Posts by buherator@infosec.place
(DIR) Post #Aq23sAPNngfk8uQYz2 by buherator@infosec.place
2025-01-13T07:18:17.005956Z
1 likes, 1 repeats
"Even if I wanted to improve the app, I really didn't understand how to achieve the increasingly difficult goal I was aiming for. So, rather than writing an automation script that helped me skip over /the hard details/ I focused on learning the science I was trying to ignore."https://seclists.org/dailydave/2025/q1/3#fuzzing #llm
(DIR) Post #Aq2TGFCK8vHMnhtfQu by buherator@infosec.place
2025-01-12T08:48:45.376828Z
1 likes, 0 repeats
Old digital cameras turn out to be great for kids:- They come without all the invasive crap of smart phones - They boost creativity- They teach user interfaces and controls outside "push shiny moving button"- They teach basic software concepts like files (yes, knowing about files is a skill) and how to move them aroundAnd probably more. Coming up next: MP3 players!#parenting
(DIR) Post #AqHBJGTcxZSjpggDuC by buherator@infosec.place
2025-01-20T12:21:02.406834Z
0 likes, 2 repeats
Serious question: Is there an open-source 2D printer (the type with paper and ink)? If not, why not? Is there some serious production bottleneck that only HP&co can meet?
(DIR) Post #AsebQOXjZsCv139Mhs by buherator@infosec.place
2025-03-31T10:57:34.025960Z
2 likes, 0 repeats
An even better Microsoft Account bypass for Windows 11 has already been discoveredhttps://www.windowscentral.com/software-apps/windows-11/an-even-better-microsoft-account-bypass-for-windows-11-has-already-been-discoveredShift+F10 then `start ms-cxh:localonly`
(DIR) Post #AsnJ8k13EFdS570Xg0 by buherator@infosec.place
2025-04-03T16:02:48.397147Z
1 likes, 0 repeats
The Exploit Development Life Cycle: From Concept to Compromise /by @chompie1337https://www.youtube.com/watch?v=ce0bXORSMX4
(DIR) Post #AssY3gVHKZRIqIzcVk by buherator@infosec.place
2025-04-08T09:40:40.772892Z
0 likes, 0 repeats
@GossiTheDog Excuse my EU ignorance, but what authority does DOGE have over random agencies HR decisions?
(DIR) Post #AssY3iKiWoBCW84DKK by buherator@infosec.place
2025-04-08T09:51:36.549732Z
0 likes, 0 repeats
@sadarex @GossiTheDog Ummm OK, so a newly created dept can take away money from DHS bypassing congress/senate/president? And this is constitutional? o.O
(DIR) Post #Assw3J2GyuTKxTmIwy by buherator@infosec.place
2025-04-08T11:55:06.813411Z
0 likes, 0 repeats
@FreeinTX @GossiTheDog @sadarex So congress started to allocate DHS money to an agency that exists since Jan to go crazy with it?
(DIR) Post #AsufTIIN2xapHq2A4G by buherator@infosec.place
2025-04-09T06:14:33.160139Z
0 likes, 0 repeats
@FreeinTX @GossiTheDog @sadarex My question is if DOGE in particular in charge of any budget that is supposed to finance CISA?
(DIR) Post #At9mGcjNN1Krx5yB6G by buherator@infosec.place
2025-04-16T18:17:35.768240Z
1 likes, 0 repeats
Unauthenticated Remote Code Execution in Erlang/OTP SSH https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2Not much details and unfortunately I don't know much Erlang (yet), but this one seems pretty interesting!CVE-2025-32433
(DIR) Post #AtoWNRmJxZjAycZx9U by buherator@infosec.place
2025-05-06T09:36:49.822388Z
0 likes, 1 repeats
(DIR) Post #Au5rReGKt4ZXZvmW4O by buherator@infosec.place
2025-05-14T15:10:30.082460Z
0 likes, 0 repeats
Orbán’s Fidesz party proposes Russia-style crackdown on Hungary’s civil society https://www.politico.eu/article/viktor-orban-fidesz-party-hungary-russia-democracy-transparency-public-life-civil-society/The darkest times of my life in #Hungary.
(DIR) Post #Au5rRfCpNbMOVL9EEy by buherator@infosec.place
2025-05-14T15:59:21.417234Z
1 likes, 3 repeats
"Are Pinky and the Brain still trying to take over the world? Because at this point I'm willing to hear them out."
(DIR) Post #Ay0UYnLD2TnbrEEgme by buherator@infosec.place
2025-09-08T11:59:31.466543Z
1 likes, 0 repeats
@h0ng10 @micahflee This is a fairly common mistake too and causes a lot of bullshit work for security teams. A banner string (*especially* in case of Apache HTTPd) doesn't mean anything, so unless you can demonstrate the presence of a vulnerability this is nothing (aka PoC||GTFO).(edited) In addition the cited CVE-2024-38476 requires a *malicious backend* to be exploitable:https://devco.re/blog/2024/08/09/confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-en/
(DIR) Post #Az4nurMORrfvturPeq by buherator@infosec.place
2025-10-09T17:19:08.370780Z
0 likes, 1 repeats
The Great Software Quality Collapse: How We Normalized Catastrophehttps://techtrenches.substack.com/p/the-great-software-quality-collapse"We've normalized software catastrophes to the point where a Calculator leaking 32GB of RAM barely makes the news."
(DIR) Post #B0ZNp7eoaHF1UB7ZSq by buherator@infosec.place
2025-11-23T18:31:42.808967Z
0 likes, 0 repeats
"Last week the @FFmpeg account began taunting security researchers. Foolish thing to do, as it ignores the asymmetry of their attack surface vs ours.So as an exercise I found a stack-based buffer overflow on software that he wrote." - @ortegaalfredo https://threadreaderapp.com/thread/1991974275532636263.htmlNormally I'm all for these stunts, but this one...
(DIR) Post #B0ZNpSpVrhHD9RHuYS by buherator@infosec.place
2025-11-23T19:27:57.595955Z
1 likes, 0 repeats
@acsawdey it's complicated... if you squint, pointing out bugs is a form of help, but the P0 disclosure process (designed to incentivize other large corps) doesn't seem to work with highly popular, but underfunded OSS. I don't know the solution, but shiting on individual developers code is probably not it.
(DIR) Post #B1EsWVh23htuab7VpI by buherator@infosec.place
2025-12-14T11:10:21.309174Z
4 likes, 3 repeats
This is beautiful. I've been looking at this for 5 hours now.
(DIR) Post #B1eXxyhTXXc9ueIT5c by buherator@infosec.place
2025-12-26T17:22:19.722727Z
1 likes, 0 repeats
Dropping a Xmas-sploit for CVE-2025-14847
(DIR) Post #B2S0LVMH0Epi6yHzjk by buherator@infosec.place
2026-01-19T11:47:34.684296Z
0 likes, 0 repeats
@piggo I would probably cry because of the unnecessary complexity containers introduce for this use-case.