Stephen A. Ridley @s7ephen Twitter profile

Pinned Tweet

Stephen A. Ridley

@s7ephen

1 year

4

6

13

Last Seen Profiles

@TrinityTigersB2

@Yarlens_Dei

@AIMPLB_Official

@ChristoffDTodd

@cgTheDev

@NeopinOfficial

@tkupp15

@alfred_makash

@ayarsizbegonvil

@seunfvs

@manoharreddy461

@franlc

@PeniP_

@CoachDaxNunn

@widdwork34

@putino

@trudyasiima

@DaniellsBarrett

@Paul_O_Williams

@RockCreekLions

@ColeenRoo

@SimaenagaEikyu

@CanningTaraM

@ManMundra

@AsperaSolutions

@Sidneystardance

@Gladiatorszonee

@gachaponmachine

@LaSeineMusicale

@SUKA_EMAK_EMAK

@rescuehoadswood

@punished_kres

@finfellas

@CraigHobbsPhot1

@WillClouden

@michigantech

Stephen A. Ridley

@s7ephen

7 years

If infosec was a sport...

90

3K

6K

Stephen A. Ridley

@s7ephen

8 years

"Information Security"

14

1K

Stephen A. Ridley

@s7ephen

7 years

"Impregnable perimeter defense" "Unhackable" "Tested by the best minds in the industry."

25

731

1K

Stephen A. Ridley

@s7ephen

7 years

- Hardware root of trust in each device. - Transport crypto. - meticulous code signing. Angry Birds is better protected than e-votes are.

11

553

982

Stephen A. Ridley

@s7ephen

5 years

Remember kids: if that "security researcher" is at every con and community event, there's no time left for research. They are a "security entertainer" masquerading as a "researcher".

17

158

586

Stephen A. Ridley

@s7ephen

6 years

Whoa. Wait. What? Lenovo quietly released a new X1 Carbon that is absolutely KILLIN most high end "gaming" laptops. * 6 core i7 * 64 (I repeat) 64 gig of ram * GTX 1050Ti * Four lane thunderbolt 3 * a buncha TypeA USB ports ... ... IN AN ULTRABOOK

Lenovo’s ThinkPad X1 Extreme: Hex-core, GTX 1050 Ti, 64GB RAM under 4 pounds

The first 15-inch X1 has us drooling.

arstechnica.com

43

122

572

Stephen A. Ridley

@s7ephen

6 years

Tech-savvy millenials click the link with zealous anticipation... "what a clever hack!" they exclaim as they tweet and reshare. "What genius to encode data as Sound!?" they cheer. Sullen narrator: "alas they have never had to use a modem."

Alexandre Dulaunoy @[email protected]

@adulau

6 years

"Quiet for Android - TCP over sound" "org.quietmodem.Quiet allows you to pass data through the speakers on your Android device. This library can operate either as a raw frame layer or as a UDP/TCP stack."

8

211

390

17

171

473

Stephen A. Ridley

@s7ephen

6 years

8

133

416

Stephen A. Ridley

@s7ephen

6 years

Now that so many new laptops are USB-C and there is a new cottage industry of low cost "expansion hubs", I don't think it'll be long before we see supply-chain malware/spyware. These things are a ripe environment for all kinds of attacks: PCIe, BadUSB, and ARM controllers

17

207

368

Stephen A. Ridley

@s7ephen

7 years

I was hoping my first magazine cover woulda been something like "Men's Health" or "GQ". .... but I'll take it... ;-)

35

47

365

Stephen A. Ridley

@s7ephen

5 years

The Computer Hack That Saved Apollo 14. All program code was physically woven in ROM (yes woven... like needle and thread)..so the "hack" wasnt a matter of radio uploading new firmware. opcodes were manually entered through the UI. Neat watch.

6

141

356

Stephen A. Ridley

@s7ephen

6 years

We are definitely living in the cyberpunk future we were promised.

6

92

251

Stephen A. Ridley

@s7ephen

7 years

@SwiftOnSecurity @mikko

3

104

249

Stephen A. Ridley

@s7ephen

5 years

"Why Is My Perfectly Good Shellcode Not Working?" (ARM & MIPS) There are A LOT of talks and trainings about exploitation by folks who have never written real-world exploits...omission of CRITICAL details like this are a VERY common "tell".

12

105

245

Stephen A. Ridley

@s7ephen

6 years

Been making my way through this over the last few weeks of travel....and holy sh*t this book is a home run @billpollock ! huge props (and thanks) to @veorq for a much needed book.

4

51

238

Stephen A. Ridley

@s7ephen

5 years

We need a "Snopes" for Information Security products and digital privacy products.

17

44

238

Stephen A. Ridley

@s7ephen

8 years

"I know! Let's make a watch!" "Remove the headphone jack!" "No one uses the ESC key!" Maybe Jobs' main function was to reject dumb sh*t.

10

148

233

Stephen A. Ridley

@s7ephen

7 years

Infosec-Twitter's response to that ONE trump tweet has me ROFLing so hard right now. hilarious in their brevity.

7

77

229

Stephen A. Ridley

@s7ephen

5 years

For everyone that cared about the SuperMicro Bloomberg story: turn off notifications, hide in a bathroom or do whatever it takes to get 30mins for this @BlueHatIL talk by @bunniestudios . It's a must. Supplement w/ @qrs 's CCC talk:

Stephen A. Ridley

@s7ephen

5 years

I got a tiny bit of a preview in-person about two weeks ago. In typical Trammel fashion, it should be VERY awesome.

0

3

10

2

69

228

Stephen A. Ridley

@s7ephen

9 years

Ladies and gentleman: The Internet Of Things. http://t.co/phZyT0y1zM

20

387

217

Stephen A. Ridley

@s7ephen

7 years

checking the internet...

3

74

182

Stephen A. Ridley

@s7ephen

6 years

• "AirBnB owned buildings" aka "hotels". • "Uber for busses" aka "public transport" • "Uber for Bodegas": aka "vending machines". I'm going to start calling stuff like this: "Tech Tautology". Here's another one: "AWS for your computer"

16

103

180

Stephen A. Ridley

@s7ephen

7 years

IoT is the only place where beginners can still feel the thrill of finding realworld simple binary exploitation bugs

Stephen A. Ridley

@s7ephen

7 years

Today's BEST exploit devs got going in the late 90s/early 00s which is EXACTLY the state IoT is in wrt tech maturity

1

70

121

6

83

176

Stephen A. Ridley

@s7ephen

6 years

On OSX, find and rename all pdfs in the current directory to the file's md5sum(.pdf). Added bonus is that it deduplicates. find ./*.pdf -type f -exec bash -c 'echo "${1%.*}.${1##*.} --> $(md5 -q "$1").${1##*.}"; mv "${1%.*}.${1##*.}" "$(md5 -q "$1").${1##*.}"' bash {} \;

5

53

172

Stephen A. Ridley

@s7ephen

5 years

This guy built a fully off-grid home and automated everything (climate control, water, sewage, solar power, etc.) using microcontrollers and firmware he developed...but get this: he started all this in the 80's, BEFORE cheap SoCs and personal computers.

6

53

166

Stephen A. Ridley

@s7ephen

7 years

3

109

161

Stephen A. Ridley

@s7ephen

8 years

2

145

155

Stephen A. Ridley

@s7ephen

10 months

So, all of the pivotal cultural things that came to define the 60s, 70s, and partially the 80s and are seemingly disconnected were in-fact all ACTUALLY incubated within like a 10 block radius.

8

22

151

Stephen A. Ridley

@s7ephen

6 years

Rogue GSM towers running at #RSAConference2018 . Warm and fuzzies. Lol. At least this one was nice enough to announce itself :-)

8

69

149

Stephen A. Ridley

@s7ephen

5 years

No big deal, this is only *THE* standard hard drive encryption solution made by some no-name company (Microsoft) for their niche OSes. It's probably fine. Probably not very many government, financial, medical, and legal documents using it.

Matthew Green

@matthew_d_green

5 years

Several SSDs with hardware encryption appear to be busted. But the really terrible thing is that Bitlocker apparently relies totally on the SSD encryption if you have it. via @ProfWoodward

50

2K

4

95

143

Stephen A. Ridley

@s7ephen

6 years

Here is an archive of slides from ARM, explaining the Pointer Authentication exploit-prevention feature that they quietly snuck into ARMv8.3 last year this time.

4

54

146

Stephen A. Ridley

@s7ephen

5 years

Beethoven's Fifth starts as "ba ba ba buuum". "ba ba ba buuuum" is "dot dot dot dash" in Morse code. "dot dot dot dash" is the letter "V" in English. "V" is the Roman Numeral "5". Beethoven's 5th starts as "ba ba ba buuum".

9

40

140

Stephen A. Ridley

@s7ephen

7 years

This "Visual Guide To Machine Learning" is *really* well done. The synced animations work best on non-mobile tho

0

61

137

Stephen A. Ridley

@s7ephen

7 years

IMHO one of Infosec's unarticulated dirty secrets is that attackers tend to be more technically adept and pragmatic than operators/defenders

23

43

141

Stephen A. Ridley

@s7ephen

5 years

I share this here cuz many of you knew him. At 1AM on 4June2019, Sammiches aka Spanky, aka Sergeant Spankx, used the last of his strength to crawl into my lap. He took his last breath at exactly sunrise a few hours later. He was 8 years old. He was my first dog.

36

1

140

Stephen A. Ridley

@s7ephen

7 years

A core truth of infosec is that: "if an attacker is on your network or systems, she (by definition) already knows something you don't"

10

64

138

Stephen A. Ridley

@s7ephen

6 years

Cybersecurity Irony: Cybersecurity's first leaders were attracted to the field because it was a pseudonymous meritocracy. Your work stood alone.The anonymity and LACK of identity was liberating. Now, the opposite is true. "Identity" and personal branding are the currency.

6

41

131

Stephen A. Ridley

@s7ephen

1 year

@Not_the_Bee If you're wondering, yes it's a trend.

4

26

131

Stephen A. Ridley

@s7ephen

6 years

WANTED: a thin little "laptop" about the size of the old Mac Air (or thinner). Monochrome, eink, or character display. x86 or x64 for running modern Linux. USB charger. Wifi off switch. TPM. Can boot into "tty" mode and act like a dumb wyse/uart terminal. Days of battery.

12

29

128

Stephen A. Ridley

@s7ephen

7 years

Engineer: “I think the van should stop cuz of Conservation of Momentu-” Boss: “I hired you for ramp construction, not a physics lesson”

6

90

128

Stephen A. Ridley

@s7ephen

5 years

Over the years I've been wary of the ESP8266 and ESP32 architectures (opting for MSP430 and ARM) but the form factor of this @M5Stack is undeniably close to a perfect platform for Hackers.. CANbus, i2C, SPI, UART, RS485, LORA, tons of GPIO... let the games begin.

7

28

128

Stephen A. Ridley

@s7ephen

6 years

People come to infosec thinking that knowledge of exploitation is tablestakes. It is not. Exploitation is an art. And like an art, it can be self-taught or learned through apprenticeship. Or by rubbing up against other *real* artists. But real artists are rare in this field.

5

23

122

Stephen A. Ridley

@s7ephen

7 years

Today's BEST exploit devs got going in the late 90s/early 00s which is EXACTLY the state IoT is in wrt tech maturity

Stephen A. Ridley

@s7ephen

7 years

If you're new to vuln research, and you lament that "real bugs" are too hard to exploit in "modern" OSes, you need to be looking at #IoT

8

25

80

1

70

121

Stephen A. Ridley

@s7ephen

1 year

Seacrane is a single-binary tool that runs on OSX (arm/x86), Windows, Linux, routers & embedded devices (openwrt, busybox, NAS, etc) that offers: - chat over multicast - aes file crypt - webserver/webchat - QRcode - nc -l - connect.c style socks proxy etc

2

42

119

Stephen A. Ridley

@s7ephen

5 years

Ok wow. BitWarden is an open-source "zero knowledge" password manager that syncs across all your mobile devices and desktop. BUT they take it a step further and released a docker container that allows you to host your own server if you dont trust theirs.

5

47

119

Stephen A. Ridley

@s7ephen

7 years

It's easy to forget that our Sun is moving too. You look at this and you're kinda reminded that we are all kinda "going somewhere" together

5

79

114

Stephen A. Ridley

@s7ephen

6 years

It has been 10 years since we reverse engineered the MS08-67 patch and published the FIRST public vuln PoC (which was used by the Confiker Worm authors). BUT, it has only been about a year since we got an angry email blaming us for the Confiker worm.

3

49

116

Stephen A. Ridley

@s7ephen

5 years

@aloria I recently started explaining how "shift registers" work by asking "Have you seen human centipede?"... everyone was appalled...but they told me it IMMEDIATELY explained the concept and that they'd never forget it.

2

26

111

Stephen A. Ridley

@s7ephen

8 years

For the folks playing with Machine Learning:

2

64

103

Stephen A. Ridley

@s7ephen

8 years

8-bit Blade Runner

5

41

103

Stephen A. Ridley

@s7ephen

6 years

When I tweeted out about "USB Condoms" I was bringing as gag gifts for friends at Defcon/BH. I never expected it to go viral that weekend 5 years ago. It was the first circuit board I ever designed. Lesson: share your side projects no matter how silly!

SyncStop®

@SyncStop

6 years

Custom SyncStops make for excellent swag! Protect your clients, colleagues & friends from accidental data exchange!

2

4

11

5

39

107

Stephen A. Ridley

@s7ephen

8 years

This tweet but instead, the majority of InfoSec commenting on exploitation techniques.

1

49

109

Stephen A. Ridley

@s7ephen

6 years

An all-in-one machine-learning/deep-learning docker image with everything pre-installed (numpy, scikit, jupyter, matplotlib, et al). It is also highly compatible w/ @aureliengeron 's book & companion github repos )

1

33

102

Stephen A. Ridley

@s7ephen

5 years

That hasty code that you deployed to prod.

4

30

102

Stephen A. Ridley

@s7ephen

8 years

Take away the money. Take away the speaking engagements. Take away the press. Who still hacks? Prob'ly the same folks from before all this

5

48

100

Stephen A. Ridley

@s7ephen

7 years

He was sitting across from me on my flight to Australia. Asked at Baggage Claim: "is your name Geddy?" "Yup!"

11

10

96

Stephen A. Ridley

@s7ephen

8 years

CHIPPro is impressive. 1Ghz ARMv7 for 16 bucks. OpenSource design. Gonna kill the RaspPi.

3

51

93

Stephen A. Ridley

@s7ephen

6 years

When you start to really learn how all this technology *actually* works, you become increasingly amazed that all this technology actually works at all.

4

27

92

Stephen A. Ridley

@s7ephen

8 years

Twenty cognitive biases that screw up your decision making

3

59

91

Stephen A. Ridley

@s7ephen

8 years

This one gif on this blogpost () made the whole thing worth it: "Reversing Stripped Binaries"

0

38

92

Stephen A. Ridley

@s7ephen

8 years

Opening email first thing in the morning.

2

104

88

Stephen A. Ridley

@s7ephen

10 months

Fun Fact: Donald Rumsfeld was the CEO of Searle during their "Aspartame era". There's a Jinx for that too: 🎶"Diet Coke" by Pusha T🎶

Reuters

@Reuters

10 months

Exclusive: Aspartame, one of the world's most common artificial sweeteners, is set to be declared a possible carcinogen next month by a leading global health body, pitting it against the food industry and regulators

2K

11K

30K

1

16

88

Stephen A. Ridley

@s7ephen

6 years

Been looking for a ultraportable monitor for a while now. This wierd off-brand one was the only one I could find that was USB bus-powered but with real hdmi/vga (requiring no sketchy drivers like all the others). Got. Love it. HIGHLY recommend.

6

12

85

Stephen A. Ridley

@s7ephen

7 years

Infosec then: research-heavy meritocracy, anonymity, close friendships. Infosec now: cult-of-personality, politics, weak public research.

2

45

84

Stephen A. Ridley

@s7ephen

9 months

Everyone is being forcibly shown the room temperature superconductor. If real, most still shrug it off. Here is a demo of superconductor "quantum locking" aka "quantum levitation". Ok so now imagine the superconductor didnt need to be cooled. (credit: )

Phys.org

@physorg_com

9 months

Korean team claims to have created the first room-temperature, ambient-pressure superconductor @arxiv

15

77

239

4

12

82

Stephen A. Ridley

@s7ephen

7 years

If you're new to vuln research, and you lament that "real bugs" are too hard to exploit in "modern" OSes, you need to be looking at #IoT

8

25

80

Stephen A. Ridley

@s7ephen

6 years

We put down some thoughts on how this SuperMicro hardware backdoor may work (based on how we've been able to build hardware backdoors). Also ruminations on supply-chain security. Starts off for laymen, ends pretty technical.

Senrio

@XipiterSec

6 years

"Impervious Implants & the Splintery Supply-Chain" What are implants? how do they work? And our opinion on how this recent one likely works. A longish-braindump from our team.

1

34

60

3

41

74

Stephen A. Ridley

@s7ephen

6 years

Jet lagged in a hotel in Germany and learned they have a TV station called Bayern that plays a show called "Space Night". It plays downtempo/triphop on top of astronomy videos all night every night commercial free. Wow Germany.

Space Night - Wikipedia

en.m.wikipedia.org

4

20

75

Stephen A. Ridley

@s7ephen

7 years

@angealbertini Awesome!!! My new favorite lock screen!

1

25

74

Stephen A. Ridley

@s7ephen

7 years

Oh man, I just had a sobering thought. There is a whole generation that has never heard a dialtone. We are OLD.

6

35

74

Stephen A. Ridley

@s7ephen

6 years

5

22

68

Stephen A. Ridley

@s7ephen

7 years

Cockpit

1

36

72

Stephen A. Ridley

@s7ephen

6 years

No, *this* is the best version of this meme.

1

28

70

Stephen A. Ridley

@s7ephen

7 years

Roses are red, Violets are crude

1

37

68

Stephen A. Ridley

@s7ephen

5 years

Ok Joplin is amazing. Wiki meets Trello, Evernote, GitHub Gists. Stores your notes in Mardown. Supports clientside wiki encryption. Can "backend" to DropBox, WebDAV, etc. Or you can host it. Apps for iOS, Android, Windows, Linux, OSX (Thnx @Dr_n0psl3d !)

5

28

70

Stephen A. Ridley

@s7ephen

7 years

In other words,not a "nice to have" but instead a lynchpin that will decide what kind of society(s) we evolve into

Stephen A. Ridley

@s7ephen

7 years

I'm starting to believe that Cybersecurity/Privacy is to the Information Age what Public Health/Labor Law was to the Industrial Revolution.

1

10

30

1

61

67

Stephen A. Ridley

@s7ephen

6 years

We've built a simple convolutional neural network to do a really cool kind of detection. We are likely going to open-source it (cuz it's also a banger of a learning tool). Will likely release it as a module of our Discovery app. Can't WAIT to show everyone

Senrio

@XipiterSec

6 years

Not sure what's on your network? Now you can build a searchable, human-readable inventory of all your things...from raw network data. From your desktop. For free! Senrio Discovery is now available for OSX, Windows, and Linux!

2

88

261

1

21

66

Stephen A. Ridley

@s7ephen

8 years

In fact, here is a paper from 1998 "How to Explain Zero-Knowledge Protocols To Children."

Stephen A. Ridley

@s7ephen

8 years

In general I hate when articles are written to make simple things seem like magic. Zero knowledge is explainable.

1

3

15

2

23

65

Stephen A. Ridley

@s7ephen

7 years

Ever look at Twitter and just think to yourself: “who the hell are these people and why do they think they know so much about everything?”

6

18

64

Stephen A. Ridley

@s7ephen

7 years

Bypassing the build system and pushing a hand-patched microservice to production.

2

26

65

Stephen A. Ridley

@s7ephen

6 years

"A 'Blockchain Powered' AI Self Driving Drone for RideSharing" This is it. This is the one. We've surpassed maximum ridiculousness.

Your Coach David MA, EPT SCS SN

@YourCoachDavid

6 years

Sweet! A #Blockchain -Based Self-Flying Air-Taxi! #drone #innovation #machinelearning #SmartCity #tech #technology #future #programming #Programmer #Java #javascript #code #WE #coding #MySQL #Python #Ruby #Swift #API #php #Linux #webdev #AI #Oracle #DataSciece MT @MikeQuindazzi

12

191

241

8

30

64

Stephen A. Ridley

@s7ephen

7 years

This is what I hear when people on social media comment on geopolitics.

1

26

63

Stephen A. Ridley

@s7ephen

8 years

I raise my glass to the security researchers that still do it for the love of the puzzles and not the politics. You know who you are.

6

35

63

Stephen A. Ridley

@s7ephen

8 years

At @XipiterSec we might have these t-shirts made. They're much needed. ML is today. AI is *maybe* the future.

2

48

61

Stephen A. Ridley

@s7ephen

7 years

I’ve learned that there are still pockets of soul in Infosec. Glimmers of how it used to be. The Aussie scene is where it’s at.

5

17

63

Stephen A. Ridley

@s7ephen

7 years

When you work most of the weekend.

0

16

62

Stephen A. Ridley

@s7ephen

1 year

🙏Please oh please let this become a thing.🙏 You thought insecure copypasta code was bad? Vulnerability researchers gonna be partying like it was 1999 again.

Mckay Wrigley

@mckaywrigley

1 year

This is just insane… My GPT-4 coding assistant can now: - build and design a frontend - create a backend with working db - correctly hook them up - upload code to GitHub - deploy it to Vercel I can now build *complete* apps with nothing more than my voice. The future is here!

755

4K

25K

2

16

61

Stephen A. Ridley

@s7ephen

1 year

In 2016 Adam Curtis (BBC) released a revealing documentary called "Hypernormalization". Covers everything from Russia to 9/11. Rare perspective. Eye-opening. The full film is free on youtube and Here is the segment on Blackrock's Aladdin. the "system"…

4

23

59

Stephen A. Ridley

@s7ephen

5 years

It took a few mins of being back on Twitter to remember why I'd been away for a couple weeks. It really is...just aweful these days. RIP infosec twitter.

4

1

57

Stephen A. Ridley

@s7ephen

7 years

Fun check of hotel Opsec: Get extra keycard at checkin Come back later with the spare Say key is fried Recite random room number when asked

1

35

61

Stephen A. Ridley

@s7ephen

7 years

The Tesla full autopilot demonstration looks like the Terminator, and I don't know how to feel about that.

2

57

59

Stephen A. Ridley

@s7ephen

6 years

My 2.5 year old daughter is enamored with the original Robotech. Absolutely obsessed. She just chose it over Dora The Explorer. "Christmas came late this year" I whisper solemnly to myself, wiping away a single tear of joy.

0

3

58

Stephen A. Ridley

@s7ephen

8 years

Bot-users account for most of the impression rates on ads. There's a Pulitzer award waiting for someone to blow the lid on net ad economy.

4

36

53

Stephen A. Ridley

@s7ephen

5 years

I will not go there on a boat I will not go there with a goat I will not go there on a train I will not go there on a plane I will not go to some events ...the ones that evoke sad laments I will not go to these...no way. I will not go to RSA. -- @natashenka 22Apr2015 (w/ edits)

1

8

58

Stephen A. Ridley

@s7ephen

1 year

Why is there not a "Github" for legislation. So we can see line-for-line "track changes" on bills. See who changed what/when. We could watch them push 3,000 page bills just a few hours before the vote. Where are the TikTok video demos showing AI summarizing 1,000+ page bills?

9

11

57

Stephen A. Ridley

@s7ephen

7 years

A Tesla predicting an accident seconds BEFORE it happens. Big Data Analytics and Machine Learning at work.

3

51

56

Stephen A. Ridley

@s7ephen

6 years

The internet always delivers.

1

38

57

Stephen A. Ridley

@s7ephen

7 years

More honest, less altruistically spun version: “Internet service searches for photos of its users on porn sites”

New Scientist

@newscientist

7 years

Facebook will use photo-matching tech to take down revenge porn

2

14

32

2

55

52

Stephen A. Ridley

@s7ephen

5 years

Ok, I think the @M5Stack might finally be the perfect little Hardware Hacking platform everyone has been searching for. Modular. Sharable. Imagine the PocketCHIP, GoodWatch, TI Chronos, Teensy, Aduboy, and MetroM0 had a lovechild. (Shame it's ESP32 tho :) Thanks @Dr_n0psl3d !!!

2

19

56