73
4.5K
Francisco Dominguez retweetledi
Kevin Bankston
Kevin Bankston@KevinBankston·
The road to tech-enabled totalitarian hell is paved by good intentions around child protection.
Paul Walsh@Paul__Walsh

Ursula von der Leyen has confirmed that everyone in the EU will need to use the EU's app for identity authentication before being able to access or post on social media websites. 🇪🇺 As an expert in online child safety, I am here to expose the misinformation and misdirection in von der Leyen's statements. Today von der Leyen said: "This is not about whether children can access social media, it is about whether social media can access our children". 💡The first part is true. This isn't about children. It's about surveillance and combating political dissent. A state that can't control its own citizens is more dangerous than a state rife with criminals. The second part is a PR soundbite that politicians are using like a campaign slogan straight out of 1984. 🇪🇺"The question is no longer if children face risks online, but what can we do to give children a safer start online". 💡No. You can't give children a "safer start" online any more than you can offline. In the offline world, the government doesn't enforce curfews or ban children from entering liquor stores, bars or restaurants. That's a parent's responsibility. The digital world should be no different. 🇪🇺"The age verification app is one of the tools to get it done". 💡This is a contradiction because she also said "It won't be foolproof". 🇪🇺"It's easy to use, it is privacy preserving and it is open source". 💡The app was compromised as soon as it was released. "Privacy-preserving" age verification is an oxymoron. You can't verify a person's age without verifying their identity. Where or how that age is shared afterwards is irrelevant. 🇪🇺"This is basically about putting back the power into the hands of parents". 💡More from 1984. The EU is doing the opposite. Parents are having their authority stripped by politicians who think they know better. Many parents are capable and unaffected by peer pressure, and they know how to use parental controls to block any app classified as 13+. Some teens are safe, their parents trust them, and the state has no business overruling that trust. 🇪🇺"We don't give our children keys to the car before they have their licence" 💡Comparing an app to a car is a false equivalence used to justify mass surveillance. Governments don't decide when a young person is ready for car keys, guardians do. 💡Forcing every adult and child into a biometric checkpoint just to use an app or website is not licensing drivers. It's the state seizing everyone's keys, locking the garage, and forcing every driver to ask a private company for permission to take a drive. 💡 This is a gross, unethical overreach that strips authority from parents while imposing state sanctioned identity verification on every adult who doesn't even have a child. 💡Additionally, people who pass a test, obtain a licence and drive a car aren't forced to use an app to constantly authenticate their suitability to drive. 🇪🇺"We do not let them buy alcohol until they are legally allowed" 💡False equivalence. We don't force every person to show ID at a shopping mall entrance just because a few people might buy alcohol with a meal at a restaurant. Some parents are okay with their 12 year-old going to the mall with friends while others aren't. Either way, it's their choice. Whatever irresponsible decisions some parents might make, every adult in the country shouldn't be forced to pay the price. 🇪🇺"It won't be foolproof" 💡This is all the proof we need to show that the EU and every government know that banning social media for teens won't protect them. When pressed by journalists about VPNs being used to circumvent a ban, politicians always state the ban isn't a silver bullet and will take time. The Mayor of London, Sadiq Khan went as far as to say "we know it's not the solution". 💡Either age verification works, or it doesn't. As a technical expert in this space, I can tell you there are no additional steps to take and no progress to be made. Either the approach does what it is supposed to do, or it's not fit for purpose. If they claim a bulletproof solution is coming, it can only mean one thing. They intend to ban or restrict VPNs to people who verify their identity. 🇪🇺"It will take time to invite the cultural change that is already taking shape in our society, just as it took time to outlaw drink driving, just as it took time to use seatbelts in the cars. Great change never happens overnight, but when it comes to our safety it is always worth it". 💡Comparing a social media ban and age verification to seatbelts is a completely broken analogy. Seatbelts are a safety feature that protects children while allowing them to travel in a car. A ban doesn't give kids a seatbelt. It kicks them out of the car entirely. 💡Instead of supporting parents who want to guide their own children through the digital world, this heavy-handed law strips away parental authority by banning the apps and websites that many parents are perfectly fine with and actively monitor. 💡Furthermore, enforcing these bans requires biometric age verification, which means forcing millions of adult citizens to scan their IDs, faces or credit cards just to browse the internet. That isn't a common-sense traffic law. 💡It's a digital checkpoint on every street. True safety means teaching kids how to navigate the digital world safely with real guardrails and parental guidance, not burning down digital spaces for everyone under the guise of protection. 🇪🇺☠️ The EU wants to ban teens from social media so every person is forced to verify their identity before they can read, share or post anything online. In their words, this is to protect children from dangerous content. 🇪🇺☠️ The EU wants to enforce "Chat Control" so every app has to monitor everything people say privately inside it, including apps with end-to-end encryption. In their words, this is to protect children from dangerous criminals. 💡Where this ends 🇪🇺 "If you want a picture of the future, imagine a boot stamping on a human face - forever". George Orwell, 1984.

English
0
7
5
1.1K
Francisco Dominguez retweetledi
📕「マルウエアの教科書」著者 | 吉川孝志 | 増補改訂版🌟発売中
ゲーム向けアンチチートの内部実装をカーネルレベルで解析した全8記事の研究ブログがGitHub上で公開されています。カスタムVM難読化、CR3操作、ページフォルトフック、ハイパーバイザー検出といった技術は、マルウェアの耐解析実装やEDR回避と共通する低レイヤーの設計です。アンチチートという文脈ですが、カーネルドライバがプロセス生成をどう横取りするか、メモリアクセスの監視をどの層でどう仕掛けるかといった観点は、マルウェア解析やエンドポイント防御の設計にもそのまま通じます。 【要点の整理】 ・EasyAntiCheat関連が3記事。article-1はEACのインポート保護、article-2はNtCreateUserProcessのエミュレーション(カスタムVM難読化の内部でCPUエミュレータを動作させ、プロセス生成コールバックより前にCR3書き込みを捕捉し改変する設計。解析にはハイパーバイザーデバッガとEPTフックが使用されたとの記述)、article-3はCR3保護の詳細。3記事を通じてEACがプロセスの物理メモリアドレス変換を隠蔽する多層防御の全体像が追える構成。 ・article-4はTPM(Trusted-Platform-Module)をアンチチートに組み込む際の落とし穴。article-5はRiot-GamesのVanguardがページフォルトフックでメモリアクセスを監視する手法。article-6はHyperionの整合性チェックのバイパス。article-7はWine環境(Linux上のWindows互換レイヤー)の検出手法。article-8はDBVM(カーネルデバッガ用ハイパーバイザー)の検出手法。 ・全記事はGitHubリポジトリ上のMarkdownファイルとして閲覧可能。 アンチチートもEDRも、信頼できないコードが動く環境でカーネルレベルの観測と介入を行う点では同じ課題を抱えています。「どの層で何を見て、何が見えなくなるか」を具体的な実装から追える資料群です。 詳細は以下を参照: github.com/0avx/0avx.gith… (※可能な範囲でファクトチェックは実施済なものの、元記事の精度依存や速報・要約の性質上漏れもありうるため、正確な情報は一次情報を直接参照のこと)
日本語
0
62
324
16.5K
Francisco Dominguez retweetledi
Francisco Dominguez retweetledi
Marvin Schwaibold
Marvin Schwaibold@MSchwaibold·
I just got my MRI scan and did the same thing ... and the (german) clinic was blown away by my viewer. I can browse every scan, hover to autoplay slices, search anything, scribble notes, stamp findings, and screenshot moments instantly.
tobi lutke@tobi

My annual MRI scan gives me a USB stick with the data, but you need this commercial windows software to open it. Ran Claude on the stick and asked it to make me a html based viewer tool. This looks... way better.

English
148
188
5.8K
879.6K
Francisco Dominguez retweetledi
Carmen
Carmen@syntaxish·
CISA published "Lessons from CISA's Cyber Incident" about the recent public repo where their AWS creds got leaked. Kudos for publishing what didn't work. But lookey here... Playbooks! Also glad they're pointing out the obvious: it's not if but when. cisa.gov/news-events/ne…
English
0
15
27
3.6K
Francisco Dominguez retweetledi
Isabelle d'Artagnan
Isabelle d'Artagnan@isa_dartagnan·
Quand j'étais enfant, on m'expliquait que l'URSS et l'Allemagne de l'Est étaient totalitaires parce que l'État espionnait tous les messages privés. Il y avait des films sur la Stasi, sur l'absence de vie privée et d'état de droit. #chatcontrol
Français
181
6.2K
25.2K
205.1K
Francisco Dominguez
Francisco Dominguez@FSDominguez·
@MarcOverIP @FuzzySec Nu werd tenminste gedurft om eigen intell aan te houden in tegenstelling tot irak. Wat dat betreft vind ik het wel overdreven aandacht nu. Ja, kan beter, maar liever dit dan volledig draaien op andermans capabilities.
Nederlands
1
0
0
82
Marc Smeets
Marc Smeets@MarcOverIP·
@FuzzySec Fascinerend artikel! Tunnelvisie lijkt hier wel van toepassing. Maar ook het wantrouwen naar US Int lijkt groot na 1) het debacle van Irak (“weapons of mass destruction”) en 2) het verraden van NL Int door US nadat NL Int de US tipte over hack op Dem en White House.
Nederlands
1
0
4
213
b33f | 🇺🇦✊
b33f | 🇺🇦✊@FuzzySec·
Stunning failure of intelligence and indeed critical thinking. It’s incredible to me that the article says there wasn’t a sweep of personnel at the major agencies in the EU. Even after the fact the conclusions were fundamentally wrong and protectionist.
Huib Modderkolk@huibmodderkolk

NEW: Despite persistent warnings from American and British officials, Dutch intelligence agencies refused to believe Putin would invade Ukraine in 2022. Insiders reveal how it all went so wrong. ‘This was the highest-stakes game I’ve ever played.’ volkskrant.nl/kijkverder/v/2…

English
2
1
12
2.6K
Francisco Dominguez
Francisco Dominguez@FSDominguez·
In the Era of AI we should start working on how people vibe code their own secure overlay for chat apps and decentralize this knowlege. Encrypt all content. Avoids centralizing the capability and forces legislators to scale or give up.
Mullvad.net@mullvadnet

Chat Control 1 is back. Despite the European Parliament voting down the legislation twice this year, the Council of the European Union and parts of the Parliament today managed – through an urgent procedure – to extend it for another two years. The law was originally introduced as temporary legislation, so that its effectiveness could be evaluated. At the end of 2025, the European Commission itself concluded that it was not possible to determine whether the law had any measurable effect. Even so, it has now been pushed through. Some of today's amendments could have stopped the law. And a majority of the voting MEPs wanted to do so. By a margin of 314-276, the Parliament voted to reject the proposal through these amendments. However, since it was an urgent procedure, 361 votes were required. As a result, the majority lost today and Chat Control 1 was passed. The urgent procedure was a dirty play by the Council and parts of the Parliament – it’s a procedure not meant to be used on legislation already rejected by the Parliament. For now, Chat Control 1 will remain in effect. This means that tech companies may continue scanning communications without a warrant or suspicion. However, the real battle is Chat Control 2. Unlike Chat Control 1, it would require all providers to scan communications, and to do so far more extensively than Chat Control 1 ever has.

English
0
0
1
236
Francisco Dominguez retweetledi
Brittany Hughes
Brittany Hughes@RealBrittHughes·
Hey @Netflix: The first season has 10 episodes and you binge it in a week. The second season airs three years later with 8 episodes that come out in two random chunks six weeks apart for no reason. And by the time it airs, you've forgotten the first season anyway and it's not worth the time to go back and rewatch it. There. Just saved you a crapton of consulting money. You're welcome.
Lucas Shaw@Lucas_Shaw

Netflix's top shows have been losing 30-70% of their audience between seasons 1 and 2. Executives are trying to figure out why. Netflix's second season swoon & more in this week's newsletter: bloomberg.com/news/newslette…

English
874
7.7K
107.5K
3.4M