Posts by cR0w@infosec.exchange
 (DIR) Post #B4uM5YIEr95wdanYEy by cR0w@infosec.exchange
       2026-04-03T04:23:47Z
       
       0 likes, 1 repeats
       
       Computers are fucking stupid.
       
 (DIR) Post #B57VVA5Av0nRilSAKm by cR0w@infosec.exchange
       2026-04-09T13:32:31Z
       
       1 likes, 0 repeats
       
       @da_667
       
 (DIR) Post #B5IhAIOu8Hkncw3d1U by cR0w@infosec.exchange
       2026-04-14T21:28:29Z
       
       0 likes, 0 repeats
       
       @i0null lolcatte /dev/scream
       
 (DIR) Post #B5IhAK9NcyWZ3MoG6S by cR0w@infosec.exchange
       2026-04-14T23:33:42Z
       
       0 likes, 0 repeats
       
       @i0null I wasn't even trying to break it this time. 😆
       
 (DIR) Post #B5KSPqJ9Es248TEx72 by cR0w@infosec.exchange
       2026-04-15T20:17:15Z
       
       1 likes, 0 repeats
       
       slowly pours a triple of ryeSo there's this website [ https://markdownresume.app ] that generates nice, pretty resumes for you from Markdown. The interface is simple and it appears to work well. It even lets you export it to pdf. But here's the problem: It stores the exported resumes in an open S3 bucket [ address redacted for now ]. These resumes include the expected information on people applying for roles like, say, an NSA full scope poly onsite engineer.The website also helpfully links to the application repo so you can run it locally if you want: https://github.com/rozita-hasani/markdown-resume . As we can see in the repo, one of the three contributors is Claude. So it's vibe coded. And it would be reasonable to assume that the website was as well.This looks like a personal project that just grew so please either be good-faith helpful or leave the maintainers alone ( except Claude, fuck that guy ). This is just another example of the kind of shit that the LLM / AI push is encouraging and it's going to take a long time to unfuck everything. And while this exposure is relatively small in scale compared to the things we read about every day, it is likely a big deal to the unsuspecting users who are impacted.We are past the point of blaming hobbyists for using an easy button. We as a field need to speak up louder to try to slow down the AI bullshit as much as we can. It's our responsibility as members of society with at least some sort of interest in security. Thanks to the person who tipped me off to yet another one of these but I'm sure there are more.
       
 (DIR) Post #B5NNhtIGxY12JPUsrI by cR0w@infosec.exchange
       2026-04-17T03:01:25Z
       
       1 likes, 0 repeats
       
       IDK how good my signal is from the woods so IDK when this will post. But if you want to discuss IPv8 or IPv69 or whatever, here's where to find me. #CRYPTONOTACON
       
 (DIR) Post #B5Wfk9fKbhGVGW9RTM by cR0w@infosec.exchange
       2026-04-21T17:51:03Z
       
       1 likes, 0 repeats
       
       I haven't said this enough recently.#fuckCloudflare
       
 (DIR) Post #B5l4ZSkYWu1CKt24Aa by cR0w@infosec.exchange
       2026-04-28T16:25:30Z
       
       0 likes, 0 repeats
       
       Reminder: To run CyberChef locally, you don't need to do any fancy installation. You can download the latest version ( currently v11.0.0 as of this morning ), unzip it somewhere locally, and save CyberChef_v11.0.0.html to your bookmarks. Easy peasy. And you stop sending them all your data and recipes.https://github.com/gchq/CyberChef/releases/download/v11.0.0/CyberChef_v11.0.0.zip
       
 (DIR) Post #B5lbTqnlUR33gHStKS by cR0w@infosec.exchange
       2026-04-28T14:41:15Z
       
       2 likes, 1 repeats
       
       @reverseics
       
 (DIR) Post #B5lbTvwoMEFtdmjgci by cR0w@infosec.exchange
       2026-04-28T14:41:37Z
       
       0 likes, 0 repeats
       
       @reverseics
       
 (DIR) Post #B5n2QgWg86GGrb9E5g by cR0w@infosec.exchange
       2026-04-29T14:41:33Z
       
       2 likes, 0 repeats
       
       
       
 (DIR) Post #B5nce3tq8RiVTBewIi by cR0w@infosec.exchange
       2026-04-29T21:47:25Z
       
       0 likes, 0 repeats
       
       I haven't seen a single email from a security vendor about copy fail today so it must be a legit vuln instead of just hype. It's not a logical metric but it's an accurate one these days.
       
 (DIR) Post #B5nce6tF181KkCP0Hg by cR0w@infosec.exchange
       2026-04-29T21:51:44Z
       
       0 likes, 0 repeats
       
       @Viss It's weird though. Is this the only place talking about it? Because normally we would have the ambulance chasers by now.
       
 (DIR) Post #B5nce8nHwERmeJdHHc by cR0w@infosec.exchange
       2026-04-29T21:54:21Z
       
       0 likes, 0 repeats
       
       @Viss I'll enjoy the silence while it lasts. :brdCool:
       
 (DIR) Post #B5nceAnMUvh6r7gMfw by cR0w@infosec.exchange
       2026-04-29T21:55:48Z
       
       0 likes, 0 repeats
       
       @krypt3ia @Viss https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
       
 (DIR) Post #B5qkKWFYP0DaiDt6zA by cR0w@infosec.exchange
       2026-05-01T01:47:21Z
       
       0 likes, 1 repeats
       
       Totally random no reason reminder that services like Censys and Shodan are good for more than just scanning your own infra or developing target lists; they're great for developing block lists. For example, it wouldn't be a bad idea to build a list of known cPanel hosts and block them inbound for a bit.
       
 (DIR) Post #B5rXvjfUN6a8nTOWZM by cR0w@infosec.exchange
       2026-04-03T14:19:49Z
       
       1 likes, 0 repeats
       
       Me waiting for end of day so I can push to prod and turn my pager off. :brdRooster:
       
 (DIR) Post #B63vFXh9E8LwIT6Swa by cR0w@infosec.exchange
       2026-05-07T18:38:01Z
       
       1 likes, 2 repeats
       
       I'm a little concerned about the general tech attitude towards the Mozilla bug findings. Yes, I'm an AI hater, so add that to the biases, but that's not really the point here.People seem excited about the fact that Mythos was used to find a bunch of security bugs in Firefox, which is cool:https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/However, the general attitude seems to be that devs can keep pushing for more new things because some AI system will catch the bugs for them. But to me, there should be more concern about how there were so many previously unknown unfixed bugs in Firefox to begin with. These findings should be a cause for concern and give pause to evaluate how so many security bugs make it to prod. And I'm not just talking about Firefox, everyone should be learning from each other in this space.If nothing else, people celebrating the LLM-fueled bug findings should be recognizing just how much harm the whole Move Fast and Break Shit approach really creates rather than allowing the LLMs to be the excuse to move faster and break more shit.
       
 (DIR) Post #B64QuN5geg1NrPWvC4 by cR0w@infosec.exchange
       2026-05-07T14:32:28Z
       
       0 likes, 0 repeats
       
       Hey @da_667 butter up that bacon. Here's some TP-Link for you:https://talosintelligence.com/vulnerability_reports#internetOfShit
       
 (DIR) Post #B64naRXCimUCnSrq9A by cR0w@infosec.exchange
       2026-05-08T04:29:07Z
       
       1 likes, 0 repeats
       
       ipv6 is a cop send toot