Life is so full of surprises.
As a professional community, we giggled over "military-grade crypto" for a while, but ended up having to bring modern cryptography & security into military context instead.
Working around the clock.
Thank you for all your best wishes! I hug you all (one by one) 🤗
This what not how I imagined to spend today.
Send cute animals pics? Or donate to ukr volunteers and army!
Important update: I’m still alive.
Arrived to a more quiet place (at least for now).
Kyiv was under missile attack this morning at 04:25 am. WTF. I wanna write about security engineering not about the fckng war.
#RussiaInvadedUkraine
Cyberwarfare is not a joke. I and my team are a bit busy with quickly re-learning how to use our security engineering skills in this new environment.
Maybe they will let us share some of our cases after our victory.
Glory to Ukraine! 🇺🇦
A typical 🇺🇦 day.
Wake up, drink coffee, grab laptop and start working, get air raid notification, hide in the hall "2 walls rule", hear explosions, ask all friends/colleagues if they are ok, continue working, wait until air siren is off, make more coffee and charge the laptop.
I wanna say thank you for everyone’s overwhelming support during the last year.
For your messages, warm words, cat pics, offers to help, trust and care ❤️
Continue resisting 🛡️
I’m alive. My team and their families are fine. We set up coordination centers in different places, continue to work, and protect UA.
To all my followers. Support Ukraine. Goto protests, donate $$, request your gov to send UA ammo, and block Ru companies.
#RussiaInvadedUkraine
Hello new followers! 🥑
I'm Anastasiia, I do software security and applied cryptography: risk-driven, not hype-driven. Build tools and solutions
@cossacklabs
.
Share a lot about boring crypto, e2ee, data security, zero knowledge, software security architecture.
Welcome! 👋
It’s march 24th already.
A month ago my life was ok. I had a dinner in a nice bar. Discussed new mentorship project. Walked home. Worked, read news. News was scary, stared to pack a backpack. Haven’t slept. Explosions hit at ~0510am.
28 days later, nothing will ever be the same
From
#infosec
perspective — every hour now brings x10 experience to my team.
We do things we've previously only read about in NIST guidelines. We build things we haven't read anywhere before, and they are working. Fast, efficient, secure.
Security engineering FTW.
To all my followers.
Support Ukraine. Russia bombed our cities, our apartment buildings, our critical infrastructure. Watch what is happening. Go to protests.
Ukraine will win, the spring is coming after even the scariest winter.
#RussiaInvadedUkraine
PARLIAMENTS, GOVERNMENTS, NGOS, MEDIA WE NEED YOUR HELP!
Please broadcast this video! The world must know the truth about what is happening in
#Ukraine
!
@NATO
close the sky over Ukraine!
Hi there.
I’m Anastasiia, and I’m 29 today 🤟
I like coding/researching till 5am and cats (🐶 would wake me up at 8am and it’s not okay).
I also have life besides engineering (but nobody except slaves in my basement know about that 😏. This is not slavery endorsement, btw).
A good radio antenna and a bit of cryptography knowledge allow to hijack remote control devices 🚘
Nothing complicated: padding oracle, nonce reuse, bad keys, replay attacks. But open source, popular, and exploited in a wild.
Read our research:
I have food, water, powerbanks, candles, thermos bottle with coffee, bathroom office (no windows, double walls, pillows everywhere), duplicated internet channels, masks, geiger counter and many more.
russia cannot do anything to stop me from doing what i'm doing :)
Have you always wanted a SU-34 “Fullback” strike fighter?
Drones for Ukraine (
@vysoven
) send a real piece of downed russian plane for every large donation from $1000.
Made in russia, recycled in Ukraine 🇺🇦
If you want to measure time difference between two events you shouldn't rely on current time, because user can change clock back.
You could use monotonic clock or boot timer instead.
F.e. this code piece allows your app to lock some features after X secs.
#iosdev
Cyberpunk which we deserve.
"Notice!
Internet access via Starlink11 (pwd 27031995) is available nearby village center starting from 10 April 2022.
from 0900 to 1030
from 1500 to 1630."
- Where do you store data?
- In a cloud.
Now imagine that “the cloud” is 500 TB dropbox account, that stores the database of web site run on Heroku.
True horror story, must read.
I found 3 bugs while reading crypto code for 20 min: AES-CBC nil IV, unreliable random, and outdated/vulnerable library used. Swift, Kotlin, C.
Plz audit your cryptocode. And maybe don't market your product as super secure if it was not audited.
Thanx for coming to my tedtalk.
That's actually much better than when missiles hit during night.
Waking up at 3am due to air raid siren, make a temp bed in a hall "behind two walls", wait for explosions (one night i counted 9), go back to bed trying to catch last hours of sleep. A recipe for a day headache.
When I started speaking at intl conferences, I often was the only Ukrainian there. It was scary, and confusing.
Through the years, 🇺🇦 community grow, we made friends, shared ideas, and visited each other.
Thank you for being with us!
Happy Independence day for Ukraine! 💛💙
Sorry that I don't tweet often now.. War, locations in different cities, opsec — I'm always on a run (in a good sense, but also in a bad).
Many things that excited me previously have faded.
Many things that excite me now I'm not allowed to post due to their sensitive nature😅
I gave an educational online talk about data security and encryption today while Ukr air defense was shooting down missiles and drones above. Heard three explosions.
Stress tolerance: 10/10
Have you always wanted a SU-34 “Fullback” strike fighter?
Drones for Ukraine (
@vysoven
) send a real piece of downed russian plane for every large donation from $1000.
Made in russia, recycled in Ukraine 🇺🇦
Did you know that weeks are enumerated differently this year? Depending on how you count — today is on the second week or third week.
According to ISO 8601, now is week2 (not w3). Because 1 Jan was on Friday, it counted as w53 of 2020, not as w1 of 2021.
Be careful in planning.
A small teaser of a research we are releasing next week.
TLDR: cryptographic failures exploited in the wild which allow to hijack certain devices via RF communication.
Random chat with two guys in a lobby
#javazone
Guys: Why do you have blue ribbon, we got orange?
Me: Guess.
G: Is it because you're girl?
M: O.o Nope, try again.
G: Is it because you're young and we're old?
M: Omg, no, because I'm speaker.
G: Really?! You don't look like.
🙄
hi
@xuanling11
!
you put my hand-drawn image from my presentation about ZKP in your blog post, but cut all links and my nickname 🤬🤬🤬
please don't do this.
it'd be better to leave my copyright, or even more — to actually link to my presentation.
It's a good time to talk about Building secure and reliable systems book.
I read it multiple times, each time uncovering more details and tips. Just open a random chapter and read.
100% recommend for every software / security engineer.
In Ukraine we celebrate 2 Christmas dates: 25 Dec – Catholics and 7 Jan – Orthodox.
Both days are official holidays 😊
So, technically speaking, we are drinking and partying since end of Dec to Jan 10 🥂
ReactNative apps are very good for security.
Especially if it's a "shell app", and all code is downloaded during first server request.
Please use them.
Yesterday I found API endpoints I need just by intercepting one request. Very useful. Very timesaving. Thank you devs.
For everyone who believes that TLS is enough 🤦♀️
Kazahkstan starts officially doing MitM attack for all users. Providers sent text messages requesting users to install root certificate and started to intercept traffic.
Ukrainska Pravda (w/ SBU help) figured out if Kadyrov was actually in Ukraine, as he claimed, by sending him a "draft" for a story on Telegram for him to review. He clicked it, and saw from server logs that he was actually in Grozny.
Easy phishing target!
Slides from my talk about maintaining crypto lib: easy to use vs hard to misuse.
#BlackAlps19
@BlackAlpsConf
If you use any open source libs, do me a favor, and say "thank you" to the maintainers 🧡
Thanks for all care and support. Our team is safe, security services and solution/product support are fully operational for our customers. Every free moment is spent doing our civil duty: making sure Ukraine gets max advantage from our skills.
#StandWithUkraine
Cybersecurity during war: my experience. Tomorrow join charitable stream with
@asolovyov
and me.
We are raising $$$ for 🇺🇦 military forces.
Language: ukrainian. 9 aug, 1800 Kyiv time.
cc
@cossacklabs
@fwdays
Ukrainians use dozens of special purpose mobile apps now. Artillery, planning & syncs, C2, C2ISR, controlling weapons, etc.
Some operations are fully robotic now. Mesh networks, AI / ML, real-time video streaming, etc.
Just saying 🌚
Noone asked, but this is how (a part of)
@wwcodekyiv
org team looks like.
4 years ago we started Kyiv chapter, now it unites more than 10 technology streams and ~2000 software engineers 🔥
Ahem,
@AppleMusic
that’s weird to see ukrainian singer alyona alyona that signs in ukrainian under “russian-language bops” collection.
Russian is not the only language with cyrillic alphabet, uknow. Attaching map just in case.
My full 1h story about implementing end-to-end encryption for
@BearNotesApp
.
More slides, more code, more links 🍷
Watch slides 💻:
Or read the post 📚:
@frenchkitconf
#frenchkit
CommonCrypto vs CryptoKit
#wwdc19
One line of code instead of dozen lines of playing with pointers!
One line for encryption, one line for key generation! 🤯🤯🤯
CryptoKit will even zeroing a buffer for you
Next two weeks:
🇨🇭
🔮 crypto engineering training w/
@veorq
🏔 talk, workshop, two days of crypto networking at
@BlackAlpsConf
EPFL,🧀,🍷,⛰🏔🗻
🇺🇸
🌉 three days of fantastic
@QConSF
, im hosting intense security eng track on Wed
🌊🚋 🥑
either i'm doing smth wrong, or MS teams is the worse chat software ever.
it's slow, it's not clear if all messages are downloaded, the ui is laggy.
how people use it day by day 😫