Yiannis (John) Kozyrakis | @[email protected]

Let's try this: @ikoz@infosec.exchange

Tom Ptacek posted a great writeup titled "Vulnerability Research Is Cooked", covering the state of vulndev and its rapidly accelerating future: sockpuppet.org/blog/2026/03/3…

I’m super excited about this blogpost. The approach is so counterintuitive, and yet the results are so much better than anything else that we’ve tried for memory safety. We finally understand why. security.googleblog.com/2024/09/elimin…

I gave Claude 3 the entire source of a small C GIF decoding library I found on GitHub, and asked it to write me a Python function to generate random GIFs that exercised the parser. Its GIF generator got 92% line coverage in the decoder and found 4 memory safety bugs and one hang.

We are excited to announce that Google, Microsoft, and Meta are formally partnering as the founding steering committee to improve app security through a newly restructured App Defense Alliance, under the Joint Development Foundation. Learn more: hubs.la/Q02873mh0

Some more info on this, positions open onsite in Meta engineering offices in the US and London. Remote also possible depending on seniority within US, UK, France, Germany, Spain, Italy, Ireland, Netherlands, Poland.

Security Engineering roles in mobile security also open, do reach out!

* People ask LLMs to write code * LLMs recommend imports that don't actually exist * Attackers work out what these imports' names are, and create & upload them with malicious payloads * People using LLM-written code then auto-add malware themselves vulcan.io/blog/ai-halluc…

not every day 4 world-class security teams (all from Google, though that's not all of them...TAG, Mandiant, CrOS Security, and more) co-author a doc... #powerofopen storage.googleapis.com/gweb-uniblog-p…

Here are the slides for my keynote, 'Mobile Exploitation, the past, present, and the future' at #Zer0Con2023. Zer0con was a blast as always, thank you @POC_Crew!! 🚀💫 github.com/externalist/pr…

The Android team has open sourced our internal Rust Training! It's a four day course covering the full spectrum of Rust, from basic syntax to advanced topics like generics and error handling. It also includes Android-specific content on the last day. google.github.io/comprehensive-…

@maldr0id Scary stuff.

New APVI entry: platform certificates used to sign malware Found by yours truly :) bugs.chromium.org/p/apvi/issues/…

@GerryMcBride Siemens SX1, good luck typing on this

Then we're into Smartphones, a Galaxy SIII which I *instantly* smashed, and then a HTC Desire S which I kicked up and down the yard for years without putting a scratch in it. iPhones ever since. Nothing slides or moves on them. Boring. That's it!

After the early bricks but before smartphones, there was a stretch where phone design went absolutely catshit bananas (1/?)

According to messages shared in Twitter Slack, Twitter’s CISO, chief privacy office, and chief compliance officer all resigned last night. An employee says it will be up to engineers to “self-certify compliance with FTC requirements and other laws.”

The folks in Chrome who work on securing the web platform API have compiled a great guidelines doc based on their experience. chromium.googlesource.com/chromium/src/+… Thanks @mikewest et al!

If you can't switch your C to Rust immediately, consider at least enabling all the sanity checking the compiler can already do for free: -Wall -D_FORTIFY_SOURCE=2 -fsanitize=bounds fsanitize-undefined-trap-on-error -fstrict-flex-arrays (GCC 13+, Clang 16+)

I believe HMG are trying to legislatively prohibit SQL injection attacks on the register of companies!

@Hexploitable @dcuthbert My 7: Olive oil, onions, garlic, peppers, tomatoes, carrots, more olive oil

@dcuthbert Not drastically different: Onion, garlic, tomato, paprika, soy sauce, miso, salt

If there’s one subject I still think we don’t teach at school, and we should do, it’s how to cook. The basics of meal prep that doesn’t cost the earth. My 7 ingredients I cannot live without. What’s yours?

Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu fredericb.info/2022/06/breaki… < what an awesome write up

We have finally published Tproxy (objectifsecurite.gitlab.io/tproxy/) our generic TCP interception proxy (think Burp for TCP): TLS handling, wireshark dissection, intercept and modify by hand or with scripts in GUI or CLI. There is a complete doc with demos (objectifsecurite.gitlab.io/tproxy/Demos/)