Posts by SecureOwl@infosec.exchange
(DIR) Post #B1iS05Kg1vIZy85u2C by SecureOwl@infosec.exchange
2025-07-26T02:02:53Z
0 likes, 0 repeats
Good response from the vendor security team on this, got a reply in less than 12 hours, treating it as a valid critical bug.
(DIR) Post #B1iS06Oc4m2dGcwYoC by SecureOwl@infosec.exchange
2025-08-23T16:43:17Z
0 likes, 0 repeats
Since it’s been a month, a quick update on this one: the confirmed “valid critical bug” that was acknowledged by this vendor within 12 hours is still present, still exposing all the things….
(DIR) Post #B1iS07LoWfOeEEdq5I by SecureOwl@infosec.exchange
2025-12-28T18:22:09Z
1 likes, 0 repeats
It’s been 5 months now.I submitted this issue through a managed bug bounty program.The vendor acknowledged it pretty quickly (within 12 hours), but I’ve had little info since then. It sits open in the queue. The labels “P1” “Critical” and “Unresolved” adorn the bug bounty tracker UI.The company that manages the bug bounty has been unable to get them to respond.A reminder that if you are going to do a bug bounty, you should do it properly.
(DIR) Post #B1iS08CzKxvmt9WIy0 by SecureOwl@infosec.exchange
2025-07-23T00:35:00Z
0 likes, 0 repeats
It’s in a category of vulnerabilities that I like to call “well intentioned, but stupid” - and yes, that deserves to be a category.The good intention is that it is caused by exposing information in a user facing audit log, to allow you to better track when a change is made and by whom.The stupid part is, when you have an audit log in a multi-tenant environment, and a user can be part of many tenants…well you need to be selective about the events your audit log displays.This is especially true when you can add anyone to your tenant by something as easy to obtain as an email address…
(DIR) Post #B1mMKFXhxLX8KmGFgO by SecureOwl@infosec.exchange
2025-12-30T15:35:59Z
0 likes, 1 repeats
RE: https://live.acarsdrama.com/@acarsdrama/115807790210384642who throws a shoe? honestly
(DIR) Post #B1pMMMUlf105wzlyRk by SecureOwl@infosec.exchange
2025-12-31T16:14:49Z
0 likes, 1 repeats
#Breaking: several Asian cities report already being in the year 2026, in what is widely seen as rebuke of Trump’s “America First” policies.
(DIR) Post #B1xlFqpoVrLA8dHwwa by SecureOwl@infosec.exchange
2026-01-05T03:55:31Z
0 likes, 0 repeats
RE: https://live.acarsdrama.com/@acarsdrama/115840454612409293i’ve always said you should bring your own zipties on a flight
(DIR) Post #B1zsqCETWPg2vG1Nsu by SecureOwl@infosec.exchange
2026-01-05T17:09:41Z
1 likes, 0 repeats
Periodic reminder that RSA had Kristi Noem keynote last year, and as the 'will you be at RSA?' emails start to roll in, the answer is of course, 'hell to the fucking no'.
(DIR) Post #B21H9hhQ1Vzt80fc1o by SecureOwl@infosec.exchange
2026-01-06T20:37:35Z
1 likes, 0 repeats
My wife, via text: "everything OK up there? I just heard you yell 'bastard' very loudly"Me: "yes, fine."Wife: "Salesforce again?"Me: "Netsuite this time but yes."
(DIR) Post #B25hr1R9tDFUEiDkB6 by SecureOwl@infosec.exchange
2026-01-08T23:57:53Z
1 likes, 0 repeats
oh windows 11 installer i know you are only asking for timezone and keyboard layout reasons but you do not how profound the question “Is the United States the right country?” hath become
(DIR) Post #B2R4yHkLkYKVqdL2Wm by SecureOwl@infosec.exchange
2026-01-19T01:29:53Z
0 likes, 1 repeats
RE: https://live.acarsdrama.com/@acarsdrama/115918964815353362extreme goose
(DIR) Post #B2ccPpu4IXnspPBjhA by SecureOwl@infosec.exchange
2026-01-24T19:50:51Z
0 likes, 0 repeats
Alex Pretti was his name.37 year old, US Citizen, ICU nurse employed by the VA.No criminal record.Had a valid permit to carry a gun.This could literally happen to any single one of us if we do things that arbitrarily cross a line that angers a particular goon on a particular day.It has to stop.https://en.wikipedia.org/wiki/Killing_of_Alex_Pretti
(DIR) Post #B2lIM0vapmWoWCzEtU by SecureOwl@infosec.exchange
2026-01-28T22:46:01Z
0 likes, 0 repeats
just heard the most american airport announcement ever:“we are now boarding to paris, a reminder that this destination is international, meaning outside of the united states”
(DIR) Post #B2lyCGPibDinj56vxI by SecureOwl@infosec.exchange
2026-01-29T07:01:54Z
1 likes, 0 repeats
the two genders
(DIR) Post #B2upulpE1V50ivpQ6i by SecureOwl@infosec.exchange
2026-02-02T15:30:22Z
0 likes, 1 repeats
saved you a click, racism
(DIR) Post #B2zVVX4mhDVyRpat3w by SecureOwl@infosec.exchange
2026-02-04T21:19:27Z
0 likes, 1 repeats
wow, the CIA has sunset the world factbookI guess it shouldn't be a surprise in a world where facts are no longer important, but stillsource: https://www.cia.gov/stories/story/spotlighting-the-world-factbook-as-we-bid-a-fond-farewell/
(DIR) Post #B33uwFYlClhnQVI7bE by SecureOwl@infosec.exchange
2026-02-06T21:59:26Z
2 likes, 3 repeats
as suspected, clean
(DIR) Post #B34DfSZnSDhg0GU27s by SecureOwl@infosec.exchange
2026-02-07T03:35:51Z
0 likes, 1 repeats
i’d quite like to try curlingthe sport not the act of making requests using curl, have done that one a lot
(DIR) Post #B35n4jNvmvw8vZg9js by SecureOwl@infosec.exchange
2026-02-07T22:44:57Z
0 likes, 1 repeats
RE: https://live.acarsdrama.com/@acarsdrama/116031750329190481uncommanded ding dong
(DIR) Post #B3G79XIi5MqdYqP9n6 by SecureOwl@infosec.exchange
2026-02-12T18:50:33Z
2 likes, 3 repeats
had a good conversation earlier that went something like this:them: “is AI making pentesting easier?”me: “yes.”them: “why, because you can use it to look for vulnerabilities in code quicker?”me: “no, because it generates vulnerabilities in code quicker”