Posts
4263
Following
738
Followers
1632
"I'm interested in all kinds of astronomy."
Friendly advice for crisis communication:

"Our systems have been under attack for T days" doesn't mean that your system withstood the attack for that long. Hackers don't work with sledgehammers.

It means that you saw the attack but were unable to act on it for T days.

#incidentresponse
0
2
6
repeated

⌨️ Introducing HCLI: The Modern Command-Line Interface for IDA.

Automate workflows, simplify plugin development across platforms, manage licenses and more.

https://hex-rays.com/blog/introducing-hcli

0
4
0
repeated
New assessment for topic: CVE-2025-25257

Topic description: "An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. ..."

"In one of our honeypots we observed the following payload being executed: ..."

Link: https://attackerkb.com/assessments/ccb5097e-52f5-411c-b4f6-951b36b166d7
0
1
1
This is a fun one: LLM inference creates a timing side channel that allows identifying sensitive topics by passively intercepting encrypted traffic:

https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/

/via @jonny
0
3
5
repeated

Today, my VPS served over 51.5 million requests. Well over 99% of that was AI crawlers and other obnoxious shits.

This is not normal. This is complete and utter bullshit. This is also happening all over the place.

It can be caught, it's not even hard. But we shouldn't need to. This is about three orders of magnitude more requests I'd normally receive, and it's almost entirely useless garbage.

Every single one of you who use GenAI tools, you personally, are complicit in this. You are responsible for these bots hammering the entire internet, you are enabling it.

If you think this price is acceptable, that every single person who hosts anything outside of BigTech walled gardens deserves this relentless assault of thieving robots, then you are a garbage human being.

But it is not too late to change course. You too can look back at the carnage you enabled, and feel remorse. It's okay. We'll forgive you.

You don't need to look at the environment damage LLMs cause - we can have an educated guess (it's very bad). You don't need to look at the unsustainability of it all. All of those are things that we don't directly feel right now.

But look at the damage these things cause to everyone outside of the BigTech walled gardens. That is measurable. These attacks are fact. You can't debate it. You can't justify it.

You, dear enabler of GenAI bullshit, you are responsible for enabling this carnage. Think about that. Feel bad about it, and stop. Today is a great day to do that.

13
24
2
repeated

chat my ex cancelled the spotify duo account, what streaming service do i sign up for?

4
1
0
repeated

I totally forgot to post about this huge leak from Chinese government linked infosec company KnownSec (a name that makes me think of 2013 Anonymous more than anything else).
https://www.techradar.com/pro/data-breach-at-mysterious-chinese-firm-reveals-state-owned-cyber-weapons-and-even-a-list-of-targets

1
3
0
repeated

did you know that you can find free Cortex M0 development boards at the side of the road? folks call them disposable vapes but they're hackable, and i've reverse engineered a bunch of them! see https://github.com/schlae/VapeRE/

14
19
1
repeated
TIL Minecraft requires a freaking MS account. I thought it wasn't that bad so we proceeded to create one, but it turns out that if you want to create a child account (based on birth date, to avoid adult ads and shit) you as an adult *also* need a MS account that would be of course immediately connected to your childs account which I assume to be a gold mine for advertisers.

Seriously, fuck #AdTech!

(I also wonder if this is legal in the EU?)
2
1
9
repeated
repeated
repeated

For my blog and newsletter, I wrote about why there have been so many data breaches and security lapses this year *alone* involving the mass-exposure of people's driver's licenses and passports — including new details about an exposure of 223,000 government-issued IDs as recently as this week.

Read more: https://this.weekinsecurity.com/it-is-far-too-easy-to-find-leaked-passports-and-drivers-licenses-online/

Sign up/RSS/subscribe: https://this.weekinsecurity.com

1
7
0
repeated

carats per SHA512 hash

0
1
0
repeated

#BOFH excuse #225:

It's those computer people in X {city of world}. They keep stuffing things up.

0
1
0
repeated
Dear designers: scrollbars are useful and exist for a reason. Don't hide them, please.
0
4
8
repeated

See that the procedures adopted are as inconvenient as possible for the management, involving the presence of a large number of employees at each presentation, entailing more than one meeting for each grievance, bringing up problems which are largely imaginary, and so on.

0
4
0
repeated

Every now and then, someone shares a hilarious Kagi result. Now they'll have a place in the Kagi Bloopers hall of fame:

https://help.kagi.com/kagi/bloopers/

0
1
1
repeated

We've integrated with Surveillance Watch, an interactive database that documents surveillance and spyware entities.

When searching for an entity that appears on their list, we'll display a banner on its domain to alert you that it's a known surveillance tech provider.

1
4
0
Show older