Posts
4241
Following
735
Followers
1632
"I'm interested in all kinds of astronomy."
repeated

First batch of 44CON 2026 tickets are available now.

These are the lowest-priced tickets we'll offer.

Prices go up with each batch, so if you want in early, now is the time...

Get yours: https://44con.com/product/44con-2026-ticket/

0
3
0
repeated

Tim (Wadhwa-)Brown donor hacked 🏕️

A little bit on machine-id from a friend:

https://ransomware.sh/posts/machine-id/

,

2
3
0
In case you haven't figured it out already: meming is my coping mechanism
2
9
22
repeated

today on MALtv 😢

0
3
0
repeated

Default deny

I'll open by saying that I'm not anti-AI. I think it can be a net positive. Take my own profession, information security: the world is worse off because most code out there hasn't been looked at by a security engineer. LLMs can automate finding security bugs, so we can get better software for less.

But then, I have to square this with the fact that one of the first casualties of AI were “bug bounty” programs that paid people to report security flaws. LLMs could produce plausibly-sounding reports long before they could find real bugs. Unscrupulous “researchers” figured out they could extract money from the 5-10% of vendors who were not paying attention by slop-bombing us all and wasting everyone’s time.

When it comes to social media, there’s a similar dynamic at play. Human writing, good or bad, was inherently rate-limited; LLM output is not. If someone spent hours or days writing an article, it clearly mattered to them and I could spare minutes of my time to read and engage. For LLM output, this no longer holds. There’s an infinite supply of content entirely disconnected from the human condition that still demands your attention and time.

In contrast to infosec, social media engagement isn’t utilitarian: you gain nothing if you read 1,000 machine-generated opinion pieces a day. Promoters say that it shouldn’t matter who or what is doing the writing — you should only ask if the output is good. To me, quality is secondary. I come here to talk to humans, not to yell into the probabilistic token-void.

Yes, there are rare exceptions, there are people who use LLMs as an assistive technology, and so on. But in 99% of the cases, if you couldn’t be bothered to write it, I won’t bother to read it. Default deny.

4
7
0
repeated

Micropatches released for Desktop Window Manager Elevation of Privilege Vulnerability (CVE-2026-20871)
https://0patch.com/blog/micropatches-released-for-desktop-window-manager-elevation-of-privilege-vulnerabi

1
4
0
@infoseclogger been there when the CISO who ordered the gig started to create users for initial access like red.team1, red.team2...
1
0
0
repeated

"Everything sucks and it's all connected" w/ @adz and @tbernard @ Localfirst Conf

0
3
0
[RSS] LIEF v1.0.0: Brand-new Runtime API and DWARF/PDB -> C/C++ generation!

https://lief.re/blog/2026-07-13-lief-1-0-0/
0
2
1
[RSS] Dell BIOS Passwords: Weak XOR Encryption Allows Recovery from SPI Flash (CVE-2026-40639)

https://blog.amberwolf.com/blog/2026/july/dell-bios-passwords-weak-xor-encryption-allows-recovery-from-spi-flash-cve-2026-40639/
0
1
2
@wirepair A major difference between old/new-school hacking is "how to get the boxes" vs. "which boxes to open" :)
0
0
1
repeated
repeated

In response to a request from me the have released records relating to late 90s group milw0rm. Additional records not included in this Vault release were located by the FBI and I have requested these be processed for potential release as well.
https://vault.fbi.gov/milw0rm/milw0rm-final/view

3
4
0
@twomikecharlie The behavior changes depending on location, zoom and viewport size, a common problem is that by dragging along a long street while keeping the zoom level at some positions no street name label is visible. Desktop is much better than mobile though. The consumer focus argument makes some sense, although I'd still be in trouble to find the direction to the dĂśner place if I can't tell which part of an intersection is which road right after I got out of the subway (also happened to me).
0
0
0
repeated

Electronic Frontier Foundation

RSS is a secret trick to making the internet more usable. https://www.eff.org/deeplinks/2026/06/hate-algorithm-rss-one-tools-youve-been-looking

5
14
0
@twomikecharlie As I wrote I have this problem all the time with different maps. That includes OSM (also mentioned in the ticket) and GMaps.
1
0
0
Edited yesterday
#Geoinformatics geeks: why is it a hard problem to make all street names visible on a given window over a map?

This is an old support request of mine:

https://kagifeedback.org/d/8256-missing-street-names/8

... but I'm struggling on a weekly basis with this problem using different maps.
1
1
5
repeated

RE: https://infosec.exchange/@CrackMeIfYouCan/116904210214745592

I will be joining as an internet random... no real hope of cracking much.. If anyone wants to form an infosec.exchange or infosex.eccgang team, I am open!

1
2
0
Show older