Cem Paya @randomoracle
@[email protected] Personal opinions “Character is what you tweet when you think no one is following" ex-MSFT/GOOG/ABNB/Gemini randomoracle.wordpress.com San Diego, CA Joined December 2008-
Tweets10K
-
Followers2K
-
Following717
-
Likes8K
A deeper, more technical dive into a design flaw in the ScreenConnect executable that made it particularly appealing for malicious campaigns. blog.randomoracle.io/2025/06/26/scr… History Case: blog.randomoracle.io/2025/06/16/the…
Now that GDATA also posted about this and cat is out of the bag. Write-up on how ScreenConnect was abusing Microsoft Authenticode signatures in a way that made it ideal for malware to repurpose their installers (previously disclosed to vendor) blog.randomoracle.io/2025/06/26/scr…
1/ 🔥 AI agents are reaching a breakthrough moment in cybersecurity. In our latest work: 🔓 CyberGym: AI agents discovered 15 zero-days in major open-source projects 💰 BountyBench: AI agents solved real-world bug bounty tasks worth tens of thousands of dollars 🤖…
Recent work from River security team and @rmhrisk : how our discovery of bogus "River desktop app" in the wild lead to DigiCert revoking ConnectWise's code-signing certificate and invalidating all existing ScreenConnect binaries on Windows blog.randomoracle.io/2025/06/16/the…
Mangled casings from 2 of those 4 thermonuclear weapons from the Palomares (Spain) broken-arrow incident is on exhibit at the Museum of Nuclear Science & History in Albuquerque. nuclearmuseum.org/see/exhibits/c…
Mangled casings from 2 of those 4 thermonuclear weapons from the Palomares (Spain) broken-arrow incident is on exhibit at the Museum of Nuclear Science & History in Albuquerque. nuclearmuseum.org/see/exhibits/c…
Thoughts on ByBit First, the good stuff: impressive response to the hack. I've rarely seen that level of transparency + professionalism in a crisis. Usually you see slow, wishy-washy, lawyer-speak or quick meme-style responses that don't fit the seriousness of the situation. 1/n
Learned a lot about security from @randomoracle @michaelbreu back in the day. Lesson one is anything that can be penetrated will be. Software and hardware, and the practices around them, must be resilient & redundant. Every step must have integrity. No shortcuts.
Learned a lot about security from @randomoracle @michaelbreu back in the day. Lesson one is anything that can be penetrated will be. Software and hardware, and the practices around them, must be resilient & redundant. Every step must have integrity. No shortcuts.
Until October 30, Okta generated "the cache key" by using bcrypt to "hash a combined string of userId + username + password", which allowed full password auth bypass for usernames of 52+ bytes and apparently required only partial knowledge of the password for other long usernames
Until October 30, Okta generated "the cache key" by using bcrypt to "hash a combined string of userId + username + password", which allowed full password auth bypass for usernames of 52+ bytes and apparently required only partial knowledge of the password for other long usernames
1988: The Morris worm spread like wildfire and was the first worm to get wide media attention. After its author, Robert Tappan Morris, released his "experiment", it quickly spread and made many of the systems on the Internet unusable - an epoch for security...both good and bad.
🎉 Thrilled by the incredible enthusiasm for our LLM Agents MOOC—12K+ registered learners & 5K+ Discord members! 📣 Excited to launch today the LLM Agents MOOC Hackathon, open to all, with $200K+ in prizes & credits! 🔗 Sign up now: rdi.berkeley.edu/llm-agents-hac… & join us virtually or…
#ECJ upholds the fine of €2.4 billion imposed on @Google for abuse of its dominant position by favouring its own comparison shopping service #competition @EU_Commission 👉 curia.europa.eu/jcms/jcms/Jo2_…
So-called experts: "Tornado Cash is a valuable privacy service used by everyday people for legit purposes" Reality: #delusions #KYCfail coindesk.com/markets/2024/0…
Identity fails With Twitter verified profiles, users at least have some confidence they are following the genuine bloviator/influencer On GitHub still no way to know if that ace developer is really a North Korean stooge/APT operative 🤷🏽
Identity fails With Twitter verified profiles, users at least have some confidence they are following the genuine bloviator/influencer On GitHub still no way to know if that ace developer is really a North Korean stooge/APT operative 🤷🏽
JD Vance’s dossier would have been safe if the campaign stored it on CouchDB 🤷 thedailybeast.com/trumps-270-pag…
#Clownstrike: "Combining third-rate technology with first-rate lawyers: always ready with a DMCA takedown notice in case anyone dare criticize us" arstechnica.com/tech-policy/20…
"Creating our own bytecode VM for detection rules will be much safer than constantly writing new code for kernel mode 💡" — said someone somewhere at #Clownstrike
@randomoracle @rmhrisk It would be a different story if Google allowed GrapheneOS to pass the device and strong integrity levels via the hardware attestation API but added an extra field in the response saying that the OS is GrapheneOS. Apps could go out of the way to ban it if they wanted.
Sign of incompetent vendor: Puts more effort into cease & desist orders against obviously non-infringing parody/satire than improving their weak-sauce technology that caused a global IT outage #Clownstrike #DumpsterFire
GrapheneOS threatening to sue Google is strange; it is Authy that decided to restrict their app to "genuine" Android devices based on remote attestation Also for perspective: Authy's days are numbered anyway, given that future is passwordless arstechnica.com/gadgets/2024/0…
nic carter @nic__carter
419K Followers 4K Following escaping the permanent underclass | https://t.co/mQ5frnwUMV
Ryan Hurst @rmhrisk
6K Followers 3K Following Dropout. Father. I build things. Security, Cryptography, Engineering, Entrepreneurship. @peculiarventure + xMSFT + xGOOG ++. also on https://t.co/FaDXJfnZBm & Bluesky
Steve Weis @sweis
10K Followers 3K Following Software engineer interested in cryptography, security, privacy, and machine learning.
Adam Back @adam3us
692K Followers 1K Following cypherpunk, cryptographer, privacy/ecash, inventor hashcash (Bitcoin mining) PhD Comp Sci. Co-Founder/CEO https://t.co/CysB3cs7Pp & Co-Founder/CEO @bstrco
David Wong @cryptodavidw
16K Followers 3K Following security @zksecurityXYZ & research @archetypeVC, author of Real-World Cryptography, prev: architect @Mina, sec lead Libra (@Facebook), crypto @NCCGroup
Tuur Demeester @TuurDemeester
308K Followers 3K Following Host of @BReelPod. Board @TXBitcoinFound, advisor to @Blockstream, @Unchained, @AnchorWatch.
Alexander Leishman �... @Leishman
47K Followers 3K Following CEO & CTO @River. #Bitcoin. Keeping the fire of human liberty shining bright 🔥
dragosr @dragosr
24K Followers 9K Following Stop, Think, Pwn! (see also @[email protected], https://t.co/BjclXYWQ9R for alternate)
Heather Adkins - Ꜻ ... @argvee
14K Followers 1K Following VP Security @Google, Co-Author "Building Secure and Reliable Systems" @r00t0wns, Medieval Historian
Ryan Naraine @ryanaraine
28K Followers 836 Following 🎧 Three Buddy Problem: https://t.co/ZGEyqy2h7g. ✍🏼 Writing: @securityweek 🗣️ Conference: @labscon_io
Nasko Oskov @nasko
3K Followers 1K Following Security geek with his own views and opinions. Hacking on Chromium to make it more secure, increasing the cost for attackers. @[email protected]
Brandon Arvanaghi �... @brandon
26K Followers 2K Following CEO @Meow. Free bookkeeping for startups: https://t.co/bOq08HHuLM
Cameron Winklevoss @cameron
750K Followers 3K Following Co-Founder @gemini Co-Founder @winklevosscap Guitars @marsjunction
Fahad Bn Khalid @ALTMKEEN1
8 Followers 20 Following
Hugo @Hugo38413820636
0 Followers 2K Following
alex @aleex6ix
58K Followers 25K Following Web3 Creator | @Duelbits & @GlydeGG Partner | prev: @ton_blockchain - DM on TG
alana Sandra @DaveAlana20
166 Followers 3K Following still available for all content hot pictures and videos
MD.Mamun uddin @Md01815088441
54 Followers 1K Following
Alpha Trencher @AlphaTrencher
456 Followers 1K Following Trading trenches for a living, broke one day, millionaire the next 💎🙌 ALPHA https://t.co/geoCEd5OeS
Koufaw @Koufaw1427
28 Followers 1K Following
Qenoob @Qenoob8134411
11 Followers 1K Following
Alexander Leishmann �... @Leishgman
122 Followers 2K Following CEO & CTO @River. #Bitcoin. Keeping the fire of human liberty shining bright 🔥
三生石 @0XSSS2008
112 Followers 3K Following
Ghfss @gadda1234
28 Followers 1K Following
jessiepinkman@45 @jessiepink7522
601 Followers 6K Following
CHA Minseok(Jacky) @mstoned7
3K Followers 5K Following CHA is my family name. Senior Principal Threat Intelligence Researcher at AhnLab / Keybase : mstoned7 , Signal : mstoned7.21 / Tweets are my own.
Hamad Hamad @HamadHamad29777
7 Followers 59 Following
Terminal405 @theTerminal405
9 Followers 92 Following
Talia B @Talia_Bieber1
460 Followers 2K Following Belieber JUSTIN PLEASEEE FOLLOW ME!!!!!!!!!!!!!!!!!!!!!!!!!!!! BELIEBER JUSTIN'S MY LIFE Toronto, Canada
Pat @patlovessol
23 Followers 387 Following professional degenerate and steroid user || shitcoins, nfts, crypto ||
Vwiauru @Vwiauru86124
57 Followers 1K Following
askew fusion @askew_fusion
46 Followers 60 Following Everything that is posted here is not financial advice, but just thoughts, and nothing more. Don't forget to subscribe and stay active :)
blockbandit | crypto ... @binance_show
13 Followers 104 Following Technical analysis 💹 signals crypto 🪙 new project 💵 new page new life 💰💳💶 follow for my 98% accurate signals 💯
Alex Brown @alexmbrown1012
84 Followers 2K Following
Peeteem @Peeteem95406
73 Followers 2K Following
Bridget Onuoha @bridget_on82336
32 Followers 522 Following
Anaufit @Anaufit506386
17 Followers 761 Following
KoroJR @dgkorojr
32K Followers 5K Following Research and opinion fundamental with @StressCapitals // Blockchain and Crypto enthusiast since 2014 // Contributor @Calderaxyz // Yappers @KaitoAI //
Rudisiara1992 @rudisiara1992
73 Followers 361 Following
ZachXBT @zachxbt
905K Followers 2K Following Scam survivor turned 2D investigator | Advisor @paradigm
River @River
54K Followers 111 Following Invest in #Bitcoin with confidence | Zero-fee recurring buys | Bitcoin Interest on Cash | Proven full reserve custody | Support: https://t.co/nBDgqPyMDT
Sairshir @SairshirBSGHFO
33 Followers 1K Following
Tanner Bartell @TannerBart80604
97 Followers 2K Following
duffaluffaguss @Duffaluffaguss
2K Followers 7K Following tradfi looking to go crypto. https://t.co/JBMFyWVVxD
CathyEdward @82et52ES0b22f4
85 Followers 7K Following
Tesneart @TesneartYtux76
71 Followers 2K Following
OlgaHoover @R4of5ZDVjwvTB55
89 Followers 7K Following
Gregory Costanza @OleOlea
390 Followers 3K Following Civil attorney, bean grower, fermenter, crypto advocate, meditator, olive harvester, going down rabbit holes
ElviraBirrell @gFeY6zhYRlmb9f4
60 Followers 7K Following
Lirthersl @LirtherslZ7cNi
33 Followers 2K Following Life is like a dream, someone else's dream, it never ends
charles miles @charlesmil5808
1 Followers 25 Following
Hazel @McGluere6YUD
213 Followers 4K Following
Gabor Gurbacs @gaborgurbacs
85K Followers 12K Following Founder + CEO: Pointsville & Hadron. CSA: Tether. Fmr: VanEck. Fine print reader. Builder of things. Views are my own. Not financial/legal/any advice.
Lyn Alden @LynAldenContact
785K Followers 921 Following Founder of Lyn Alden Investment Strategy. Blended finance and engineering background. Author of Broken Money. GP @egodeathcapital. BoD at https://t.co/FHNz9MBftH.
nic carter @nic__carter
419K Followers 4K Following escaping the permanent underclass | https://t.co/mQ5frnwUMV
vx-underground @vxunderground
368K Followers 290 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Halvar Flake @halvarflake
44K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
Ryan Hurst @rmhrisk
6K Followers 3K Following Dropout. Father. I build things. Security, Cryptography, Engineering, Entrepreneurship. @peculiarventure + xMSFT + xGOOG ++. also on https://t.co/FaDXJfnZBm & Bluesky
thaddeus e. grugq @thegrugq
128K Followers 416 Following Hacker :: PhD researcher @warstudies @KingsCollegeLon :: [email protected] :: PGP https://t.co/dYipV8y3bo
Steve Weis @sweis
10K Followers 3K Following Software engineer interested in cryptography, security, privacy, and machine learning.
Adam Back @adam3us
692K Followers 1K Following cypherpunk, cryptographer, privacy/ecash, inventor hashcash (Bitcoin mining) PhD Comp Sci. Co-Founder/CEO https://t.co/CysB3cs7Pp & Co-Founder/CEO @bstrco
David Wong @cryptodavidw
16K Followers 3K Following security @zksecurityXYZ & research @archetypeVC, author of Real-World Cryptography, prev: architect @Mina, sec lead Libra (@Facebook), crypto @NCCGroup
Tuur Demeester @TuurDemeester
308K Followers 3K Following Host of @BReelPod. Board @TXBitcoinFound, advisor to @Blockstream, @Unchained, @AnchorWatch.
Alexander Leishman �... @Leishman
47K Followers 3K Following CEO & CTO @River. #Bitcoin. Keeping the fire of human liberty shining bright 🔥
dragosr @dragosr
24K Followers 9K Following Stop, Think, Pwn! (see also @[email protected], https://t.co/BjclXYWQ9R for alternate)
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Heather Adkins - Ꜻ ... @argvee
14K Followers 1K Following VP Security @Google, Co-Author "Building Secure and Reliable Systems" @r00t0wns, Medieval Historian
Ange @angealbertini
25K Followers 908 Following Reverse engineer, file formats expert. Corkami, CPS2Shock, PoC||GTFO, Sha1tered, Magika... Security engineer @ Google. He/him.
MalwareTech @MalwareTechBlog
277K Followers 1 Following Not here anymore. Profiles: https://t.co/sFoOuGmYK2
Shane Huntley @ShaneHuntley
17K Followers 1K Following Security / tech guy. Google Threat Intelligence Group but tweets are my own.
Ryan Naraine @ryanaraine
28K Followers 836 Following 🎧 Three Buddy Problem: https://t.co/ZGEyqy2h7g. ✍🏼 Writing: @securityweek 🗣️ Conference: @labscon_io
Nasko Oskov @nasko
3K Followers 1K Following Security geek with his own views and opinions. Hacking on Chromium to make it more secure, increasing the cost for attackers. @[email protected]
Cookie Connoisseur @browsercookies
2K Followers 93 Following Ex-Unit 350: Elite cookie ops. Perfect bake temp. No ties to Unit 8200.
Patrick McKenzie @patio11
184K Followers 801 Following I work for the Internet and am an advisor to @stripe. These are my personal opinions unless otherwise noted.
Pepe @pepe_builds
273K Followers 17K Following Foundoooor @pepeagency Growth hacker by day, exit liquidity by night NT Elite Citizen @NeoTokyoCode
Alex Bosworth @alexbosworth
55K Followers 231 Following Head of Lightning Liquidity at @lightning - CEO of https://t.co/wtkG0y5JoW https://t.co/bnlvrtX85p
River @River
54K Followers 111 Following Invest in #Bitcoin with confidence | Zero-fee recurring buys | Bitcoin Interest on Cash | Proven full reserve custody | Support: https://t.co/nBDgqPyMDT
Chris Lane @D_CentralBanker
2K Followers 274 Following I talk about Bitcoin and Banking. Nothing I say should be considered investment, legal, or tax advice. https://t.co/gE1iMtGCHi
ZachXBT @zachxbt
905K Followers 2K Following Scam survivor turned 2D investigator | Advisor @paradigm
Gregory Costanza @OleOlea
390 Followers 3K Following Civil attorney, bean grower, fermenter, crypto advocate, meditator, olive harvester, going down rabbit holes
Gabor Gurbacs @gaborgurbacs
85K Followers 12K Following Founder + CEO: Pointsville & Hadron. CSA: Tether. Fmr: VanEck. Fine print reader. Builder of things. Views are my own. Not financial/legal/any advice.
corgi @corg_e
53K Followers 3K Following ssh'd into the espresso machine | (mostly) harmless pentester | president @bsidesnash | @defcon615 | chaotic neutral
Roger McNamee @Moonalice
81K Followers 3K Following Author of Zucked: Waking Up to the Facebook Catastrophe. Musician - Moonalice and Doobie Decibel System.
PeckShieldAlert @PeckShieldAlert
92K Followers 1 Following Free Chrome Extension: https://t.co/yvXOjS8ZRI Telegram: https://t.co/qX5sVtdkFD
Dave W Plummer @davepl1968
88K Followers 73 Following Hi! I'm Dave Plummer. You might remember me from such Windows components as Task Manager, Windows Pinball, Calc, ZIPFolders, Product Activation, etc. Cheers!
Troy Cross @thetrocro
63K Followers 4K Following @reed_college_ @btcpolicyorg @nakamotoprojct @vibecapitalmgmt
Joshua @tangojoshua
2K Followers 8K Following
Shruti Gupta @chatwshruti
65 Followers 1 Following CEO & Founder at Stealth startup, Previously CISO & AI Security Architect at Microsoft Identity, Brex, Instacart, Airbnb.
Anthony Bassili 🇺�... @SmartestBeta
3K Followers 5K Following President @CoinbaseAM, ex @Coinbase, ex @Blackrock
Rebecca Rettig @RebeccaRettig1
15K Followers 4K Following legal @jito_labs. advisor @ElectricCapital @falconxnetwork. board @fund_defi. tweets ≠ advice. lawyer ≠ yours. opinions = mine. rarely tweet; doing the work.
samczsun @samczsun
154K Followers 209 Following founder @_SEAL_Org, security @tempo. art by @Keiseeaaa/@vincywp
gokhan ergen @Gogo_Ergen
99 Followers 761 Following
Carl Bass @carlbass
14K Followers 363 Following Maker of robots, furniture, boats and software. Former CEO Autodesk, co-founder Flying Moose, Ithaca Software and buzzsaw. Radical moderate politically
Bitfinex'ed 🔥🐧 ... @Bitfinexed
111K Followers 1K Following Exposed Bitfinex/Tether as one the largest financial frauds in history. "A powerful force working to harm Tether." - Tether CEO - Ludovicus Jan van der Velde
Whitney Merrill @wbm312
30K Followers 2K Following DPO. Privacy/infosec lawyer. Hacker. Fighting for privacy, digital civil liberties & the users. |views=own| Also at @wbm312.bsky.social
Lewis Cohen @NYcryptolawyer
13K Followers 2K Following Living on reds, vitamin C and blockchain (but not animals 🌱). Speaks only for self. A tweet does not legal advice make. @CahillNXT
Lizzy Lawrence @LizzyLaw_
4K Followers 3K Following Reporter covering the Food and Drug Administration for @statnews. Signal is lizzylaw.53, 🦋 is https://t.co/tKaJmrKTOV
Brian KimJohnson @bajohns
306 Followers 496 Following NYC. I enjoy learning about programming languages, type systems, distributed systems and mixed drinks. Lately, Bitcoin at Gemini
Ron Avitzur @RonAvitzur
2K Followers 800 Following I tweet on mathematical visualization, puppies, programming, and physics. They/them.
Christine Lee @christinenews
6K Followers 2K Following Lead Anchor Fmr. @CoinDesk @Bloomberg @Reuters @ProPublica #Bitcoin • Journalist • Lawyer
RebeccaWexler @RebeccaWexler
3K Followers 871 Following Data, Tech, and Secrecy in the Criminal Legal System. Professor of Law @ColumbiaLaw. Affiliate Fellow @yaleisp. She/Her
Drew Van der Werff �... @DrewVdW
2K Followers 1K Following Helping to drive @Commit_Boost + @Fabric_ethereum | Prev: Investing @BHDigitalAssets & Digital Assets OG @Goldmansachs
foxgrrl @foxgrrl
3K Followers 4K Following I do computer security stuff, but I don't tweet about it much.
Daniela Perlein @danielaperlein
6K Followers 2K Following Building new things /// Co-founder @goTenna/@goTennaPro
Unconventional Liquid... @bruces
30K Followers 11K Following one of the better-known Bruce Sterlings. Author, journalist, editor, critic
David Adrian @davidcadrian
2K Followers 424 Following Adding value @googlechrome security. Host @scwpod, cofounder of @censysio. “Refreshing”. "Ruthlessly practical". Go blue!
Kelsey Piper @KelseyTuoc
47K Followers 943 Following We're not doomed, we just have a big to-do list.
Kate Clark @KateClarkTweets
58K Followers 902 Following Following the money. Reporter @Bloomberg @Technology. Signal: kateclark.77
Vincent Murphy @vdm
812 Followers 5K Following
Lucas Nuzzi @LucasNuzzi
28K Followers 1K Following Co-founder & CEO @PortexAI | Prev. R&D @CoinMetrics, co-founder @DAR_crypto
Ellen Nakashima @nakashimae
79K Followers 1K Following National security reporter for The Washington Post. [email protected]. Reach me securely on Signal at Ellen.626Trends for United States
You might like
