Chris
@brompwnie.bsky.social
Likes to hack things.
GitHub.com/brompwnie
GitHub.com/brompwnie
Reposted by Chris
Dependabot's implementation of Go modules continues to be poor.
FWIW, I recommend Go projects just turn it off, run govulncheck in a scheduled GitHub Action for security updates, and otherwise update dependencies manually when it makes sense in their release cycle.
FWIW, I recommend Go projects just turn it off, run govulncheck in a scheduled GitHub Action for security updates, and otherwise update dependencies manually when it makes sense in their release cycle.
March 14, 2025 at 9:01 AM
Dependabot's implementation of Go modules continues to be poor.
FWIW, I recommend Go projects just turn it off, run govulncheck in a scheduled GitHub Action for security updates, and otherwise update dependencies manually when it makes sense in their release cycle.
FWIW, I recommend Go projects just turn it off, run govulncheck in a scheduled GitHub Action for security updates, and otherwise update dependencies manually when it makes sense in their release cycle.
Reposted by Chris
This thread (and the answers) are a small gem, covering an almost forgotten piece of history of the security field.
Newcomers to password cracking should learn that in 1991 the 1st well known password cracker @alecmuffett.bsky.social's Crack introduced applying rules & permutations to dictionary words, such as substituting numbers for letters, reversing words, appending digits, & other common user habits. 1/3
March 6, 2025 at 6:38 AM
This thread (and the answers) are a small gem, covering an almost forgotten piece of history of the security field.
Reposted by Chris
The FBI has released version 2.0 of its Product Security Bad Practices
PDF: www.ic3.gov/CSA/2025/250...
The changes are detailed in the image below
PDF: www.ic3.gov/CSA/2025/250...
The changes are detailed in the image below
January 19, 2025 at 6:39 PM
The FBI has released version 2.0 of its Product Security Bad Practices
PDF: www.ic3.gov/CSA/2025/250...
The changes are detailed in the image below
PDF: www.ic3.gov/CSA/2025/250...
The changes are detailed in the image below
Reposted by Chris
Seth Larson, the maintainer of several crucial Python projects, says he is seeing an increase in "extremely low-quality" security reports submitted by bug hunters, suggesting researchers are using AI/LLM tools to discover vulnerabilities and put together reports.
sethmlarson.dev/slop-securit...
sethmlarson.dev/slop-securit...
New era of slop security reports for open source
I'm on the security report triage team for CPython, pip, urllib3, Requests, and a handful of other open source projects.
I'm also in a trusted position such that I get "tagged in" to other open sou...
sethmlarson.dev
December 5, 2024 at 3:45 PM
Seth Larson, the maintainer of several crucial Python projects, says he is seeing an increase in "extremely low-quality" security reports submitted by bug hunters, suggesting researchers are using AI/LLM tools to discover vulnerabilities and put together reports.
sethmlarson.dev/slop-securit...
sethmlarson.dev/slop-securit...
If it sounds like a duck and looks like a duck, its probably not a duck
FBI confirms that despite the Chinese-sounding name, the BianLian ransomware gang and its affiliates operate out of Russia
PDF: www.ic3.gov/CSA/2024/241...
PDF: www.ic3.gov/CSA/2024/241...
November 21, 2024 at 12:05 PM
If it sounds like a duck and looks like a duck, its probably not a duck
I’ve experienced similar and bsky feels to be ticking all the boxes for me at least. This feels like Twitter of 2014(in a good way)
I will be honest: with Mastodon, what put me off with a lot of UNSAID expectations.
It felt like you cannot just write something like here:
- What server you’re on matters (each one has own rules)
- Adding filters to posts were (sometimes) important (eg if writing about politics or Twitter)
It felt like you cannot just write something like here:
- What server you’re on matters (each one has own rules)
- Adding filters to posts were (sometimes) important (eg if writing about politics or Twitter)
Mastodon felt too niche, and had a barrier to entry which was confusing. Bluesky is very very similar to Twitter (and I specifically mean Twitter and not X).
November 21, 2024 at 10:30 AM
I’ve experienced similar and bsky feels to be ticking all the boxes for me at least. This feels like Twitter of 2014(in a good way)
Wow so is bsky really maybe potentially becoming a thing now?
November 14, 2024 at 2:01 PM
Wow so is bsky really maybe potentially becoming a thing now?
Reposted by Chris
Ok, where are the South African hackers at? Post handles in replies if you see this please, and I’ll attempt a starter pack.
cc
@leonjza.bsky.social
@haroonmeer.canary.love
cc
@leonjza.bsky.social
@haroonmeer.canary.love
November 13, 2024 at 7:01 PM
Ok, where are the South African hackers at? Post handles in replies if you see this please, and I’ll attempt a starter pack.
cc
@leonjza.bsky.social
@haroonmeer.canary.love
cc
@leonjza.bsky.social
@haroonmeer.canary.love
Reposted by Chris
Once you are specifically targeted, chances are very good you will continue to see attempts to breach your defenses. APTs come for a purpose and there’s a reason the Persistent part of the name was chosen.
October 11, 2023 at 11:35 AM
Once you are specifically targeted, chances are very good you will continue to see attempts to breach your defenses. APTs come for a purpose and there’s a reason the Persistent part of the name was chosen.
This could be gnarly if your proxychains setup is somewhat exposed..which it shouldn’t
October 11, 2023 at 1:45 PM
This could be gnarly if your proxychains setup is somewhat exposed..which it shouldn’t
Reposted by Chris
So everybody from Musk's site seems to be here, yet my feed feels a bit anemic. What's a good trick to synch follows?
October 2, 2023 at 11:51 AM
So everybody from Musk's site seems to be here, yet my feed feels a bit anemic. What's a good trick to synch follows?
Total blast from the past…
Ben Hawkes on Phineas Fisher, hacktivism, and magic tricks is very much worth reading:
blog.isosceles.com/phineas-fish...
blog.isosceles.com/phineas-fish...
September 15, 2023 at 6:15 PM
Total blast from the past…
Reposted by Chris
In January, the Bluesky app began with a few hundred users. We’ve since grown past 1 million. I’m proud of what our team has accomplished in the last 9 months: we’ve open sourced the protocol and app, introduced self-verification via custom domains, and enabled algorithmic choice with custom feeds.
September 12, 2023 at 10:50 PM
In January, the Bluesky app began with a few hundred users. We’ve since grown past 1 million. I’m proud of what our team has accomplished in the last 9 months: we’ve open sourced the protocol and app, introduced self-verification via custom domains, and enabled algorithmic choice with custom feeds.
Reposted by Chris
Tale as old as time: hackers hack stalkerware company because stalkerware is low-quality crap.
techcrunch.com/2023/08/26/b...
techcrunch.com/2023/08/26/b...
August 29, 2023 at 4:06 AM
Tale as old as time: hackers hack stalkerware company because stalkerware is low-quality crap.
techcrunch.com/2023/08/26/b...
techcrunch.com/2023/08/26/b...
Now that’s a flex to aim for
August 21, 2023 at 8:07 PM
Now that’s a flex to aim for
Reposted by Chris
NEW: Several attendees at Def Con saw mysterious alerts on their iPhones.
A researcher claimed responsibility and said it was a research project to teach people to turn off Bluetooth and "to have a laugh."
https://techcrunch.com/2023/08/14/researcher-says-they-were-behind-iphone-popups-at-def-con/
A researcher claimed responsibility and said it was a research project to teach people to turn off Bluetooth and "to have a laugh."
https://techcrunch.com/2023/08/14/researcher-says-they-were-behind-iphone-popups-at-def-con/
August 14, 2023 at 8:01 PM
NEW: Several attendees at Def Con saw mysterious alerts on their iPhones.
A researcher claimed responsibility and said it was a research project to teach people to turn off Bluetooth and "to have a laugh."
https://techcrunch.com/2023/08/14/researcher-says-they-were-behind-iphone-popups-at-def-con/
A researcher claimed responsibility and said it was a research project to teach people to turn off Bluetooth and "to have a laugh."
https://techcrunch.com/2023/08/14/researcher-says-they-were-behind-iphone-popups-at-def-con/
Reposted by Chris
Today in 2000, 23 years ago, we introduced libcurl into the world. curl 7.1 was the first release featuring a separate library for Internet transfers, that curl was then made to use.
Today we estimate 20 BILLION installations worldwide.
Today we estimate 20 BILLION installations worldwide.
August 7, 2023 at 7:03 AM
Today in 2000, 23 years ago, we introduced libcurl into the world. curl 7.1 was the first release featuring a separate library for Internet transfers, that curl was then made to use.
Today we estimate 20 BILLION installations worldwide.
Today we estimate 20 BILLION installations worldwide.
Wait, it’s summer camp next week already? #itsbeenawhile
August 1, 2023 at 4:06 PM
Wait, it’s summer camp next week already? #itsbeenawhile
Reposted by Chris
For 25+ yrs police, military, intel agencies and critical infrastructure around the world relied on the TETRA radio standard to secure critical communications. But now Dutch researchers have examined secret algorithms used in TETRA and found something startling - an intentional backdoor, and more
Code Kept Secret for Years Reveals Its Flaw—a Backdoor
A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.
www.wired.com
July 24, 2023 at 10:17 AM
For 25+ yrs police, military, intel agencies and critical infrastructure around the world relied on the TETRA radio standard to secure critical communications. But now Dutch researchers have examined secret algorithms used in TETRA and found something startling - an intentional backdoor, and more