#trailofbits — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #trailofbits, aggregated by home.social.
-
source: 404media.co/a-secure-chat-apps…
The #Swisscows CEO confirmed a “technically possible but artificially constructed scenario.” Trail of Bits, for its part, refers to a “misrepresentation” of the #exploit by Swisscows: “The core problem is that Teleguard’s server has all the information needed to decrypt every user’s private key and read every message,” said #DanGuido, co-founder and CEO of #TrailOfBits .
#teleguard #chat #messenger #security #encryption #hack #hacker #software #fail #omg #wtf #news #meme #bug #internet #spy #attack #end2end #rsa
-
source: 404media.co/a-secure-chat-apps…
The #Swisscows CEO confirmed a “technically possible but artificially constructed scenario.” Trail of Bits, for its part, refers to a “misrepresentation” of the #exploit by Swisscows: “The core problem is that Teleguard’s server has all the information needed to decrypt every user’s private key and read every message,” said #DanGuido, co-founder and CEO of #TrailOfBits .
#teleguard #chat #messenger #security #encryption #hack #hacker #software #fail #omg #wtf #news #meme #bug #internet #spy #attack #end2end #rsa
-
source: 404media.co/a-secure-chat-apps…
The #Swisscows CEO confirmed a “technically possible but artificially constructed scenario.” Trail of Bits, for its part, refers to a “misrepresentation” of the #exploit by Swisscows: “The core problem is that Teleguard’s server has all the information needed to decrypt every user’s private key and read every message,” said #DanGuido, co-founder and CEO of #TrailOfBits .
#teleguard #chat #messenger #security #encryption #hack #hacker #software #fail #omg #wtf #news #meme #bug #internet #spy #attack #end2end #rsa
-
----------------
🛠️ Tool
===================Opening: Trail of Bits maintains an opinionated configuration repository for working with Claude Code that codifies defaults, workflows, and recommended patterns for security audits, development, and research. The project documents approaches for sandboxing, permission handling, extensibility via hooks and skills, and options for MCP servers and local models.
Key Features:
• Sandboxing and permissions: clear guidance on restricting agent capabilities and separating risky actions from privileged contexts.
• Hooks and skills: patterns for extending Claude Code with custom hooks and reusable skills to automate common audit tasks.
• MCP server patterns: documented layouts and usage patterns for Model Context Protocol servers to centralize context management across sessions.
• Local model support: notes and recommendations for running local models with tools such as LM Studio and headless daemons like llmster.
• Terminal and session guidance: recommended terminal (Ghostty) and operational notes for handling long, high-volume Claude Code sessions.Technical Implementation:
• The repository presents opinionated configuration files, integration points for hooks/skills, and documented MCP server topologies rather than executable scripts.
• Design choices emphasize principle-of-least-privilege for agent actions, separation of IO-bound operations into isolated sandboxes, and modular skill injection to keep sessions auditable and reproducible.Use Cases:
• Security audits where an analyst needs repeatable LLM-driven workflows constrained by explicit permission boundaries.
• Development and research setups requiring local model experimentation, context servers, and consistent session tooling.
• Teams that require a shared baseline for Claude Code sessions to reduce variance across engagements.Limitations:
• The repository is opinionated and reflects Trail of Bits operational preferences; it may not fit all organizational policies or threat models.
• Some components referenced (terminals, local model tooling) assume platform compatibility and may require alternative choices in constrained environments.References:
• Core concepts include claude-code-config, Ghostty, LM Studio, llmster, and MCP patterns. Documentation focuses on capabilities and integration patterns rather than installation or runtime instructions.🔹 tool #claudecode #mcp #sandboxing #trailofbits
🔗 Source: https://github.com/trailofbits/claude-code-config?tab=readme-ov-file
-
👨💻 Wow, an "amazing" discovery: code has bugs 🐞—who would've guessed?! 🎉 Trail of Bits bravely announces they used a tool to find issues, as if highlighting a #zero-day is akin to finding Waldo in a single-page book. 🤦♂️
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/ #amazingdiscovery #codebugs #TrailofBits #findings #softwareissues #HackerNews #ngated -
👨💻 Wow, an "amazing" discovery: code has bugs 🐞—who would've guessed?! 🎉 Trail of Bits bravely announces they used a tool to find issues, as if highlighting a #zero-day is akin to finding Waldo in a single-page book. 🤦♂️
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/ #amazingdiscovery #codebugs #TrailofBits #findings #softwareissues #HackerNews #ngated -
👨💻 Wow, an "amazing" discovery: code has bugs 🐞—who would've guessed?! 🎉 Trail of Bits bravely announces they used a tool to find issues, as if highlighting a #zero-day is akin to finding Waldo in a single-page book. 🤦♂️
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/ #amazingdiscovery #codebugs #TrailofBits #findings #softwareissues #HackerNews #ngated -
👨💻 Wow, an "amazing" discovery: code has bugs 🐞—who would've guessed?! 🎉 Trail of Bits bravely announces they used a tool to find issues, as if highlighting a #zero-day is akin to finding Waldo in a single-page book. 🤦♂️
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/ #amazingdiscovery #codebugs #TrailofBits #findings #softwareissues #HackerNews #ngated -
We found cryptography bugs in the elliptic library using Wycheproof
#HackerNews #cryptography #bugs #elliptic #library #Wycheproof #cybersecurity #TrailofBits
-
We found cryptography bugs in the elliptic library using Wycheproof
#HackerNews #cryptography #bugs #elliptic #library #Wycheproof #cybersecurity #TrailofBits
-
We found cryptography bugs in the elliptic library using Wycheproof
#HackerNews #cryptography #bugs #elliptic #library #Wycheproof #cybersecurity #TrailofBits
-
We found cryptography bugs in the elliptic library using Wycheproof
#HackerNews #cryptography #bugs #elliptic #library #Wycheproof #cybersecurity #TrailofBits
-
We found cryptography bugs in the elliptic library using Wycheproof
#HackerNews #cryptography #bugs #elliptic #library #Wycheproof #cybersecurity #TrailofBits
-
Hidden Commands in Images Exploit AI Chatbots and Steal Data https://hackread.com/hidden-commands-images-exploit-ai-chatbots-steal-data/ #ArtificialIntelligence #Cybersecurity #Vulnerability #TrailofBits #Security #Chatbot #Gemini #AI
-
Hidden Commands in Images Exploit AI Chatbots and Steal Data https://hackread.com/hidden-commands-images-exploit-ai-chatbots-steal-data/ #ArtificialIntelligence #Cybersecurity #Vulnerability #TrailofBits #Security #Chatbot #Gemini #AI
-
Hidden Commands in Images Exploit AI Chatbots and Steal Data https://hackread.com/hidden-commands-images-exploit-ai-chatbots-steal-data/ #ArtificialIntelligence #Cybersecurity #Vulnerability #TrailofBits #Security #Chatbot #Gemini #AI
-
Buttercup: Open-source AI-driven system detects and patches vulnerabilities https://www.helpnetsecurity.com/2025/08/18/buttercup-ai-vulnerability-scanner-open-source/ #TrailofBits #opensource #Don'tmiss #Hotstuff #software #GitHub #DARPA #News
-
Buttercup: Open-source AI-driven system detects and patches vulnerabilities https://www.helpnetsecurity.com/2025/08/18/buttercup-ai-vulnerability-scanner-open-source/ #TrailofBits #opensource #Don'tmiss #Hotstuff #software #GitHub #DARPA #News
-
Buttercup: Open-source AI-driven system detects and patches vulnerabilities https://www.helpnetsecurity.com/2025/08/18/buttercup-ai-vulnerability-scanner-open-source/ #TrailofBits #opensource #Don'tmiss #Hotstuff #software #GitHub #DARPA #News
-
The Zoom attack you didn’t see coming https://www.helpnetsecurity.com/2025/04/18/zoom-remote-control-attack/ #socialengineering #cryptocurrency #TrailofBits #cybercrime #Don'tmiss #Hotstuff #malware #scams #News #Zoom
-
The Zoom attack you didn’t see coming https://www.helpnetsecurity.com/2025/04/18/zoom-remote-control-attack/ #socialengineering #cryptocurrency #TrailofBits #cybercrime #Don'tmiss #Hotstuff #malware #scams #News #Zoom
-
The Zoom attack you didn’t see coming https://www.helpnetsecurity.com/2025/04/18/zoom-remote-control-attack/ #socialengineering #cryptocurrency #TrailofBits #cybercrime #Don'tmiss #Hotstuff #malware #scams #News #Zoom
-
huh #trailofbits did an audit of #simplex - only the "protocol spec" https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf
quite limited scope. and last time i looked at the spec i lost my appetite, but apparently there have been updates, like addition of sntrup pq kem. so maybe this has improved? still wouldn't use it the supply chain attack surface is begging for a "soon" not an "if". and the global transcript of group chats was out of scope in this audit. so, meh?
-
White House: Use memory-safe programming languages to protect the nation https://www.helpnetsecurity.com/2024/02/27/memory-safe-programming-languages/ #criticalinfrastructure #softwaredevelopment #Horizon3.ai #programming #TrailofBits #government #Don'tmiss #Honeywell #Hotstuff #News #USA
-
White House: Use memory-safe programming languages to protect the nation https://www.helpnetsecurity.com/2024/02/27/memory-safe-programming-languages/ #criticalinfrastructure #softwaredevelopment #Horizon3.ai #programming #TrailofBits #government #Don'tmiss #Honeywell #Hotstuff #News #USA
-
White House: Use memory-safe programming languages to protect the nation https://www.helpnetsecurity.com/2024/02/27/memory-safe-programming-languages/ #criticalinfrastructure #softwaredevelopment #Horizon3.ai #programming #TrailofBits #government #Don'tmiss #Honeywell #Hotstuff #News #USA
-
White House: Use memory-safe programming languages to protect the nation https://www.helpnetsecurity.com/2024/02/27/memory-safe-programming-languages/ #criticalinfrastructure #softwaredevelopment #Horizon3.ai #programming #TrailofBits #government #Don'tmiss #Honeywell #Hotstuff #News #USA
-
Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs – Source: www.techrepublic.com https://ciso2ciso.com/attackers-could-eavesdrop-on-ai-conversations-on-apple-amd-imagination-and-qualcomm-gpus-source-www-techrepublic-com/ #rssfeedpostgeneratorecho #ArtificialIntelligence #SecurityonTechRepublic #SecurityTechRepublic #largelanguagemodels #CyberSecurityNews #appleiphone15 #appleipadair #GenerativeAI #imagination #trailofbits #opensource #Developer #Qualcomm
-
Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs – Source: www.techrepublic.com https://ciso2ciso.com/attackers-could-eavesdrop-on-ai-conversations-on-apple-amd-imagination-and-qualcomm-gpus-source-www-techrepublic-com/ #rssfeedpostgeneratorecho #ArtificialIntelligence #SecurityonTechRepublic #SecurityTechRepublic #largelanguagemodels #CyberSecurityNews #appleiphone15 #appleipadair #GenerativeAI #imagination #trailofbits #opensource #Developer #Qualcomm
-
📬 LeftoverLocals: Apple, AMD und Qualcomm GPUs von Sicherheitslücke betroffen
#ITSicherheit #AMD #Apple #CPUs #HeidyKhlaaf #LeftoverLocals #ProofofConcept #Qualcomm #Sicherheitslücke #TrailofBits https://sc.tarnkappe.info/af0398 -
📬 LeftoverLocals: Apple, AMD und Qualcomm GPUs von Sicherheitslücke betroffen
#ITSicherheit #AMD #Apple #CPUs #HeidyKhlaaf #LeftoverLocals #ProofofConcept #Qualcomm #Sicherheitslücke #TrailofBits https://sc.tarnkappe.info/af0398 -
📬 LeftoverLocals: Apple, AMD und Qualcomm GPUs von Sicherheitslücke betroffen
#ITSicherheit #AMD #Apple #CPUs #HeidyKhlaaf #LeftoverLocals #ProofofConcept #Qualcomm #Sicherheitslücke #TrailofBits https://sc.tarnkappe.info/af0398 -
CFTC adds execs from Circle, Ava Labs and Fireblocks to tech advisory group - The technology advisory committee aims to assist the CFTC in “ide... - https://cointelegraph.com/news/cftc-adds-execs-from-circle-ava-labs-and-fireblocks-to-tech-advisory-group #technologyadvisorycommittee #incadigital #trailofbits #fireblocks #abalanche #avalabs #trmlabs #circle #cftc
-
CFTC adds execs from Circle, Ava Labs and Fireblocks to tech advisory group - The technology advisory committee aims to assist the CFTC in “ide... - https://cointelegraph.com/news/cftc-adds-execs-from-circle-ava-labs-and-fireblocks-to-tech-advisory-group #technologyadvisorycommittee #incadigital #trailofbits #fireblocks #abalanche #avalabs #trmlabs #circle #cftc
-
CFTC adds execs from Circle, Ava Labs and Fireblocks to tech advisory group - The technology advisory committee aims to assist the CFTC in “ide... - https://cointelegraph.com/news/cftc-adds-execs-from-circle-ava-labs-and-fireblocks-to-tech-advisory-group #technologyadvisorycommittee #incadigital #trailofbits #fireblocks #abalanche #avalabs #trmlabs #circle #cftc
-
CFTC adds execs from Circle, Ava Labs and Fireblocks to tech advisory group - The technology advisory committee aims to assist the CFTC in “ide... - https://cointelegraph.com/news/cftc-adds-execs-from-circle-ava-labs-and-fireblocks-to-tech-advisory-group #technologyadvisorycommittee #incadigital #trailofbits #fireblocks #abalanche #avalabs #trmlabs #circle #cftc
-
CW: Curl, security audit
I truly enjoyed reading Trail of Bits blog post on their security audit of #curl ( https://blog.trailofbits.com/2022/12/22/curl-security-audit-threat-model/ ) and @bagder answer on his blog ( https://daniel.haxx.se/blog/2022/12/21/the-2022-curl-security-audit/ ).
This is the way security audits should be handled, keeping clarity, addressing critical flaws, and working together towards a common path, software security and reliability. -
The 2022 #Curl Security Audit by #trailofbits was interesting as I've myself done quite a bit of digging into curl internals over the years. While there were many findings, only two of them were considered security vulnerabilities.
2022 security audit: https://daniel.haxx.se/blog/2022/12/21/the-2022-curl-security-audit/
older post about increased CVE activity: https://daniel.haxx.se/blog/2022/08/22/increased-cve-activity-in-curl/
-
CFTC adds execs from Circle, Ava Labs and Fireblocks to tech advisory group
https://cointelegraph.com/news/cftc-adds-execs-from-circle-ava-labs-and-fireblocks-to-tech-advisory-group
#TechnologyAdvisoryCommittee #IncaDigital #TrailofBits #FireBlocks #Abalanche #AvaLabs #TRMLabs #Circle #CFTC -
CFTC adds execs from Circle, Ava Labs and Fireblocks to tech advisory group
https://cointelegraph.com/news/cftc-adds-execs-from-circle-ava-labs-and-fireblocks-to-tech-advisory-group
#TechnologyAdvisoryCommittee #IncaDigital #TrailofBits #FireBlocks #Abalanche #AvaLabs #TRMLabs #Circle #CFTC -
The 2022 #Curl Security Audit by #trailofbits was interesting as I've myself done quite a bit of digging into curl internals over the years. While there were many findings, only two of them were considered security vulnerabilities.
2022 security audit: https://daniel.haxx.se/blog/2022/12/21/the-2022-curl-security-audit/
older post about increased CVE activity: https://daniel.haxx.se/blog/2022/08/22/increased-cve-activity-in-curl/
-
The 2022 #Curl Security Audit by #trailofbits was interesting as I've myself quite a bit of digging into curl internals over the years. While there were many findings, only two of them were considered security vulnerabilities.
2022 security audit: https://daniel.haxx.se/blog/2022/12/21/the-2022-curl-security-audit/
older post about increased CVE activity: https://daniel.haxx.se/blog/2022/08/22/increased-cve-activity-in-curl/