Posts
2435
Following
583
Followers
1293
A drunken debugger

Heretek of Silent Signal
buherator
repeated
GossiTheDog@cyberplace.social

Kevin Beaumont

Tabletop exercise, your major SaaS supplier got hit with ransomware 8 days ago and they're in the US, but you're in the UK, and you haven't had an update in 4 days, and they've gone on holiday as it's Thanksgiving. https://blueyonder.com/customer-update

1
4
0
buherator
repeated
lcars@infosec.exchange

Andrea Barisani

Yes IBM, sure.

1
1
0
buherator
repeated
newsycombinator@framapiaf.org

HackerNews

Bluesky Social Dataset (235M posts from 4M users)
Link: https://zenodo.org/records/11082879
Comments: https://news.ycombinator.com/item?id=42261804

0
3
0
buherator

buherator

Story-time: C++, bounds checking, performance, and compilers -Coding in Old Entish
https://chandlerc.blog/posts/2024/11/story-time-bounds-checking/

#frombsky
0
1
1
buherator
repeated
tante@tldr.nettime.org

tante

"But average people like AI poetry better than real one"

(Original title: Saturday Morning Breakfast Cereal - Poetry)

https://www.smbc-comics.com/comic/poetry-2

1
6
0
buherator

buherator

GRUB LUKS Bypass and Dump

https://remyhax.xyz/posts/luks-vm-dump/

"if the system boots and automatically decrypts the LUKS partition, this blog is about that type of system"
0
7
9
buherator
repeated
juglugs@mastodon.social

Widdershins Smith 🐘

Seems legit

1
2
0
buherator

buherator

[RSS] Everyday Ghidra: Ghidra Data Types -- Creating Custom GDTs From Windows Headers -- Part 2

https://medium.com/@clearbluejar/everyday-ghidra-ghidra-data-types-creating-custom-gdts-from-windows-headers-part-2-39b8121e1d82
0
2
2
buherator
repeated
petrbenes@bird.makeup

Petr Beneš

After 6 years, I made a blog thingy again.

This time about MmScrubMemory. An innocuous looking function that has bitten my ass several times in the last several years. And if you're developing a hypervisor, it might've bitten yours, too.

https://wbenny.github.io/2024-11-21-mmscrubmemory/

0
2
0
buherator
repeated
kagihq@mastodon.social

Kagi HQ

Google is required to include any search engine that meets specific criteria, such as having an app with over 5,000 installs, in the default list for Android and Chrome.

We'd love it if you install the Kagi app and help us meet the criteria! We're almost there:

https://play.google.com/store/apps/details?id=com.kagi.search

0
1
0
buherator
repeated
davidgerard@circumstances.run

David Gerard

why i got into sysadmin

6
13
0
buherator

buherator

[RSS] Cross-Site POST Requests Without a Content-Type Header

https://nastystereo.com/security/cross-site-post-without-content-type.html
0
0
1
buherator

buherator

Edited 1 month ago
#scraping
Show content
@mrose.ink.bsky.social said it perfectly:

https://bsky.app/profile/mrose.ink/post/3lbwpud2mes2n

"One enduring complication with all this is that scraping happens all the time for reasons that people *don’t* find inherently objectionable, and in fact support—the Wayback Machine, all kinds of public health and extremism research, etc. The mistake was assuming that goodwill transfers.

A key problem in the Disc Horse (and policy to a lesser extent) is reminding people that scraping as a technological process is Important, Actually, for all the things You Think Are Good, and any proposed solutions to curtail GAI training uses need to be VERY narrowly tailored to not impact those.

All the proposed solutions so far have had some critical flaw that makes them unworkable.

Manual consent? Ok, how do we implement that at scale? robots.txt style flags are fine, but they’re also not legally binding—and that’s good! If they were, Wayback wouldn’t be able to index!

So exclusion protocols can be ignored, For Good Reason. “What if we give an exclusion protocol the force of law for this specific use?” Closer, but there’s active debate in the courts about whether this is all a fair use, and if the answer is “yes,” then it doesn’t matter

…then best case scenario the tags are rendered null (because you can’t legally override fair use), and worst case you’ve just recreated a DMCA 1201 style lockout trick, and we have spent the last 25 years seeing just how incredibly those fuck up everything around them."
0
2
1
buherator
repeated
gorplop@pleroma.m68k.church

polprog68k

no mom its not a "bot net" it is a highly versatile cross platform networked RPC implementation
0
3
0
buherator
repeated
bert_hubert@fosstodon.org

bert hubert 🇺🇦🇪🇺

23 years old, and if you replace a few hyped things with today's equivalents, the article is 100% fresh. Things have gotten even worse since then it appears. https://www.joelonsoftware.com/2001/04/21/dont-let-architecture-astronauts-scare-you/

0
3
0
buherator
repeated
baldur@toot.cafe

Baldur Bjarnason

“CrowdStrike Earnings: Cybersecurity Firm Posts Higher Revenue Amid Swing to Loss - WSJ”

https://www.wsj.com/business/earnings/crowdstrike-raises-outlook-post-higher-revenue-amid-swing-to-loss-dde5cf9f

So, I've long argued that all of software dev's dysfunctions can be traced to the fact that business outcomes do not depend on software quality, design, or reliability. As long as this dynamic continues the software we use will only get worse

2
3
0
buherator

buherator

Here we go again explaining supposedly technologically literate people that what they *publish* on the Internet can and will be scraped... Bluesky's explanation ("we can't enforce this") is on point btw.

RE: https://infosec.exchange/@josephcox/113551853623942786
1
1
3
buherator

buherator

#twitter #uspol
Show content
What I don't get about the post-election Twitter exodus is that for the masses (ofc not you, dear reader!) somehow it was OK to create content (and thus attract ad money) there, while *after* the owners friend got elected it's suddenly not?
1
1
7
buherator
repeated
_r_netsec@infosec.exchange

/r/netsec

New PE Vulnerability in Windows OS! https://ssd-disclosure.com/ssd-advisory-ksthunk-sys-integer-overflow-pe/

0
1
0
buherator
repeated
bert_hubert@fosstodon.org

bert hubert 🇺🇦🇪🇺

Earlier post, but in recent talks I'm encountering more and more organizations that are losing their last technical people. You can outsource a lot, but most places have a core thing that they should really own. And once your own technical department is no longer viable, you are hosed. The longer story: https://berthub.eu/articles/posts/your-tech-my-tech/

1
2
0
Show older
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.