Matteo (@winterdeaf) - Twitter Profili | Zamantika Mersobahis Locabet

Sabitlenmiş Tweet

Matteo@winterdeaf·9 Oca

Much broken crypto, one common thread: bespoke, ill-designed cryptographic protocols. Matrix, Mega, Threema, Telegram: secure primitives are not enough in complex applications. The new mantra shall be "don't roll your own protocol".

kennyog@kennyog

We (@winterdeaf @kientuong114 and I) took a deep dive on Threema, a Swiss-made secure messaging app. We found 6 new cryptographic vulnerabilities. Full paper at breakingthe3ma.app; mini-thread follows. #threema

English

3

25

65

22.8K

Matteo retweetledi

Miro Haller@miro_haller·7 Oca

The 2nd Cryptographic Applications Workshop (#CAW) will be at Eurocrypt 2025! #CAW focuses on the construction and analysis of cryptography built for practice, bridging the gap between research and real-world applications. Our call of talks is open: caw.cryptanalysis.fun

English

1

7

16

3.7K

Matteo@winterdeaf·24 Oca

@cryptojamieA Signal for the win!

English

0

1

91

Donny@Donny_Trades·3 Oca

@winterdeaf What app do you recommend?

English

1

0

13

Matteo@winterdeaf·9 Oca

Much broken crypto, one common thread: bespoke, ill-designed cryptographic protocols. Matrix, Mega, Threema, Telegram: secure primitives are not enough in complex applications. The new mantra shall be "don't roll your own protocol".

kennyog@kennyog

We (@winterdeaf @kientuong114 and I) took a deep dive on Threema, a Swiss-made secure messaging app. We found 6 new cryptographic vulnerabilities. Full paper at breakingthe3ma.app; mini-thread follows. #threema

English

3

25

65

22.8K

Matteo retweetledi

Nick Sullivan@grittygrease·27 Tem

New from the TLS meeting at IETF 117: Encrypted Client Hello (ECH) is enabled for 1% of Chrome stable users. A big step for privacy online! datatracker.ietf.org/doc/draft-ietf…

English

2

37

104

21.4K

Matteo@winterdeaf·13 Tem

@kientuong114 @_klewi +1

1

0

59

Kien Tuong Truong@kientuong114·12 Tem

@_klewi Is there anywhere where we can read about the technical implementation?

English

1

0

164

Kevin Lewi@_klewi·11 Tem

There's some neat behind-the-scenes crypto involved to link WhatsApp E2EE sessions across devices... without QR codes!

WABetaInfo@WABetaInfo

📝 WhatsApp beta for Android 2.23.14.18: what's new? WhatsApp is rolling out a feature to link your account to WhatsApp Web by using your phone number, and it's available to some beta testers! wabetainfo.com/whatsapp-beta-…

English

1

6

675

Matteo retweetledi

Miro Haller@miro_haller·29 Haz

#WAC6 talks: Matteo Scarlata @winterdeaf will present "why Threema failed in practice" lessons learned from 7 cryptographic attacks against a secure messenger. The paper with @kientuong114 @kennyog will be presented at USENIX '23. Full workshop program: cryptanalysis.fun

English

1

2

9

721

Matteo retweetledi

Martin R. Albrecht@martinralbrecht·28 Mar

Deirdre Connolly¹@durumcrustulum

Beware! #RealWorldCrypto

ZXX

0

6

36

6.5K

Matteo retweetledi

Luca db@cyan_pencil·2 Mar

I would like to thank the chairs for letting us use heart emojis in the paper title. I think this is a very important step forward for academia and research. Can't wait to use "👀" for related work and "🤨" for limitations on the next one

Mathias Payer@gannimo

Are you working with stubborn aarch64 code? Check out @cyan_pencil's upcoming @USENIXSecurity #SEC23 paper on efficiently rewriting ARM binaries. Insight: using heuristics for optimization on a safe baseline is key! nebelwelt.net/files/23SEC3.p… Comments welcome!

English

0

5

63

6.7K

Matteo retweetledi

Daniel Paleka@dpaleka·1 Mar

No one sees ChatGPT for the first time and thinks "just some n-gram correlations" or "no real knowledge inside". Those unintuitive beliefs trickle down from some experts, who should know better than to teach their controversial theories as established fact: 🧵 (1/12)

English

19

117

851

219.5K

Matteo@winterdeaf·1 Şub

@ian @SCWpod @kennyog @kientuong114 That's an interesting question, I will look into it when I have some time!

English

0

1

41

Matteo retweetledi

Security Cryptography Whatever@SCWpod·27 Oca

NEW EPISODE! THREEEEEMAAAAAAAA We recorded this almost two weeks ago, yay it's out! With special guests @kennyog @kientuong114 @winterdeaf youtu.be/QVt6RkYfGy0

YouTube

English

2

10

28

7.8K

Matteo retweetledi

kennyog@kennyog·10 Oca

@tqbf The team here is always happy to supply fresh stunt crypto attacks for your enjoyment. 😁 @kientuong114 @winterdeaf

English

1

4

643

Matteo retweetledi

Kien Tuong Truong@kientuong114·9 Oca

In early 2022 I started working with Kenny and Matteo on analyzing Threema, the messenger used by 🇨🇭govt, army and 🇩🇪 chancellor. Happy to say that the disclosure period is over and results are out! Fun vulnerabilities included :) Check out our website: breakingthe3ma.app

kennyog@kennyog

We (@winterdeaf @kientuong114 and I) took a deep dive on Threema, a Swiss-made secure messaging app. We found 6 new cryptographic vulnerabilities. Full paper at breakingthe3ma.app; mini-thread follows. #threema

English

3

33

148

42.8K

Matteo retweetledi

Deirdre Connolly¹@durumcrustulum·9 Oca

"Why?" "NO REASON!" [pointedly not looking at Threema]

kennyog@kennyog

I’d like to borrow 8192 cores for a week. Anyone out there got some spare compute lying around to help out with a cool research project?

English

1

6

19

3.6K

Matteo@winterdeaf·9 Oca

@cronokirby You are of course right -- it is not a matter of credentials. But when I get out of my academic bubble, I'm always surprised by how scarcely diffused provable security and formal methods are!

English

0

2

42

Lúcás Meier@cronokirby·9 Oca

@winterdeaf I doesn't matter what credentials your team does or doesn't have, it matters what analysis you apply the protocol you have

English

1

0

3

68

Matteo@winterdeaf·9 Oca

@ThreemaApp breakers! It was great to meet @SoatokDhole at DEF CON 30. w/ @kientuong114

English

0

3

19

1.7K

Matteo retweetledi

ETH CS Department@CSatETH·9 Oca

ETH cryptographers @kennyog, @winterdeaf and @kientuong114 have conducted a security analysis and discovered various vulnerabilities in the secure messaging app Threema. Read their full paper here: breakingthe3ma.app #threema #Security #messenger bit.ly/3vPkhxE

English

1

18

43

7.1K

Matteo retweetledi