You know those janky secure send web portal things lawyers, CPAs, etc use for “secure email” — but just upload the attachment to a pile on some random server somewhere?

Those always seemed like a huge disaster waiting to happen to me, but I’ve never seen a major pub compromise?

Unpopular opinion: now's the time for us to get serious about measuring open-source projects using SLSA, and getting everyone to Level 4 with mandatory 2-party code reviews. slsa.dev/spec/v0.1/leve…

Does anyone remember a visual AI search engine that hit Hacker News about a month ago? It collapsed under the load. You could e.g., search a music genre and it would map out artists, influences, related trends, major events, etc. Seemed like it was a small, early, team.

🪲And the 2023 Year in Review of Zero-Days Exploited In-the-Wild is out!

This year I teamed up with Jared Semrau & James from Mandiant to write a joint report combining our expertise and providing a more holistic view on in-the-wild 0-days in 2023 🔥🧐

blog.google/technology/saf…

Early fall last year we received an iTunes Backup: And I found THE *needle* in the haystack! A sample of NSO Pegasus BLASTPASS Exploit Chain.

Have a look at this blogpost which reveals some of my early steps of the analysis.

iverify.io/post/clipping-…

#Pegasus #iOS

Learn the story behind The Minimal Phone: First E-Ink QWERTY Phone and help us meet our goal. @indiegogo igg.me/at/minimal

A lot of people ask us why we use fuzzing over formal methods.

The tldr: fuzzers have a superior effort-to-reward ratio, but what really matter is the quality of your invariants

Inflection Deal

> too much capital and talent needed for next generation
> no real way to exit
> Reid Hoffmann looking to engineer an acquihire
> MSFT unwilling to bite at $4 bil
> so they engineered an earn-out deal
> allowing founders and research team to leave
> investors…

Attacknet is the best available tool for addressing the largest security risks to layer 1 blockchains
twitter.com/trailofbits/st…

Here's a great list of services to optout from to reduce your spam phone calls

.Trail of Bits is making a big investment in post-quantum cryptography (PQC) this year. If that's something you're ready to work on, we're doing security reviews *and* custom engineering.

I had to try this myself. Trail of Bits was apparently founded by ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 and Elijah Savage, not Dan Guido and Alex Sotirov. It is known for having created the fastest open-source password cracker in the world, Shellphish.

Join us for beers and brats for Brooklyn Overflow, our social meetup hosted at DSK Brooklyn, our favorite German beer garden. meetup.com/empire-hacking…

.Trail of Bits has not been the most consistent with sharing our vulnerability disclosures over the years 😬.

Today, we dug into our archives and pulled out a pervasive JWT library flaw and a Linux KASLR bypass.
twitter.com/trailofbits/st…

If you're a company worried about the same mobile spyware threats, i✌️erify can help.