Jonathan Leitschuh @ Open Source Summit’s Tweets

Cain Maddox

@ctrlshifti

5h

idea: a gameshow called Imposter Syndrome where you take 10 senior developers and tell them that one of them is actually just a sales guy who's been taught to say DevOps buzzwords. to win, they have to figure out who the fake dev is. the trick: there is no sales guy

48

538

3,230

Your show inspired a passion for me in security and security research. You helped craft my understanding of what a vulnerability is and is not. Thank you for helping educate the next generation of hackers!

1

At

&

I'll be presenting "Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All", about generating hundreds, or sometimes thousands of pull requests to fix OSS security vulnerabilities at scale. blackhat.com/us-22/briefing

1

This year, I became the first ever Dan Kaminsky Fellow, a fellowship created to celebrate

@dakami

's memory by funding a Fellow for a year to work on open-source projects that make the world a better (and more secure) place. It has been an honor to be that individual. 4/

Quote Tweet

· Jul 24

It's been an absolute honor to be the 2021 Dan Kaminsky Fellow If you've got a project that you think will improve the security of the internet and want an incubator to work on that project for a year, consider applying! kaminskyfellowship2022.splashthat.com

1

It's because of your show that I have the title Open Source Security Researcher. I'm proud of that title. 3/

1

Topics to follow

Sign up to get Tweets about the Topics you follow in your Home timeline.

Carousel

@SGgrc

it's from your stories of great hackers like

@taviso

(and Google Project Zero),

@dakami

, and many others, that I learned the norms of vulnerability disclosure. I learned the importance of building software that is secure-by-default. 2/

1

.

I've been listening to

@SecurityNow

for years. This year I'm speaking at

@BlackHatEvents

,

@defcon

, and

@BSidesLV

! I learned so much from your show. I wouldn't be where I am today without it. Thank you so much for the amazing education you've provided! ❤️ 1/

1

3

hey #hackersummercamp folks - which talks are "must not miss" for you? i'm looking forward to

,

and

,

,

, and

policy department w/

et al cc:

5

31

张惠倩

@momika233

Jul 31

CVE-2022-33891 - Apache Spark Shell Command Injection url+/?doAs=`sleep 7`

7

175

638

gwire

@gwire

Jul 29

So apparently the TSB banking app is failing, and users are being presented with an error message “Not enough good slaves” - which, to non-technical users, is unexpected. I do feel that the move a few years ago to remove master/slave terminology from computing was the right one.

50

777

3,531

Clive Thompson

@pomeranian99

May 1, 2017

Memory leaks on missiles don't matter, so long as the missile explodes before too much leaks. A 1995 memo: groups.google.com/forum/message/

111

5,301

7,235

Piotr Jagielski

@pioterj

Gradle Build Tool — Application Security Engineer

The Gradle Build Tool application security engineer role provides a unique opportunity to make an impact on the security of the entire software supply chain. See boards.greenhouse.io/gradle/jobs/43 for details.

boards.greenhouse.io

Worldwide

3

4

this is rob dyke dot com

@robdykedotcom

Is this MFA?

The following media includes potentially sensitive content. Change settings

Quote Tweet

· Jul 28

TIL: Pharmacy staff print out their passwords on barcodes they stick to their hands. Every time the get a prompt for their password, they just use the barcode scanner to enter it. "It saves us so much time every day" Never underestimate the end user pic.twitter.com/IarLjkWLeW

View

1

3

TIL: Pharmacy staff print out their passwords on barcodes they stick to their hands. Every time the get a prompt for their password, they just use the barcode scanner to enter it. "It saves us so much time every day" Never underestimate the end user

The following media includes potentially sensitive content. Change settings

View

3

2

8

Can you spot the *potential* security vulnerability still present in the

@PortSwigger

"How to prevent a directory traversal attack" guide java code snippet? portswigger.net/web-security/f

The following media includes potentially sensitive content. Change settings

View

2

4

44

GitHub

@github

Jul 27

"It’s often that the security community blames the end-user for being uneducated or making mistakes that get them hacked or compromised, but doesn’t look inward to see how they can improve their own systems."

As a kid, @JLLeitschuh discovered robotics and programming were his happy place. After college, he stumbled into open source security research. Hear him share the whole story, now on The ReadME Pro...

on open source security.

github.com

Jonathan Leitschuh

3

13

55

Jul 25

I'm a security researcher, I do not hold a cybersecurity degree. I have a degree in Robotics and Computer Science. We all get here our own way

Quote Tweet

Daniel Kelley

@danielmakelley

· Jul 23

People without cybersecurity degrees created the content that is taught in cybersecurity degree classes.

2

chaos queen

@_mormaid

Jul 23

You really gotta be careful in infosec because you’re like 22 and comparing yourself to 45 year olds who have 20 years experience on you like that’s a normal expectation to have for yourself. Sis take your annual leave and have fun, you can’t always speedrun your career

41

235

1,601

thedankaminskyfellowship2022.splashthat.comThe Dan Kaminsky Fellowship 2022Supporting open source projects to strengthen this Internet

Jul 24

It's been an absolute honor to be the 2021 Dan Kaminsky Fellow If you've got a project that you think will improve the security of the internet and want an incubator to work on that project for a year, consider applying!

The following media includes potentially sensitive content. Change settings

View

2

10

Kevin Beaumont

@GossiTheDog

Jul 24

fuck it I'm retiring

Quote Tweet

Lucas Moffitt

@LucasMoffitt

· Jul 24

Replying to @GossiTheDog

AI is going to put you out of a job

3

4

63

Jul 22

If you can't make it to

@BlackHatEvents

,

@defcon

, or

@BSidesLV

I'll be giving my talk again in Italy in October to

@nohatcon

!

Quote Tweet

No Hat Con

@nohatcon

· Jul 21

Looks like @JLLeitschuh will be part of #nohat2022's lineup: "Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All" nohat.it/speakers#jonat

1

2

7

Microsoft starts blocking Office macros by default, once again

Kevin Beaumont

@GossiTheDog

Jul 21

Microsoft did a U-turn on the Office macro hardening. It's rolling back out to Office 365 Current Channel now, enabled by default. It will go on to Office 365 Semi-Annual etc, then to Office 2013, 2016, 2019 later. Big security win.

bleepingcomputer.com

Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback.

5

156

492

Jake Williams

@MalwareJake

Jul 18

Please RT for reach: I need examples case studies where a national government retaliated against a security researcher for publicly reporting about a vulnerability. Note: I can't use China/Alibaba/log4j here for reasons.

31

179

133

Kevin Beaumont

@GossiTheDog

I like this. Whenever I hear people say 'don't click on links in emails or open attachments from people you don't know' I think... you know that's literally my job, right? You know people open resumes when recruiting, right?

Quote Tweet

Liam O

@liamosaur

· Jul 15

TIL that CWE-655 "Insufficient Psychological Acceptability" is a thing, and yelled "yes... YES!!" at the screen as I was reading it

Show this thread

6

24

143

U.S. Fish and Wildlife

@USFWS

If you're dead inside, go outside. Whether you're taking a walk in a park or hiking in the wilderness, spending time in nature can improve mental health and cognition. Where is your favorite place to spend time outside? Photo by Courtney Celley/USFWS.

River flowing through tree lined rocky cliffs with text overlay "if you're dead inside, go outside"

read image description

ALT

738

7,665

35.4K

keegan.

@imkeegsx

the sims team kinda big slay

553

24.5K

271.2K

Special thanks to

from the

for bringing this class of vulnerability to my attention!

7

github.comGitHubGitHub is where people build software. More than 83 million people use GitHub to discover, fork, and contribute to over 200 million projects.

That vulnerability in the AWS-sdk-java I found was just disclosed! CVE-2022-31159: Partial Path Traversal vulnerability in the AWS-sdk-java TransferManager (downloads the contents of S3 buckets).

The following media includes potentially sensitive content. Change settings

View

2

4

17

HUMAN

@SecureWithHUMAN

The first recipient of the Dan Kaminsky Fellowship,

will be speaking at

@BlackHatEvents

about Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All. If you'll be in Vegas we hope you can join us there on August 11th bit.ly/3PqC71J

2

Jul 14

By comparison,

@TMobile

charges $35 for 5 days for only 5GB

1

Jul 14

Not sponsored at all, just very impressed!

1

ref.airalo.comeSIM data packsNo more roaming fees. Instant connectivity in 190+ countries.

Jul 14

International #travelhack I just discovered and wish I'd known about earlier. Instead of buying a SIM, or paying your carrier for an international plan upgrade, download a data eSIM from

@airalocom

. In France I bought 10GB of data for 30 days for $22.50!

The following media includes potentially sensitive content. Change settings

View

3

HUMAN

@SecureWithHUMAN

Jan 19

We're excited to announce our first Dan Kaminsky Fellow: Jonathan Leitschuh! Jonathan will be joining HUMAN for the year to work on his open-source project. Learn more about him and the importance of open-source work from HUMAN's Adrian Woodhead: humansecurity.com/blog/our-first

1

4

11

HUMAN

@SecureWithHUMAN

Jul 12

What does it mean to be the first person chosen for the Dan Kaminsky Fellowship?

The Dan Kaminsky Fellowship: Year One in Review

talks about it all from his perspective and how his life has changed this year. Applications for the next fellowship recipient are open until Aug 15, 2022

humansecurity.com

HUMAN's Lucius Dennis sat down with the first Dan Kaminsky Fellow about his experience and open-source project.

1

4

Harlequin | Cyberista

Replying to

and

2

13

🤦🏻‍♀️

we need to talk. You know where to find us for knowledgeable experts in this exact area to help your lawyers & execs understand that this isn’t serving your users or reducing your risk (& eventual legal liability for security holes) Info

@LutaSecurity

dot com

The following media includes potentially sensitive content. Change settings

Quote Tweet

· Jul 11

.@AWSSecurityInfo team: You must sign an NDA to receive a Bug Bounty. Me: I don't normally agree to NDAs. Can I read it first before agreeing? AWS: We're unable to share the BB program NDA since it and other contract documents are considered sensitive by the legal team pic.twitter.com/xBPPpT7dbJ

View

4

12

31