Posts
3321
Following
710
Followers
1575
"I'm interested in all kinds of astronomy."
@algernon TIL about this initiative. Aiming to index things that are "hosted in Europe" tells me there is a fundamental misunderstanding how the web works, very disappointing :(
1
0
0
repeated

A good blog about computer viruses in Soviet times, the KGB and computer security in the USSR.

https://fromcyberia.substack.com/p/how-the-kgb-discovered-computer-viruses

0
1
0
repeated

🚨 New advisory was just published!

A flaw that exists within the handling of sch_cake can allow a local user under the CentOS 9 operating system to trigger an use-after-free. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. This vulnerability won first place in the Linux category during the TyphoonPWN 2025 event: https://ssd-disclosure.com/linux-kernel-net-sched-cake-qdisc-use-after-free-lpe/

0
2
0
repeated
Edited 3 hours ago
I sat through way too many #pentest interviews where the candidates had no clue about the fundamentals of web security, like the Same-Origin Policy.

If you want to make a career of finding flaws in (web)apps, do yourself a favor and read @b0rk's HTTP zine:

https://wizardzines.com/comics/same-origin-policy/
0
0
5
repeated

While waiting for the upcoming release of 9.3 by @HexRaysSA, I have made some updates and bug fixes to my idalib-based headless IDA rhabdomancer, haruspex, and augur.

Check out the changelogs for all the details and enjoy!

https://hnsecurity.it/blog/streamlining-vulnerability-research-with-the-idalib-rust-bindings-for-ida-9-2/

0
3
1
@xabd Could you ELI5 how this sw (or LinkTree) is different from a HTML(+CSS) page with links on it?
0
0
0
repeated
repeated

@glyph i wrote about it maybe 6 years ago but I'm thinking of revisiting it

the 6-years-ago comics:

- the same origin policy: https://wizardzines.com/comics/same-origin-policy/
- why we have the same origin policy: https://wizardzines.com/comics/why-same-origin-matters/
- cors: https://wizardzines.com/comics/cors/

0
4
0
repeated
@algernon I'm recommending this because of the "how to make using it easy" part. The repos I linked are just examples, the APIs defined by these libraries are the gist.
1
0
1
TIL In #Proxmox when you *move* a disk, the original one doesn't get deleted but remains attached to the VM as "unused". Space gets only freed up in the original storage when you remove it from the VM.

#ProTip
1
0
1
It seems Windows can't even launch its terminal properly, this issue is open for >5 years:

https://github.com/microsoft/terminal/issues/4750
0
0
3
@bagder People probably pay less attention than you think (this is a general rule of thumb of mine), they may still assume there is monetary reward even without H1. IMO you should give it some time.
1
0
1
repeated

4 February 1917 | A Polish Jewish dancer Franciszka Mann was born. She was most probably the woman who on 23 October 1943, inside the undressing room of gas chamber II at Auschwitz II-Birkenau, seized SS man Josef Schillinger’s pistol, shot him & wounded SS man Wilhelm Emmerich.
---

A podcast about this and other cases of resistance at Auschwitz: https://www.auschwitz.org/en/education/e-learning/podcast/different-cases-of-organized-resistance-at-auschwitz/

0
4
0
repeated

the guy and his AI found three uses of memcmp() in TLS code and insisted it was a "CRITICAL" side-channel security vulnerability.

A 2-second check of those three uses told us it was not real.

byebye George

1
3
1
repeated

Switching away from Hackerone is not a guarantee... Here we go.

3
4
0
Show older