Jeroen van der Ham
@jvdham.nl
Associate Professor at UTwente on vulnerability management
1sand0s@infosec.exchange and @1sand0s
1sand0s@infosec.exchange and @1sand0s
Regarding the ffmpeg drama, as discussed by @patrick.risky.biz on risky.biz: we should also consider that ffmpeg is/has been used by Google in Chrome and Youtube. Even if it's not directly, so many video makers are using that library, that Google really should bear some cost of development there.
Risky Business Media
News and commentary for cybersecurity and intelligence professionals
Risky.biz
November 5, 2025 at 9:09 AM
Regarding the ffmpeg drama, as discussed by @patrick.risky.biz on risky.biz: we should also consider that ffmpeg is/has been used by Google in Chrome and Youtube. Even if it's not directly, so many video makers are using that library, that Google really should bear some cost of development there.
When the Dutch have to take a detour on their bike, their world turns upside down.
March 13, 2025 at 7:49 AM
When the Dutch have to take a detour on their bike, their world turns upside down.
How do I disable announced notifications from workout on my watch? These notifications are interrupting music or podcasts when I’m cycling and I don’t want them.
January 15, 2025 at 7:18 PM
How do I disable announced notifications from workout on my watch? These notifications are interrupting music or podcasts when I’m cycling and I don’t want them.
Since iOS 18.2 i have problems with Mail. It’s hardly downloading new mail from my imap server.
Anybody else having this too? Anything I can do about it to fix?
Nothing changed on my server end (Dovecot). I’ve even tried to disable IMAP IDLE, but that also does not help.
Anybody else having this too? Anything I can do about it to fix?
Nothing changed on my server end (Dovecot). I’ve even tried to disable IMAP IDLE, but that also does not help.
January 12, 2025 at 3:49 PM
Since iOS 18.2 i have problems with Mail. It’s hardly downloading new mail from my imap server.
Anybody else having this too? Anything I can do about it to fix?
Nothing changed on my server end (Dovecot). I’ve even tried to disable IMAP IDLE, but that also does not help.
Anybody else having this too? Anything I can do about it to fix?
Nothing changed on my server end (Dovecot). I’ve even tried to disable IMAP IDLE, but that also does not help.
In many of my ethics lectures I use the example of the New York taxi dataset.
Imagine my surprise that the Dutch government now wants to introduce such a system.
autoriteitpersoonsgegevens.nl/actueel/ap-c...
Imagine my surprise that the Dutch government now wants to introduce such a system.
autoriteitpersoonsgegevens.nl/actueel/ap-c...
AP: centrale database taxi’s te groot privacyrisico
Het kabinet wil een centrale database taxi's. De privacy van passagiers moet beter beschermd worden, zegt de AP.
autoriteitpersoonsgegevens.nl
November 28, 2024 at 4:10 PM
In many of my ethics lectures I use the example of the New York taxi dataset.
Imagine my surprise that the Dutch government now wants to introduce such a system.
autoriteitpersoonsgegevens.nl/actueel/ap-c...
Imagine my surprise that the Dutch government now wants to introduce such a system.
autoriteitpersoonsgegevens.nl/actueel/ap-c...
Great numbers showing up for the higher education protest
November 25, 2024 at 12:08 PM
Great numbers showing up for the higher education protest
Hakuna Mafuckit indeed.
November 21, 2024 at 5:48 PM
Hakuna Mafuckit indeed.
Password policies are evil and should be burned to the ground.
The piece that Stuart Schechter wrote on their history however, is so incredibly misguided.
It is bonkers to think that we would have had a more secure world without password hashing.
The piece that Stuart Schechter wrote on their history however, is so incredibly misguided.
It is bonkers to think that we would have had a more secure world without password hashing.
How some of the world's most brilliant computer scientists got password policies so wrong
The US government’s latest recommendations acknowledge that password composition and reset rules are not just annoying, but counterproductive.
The story of why password rules were recommended and enfo...
stuartschechter.org
November 20, 2024 at 8:09 AM
Password policies are evil and should be burned to the ground.
The piece that Stuart Schechter wrote on their history however, is so incredibly misguided.
It is bonkers to think that we would have had a more secure world without password hashing.
The piece that Stuart Schechter wrote on their history however, is so incredibly misguided.
It is bonkers to think that we would have had a more secure world without password hashing.
Anyone interested in researching multi-level marketing schemes/scams #mls
I got a message from someone claiming to offer work for #gamechangersf sending me an invite for https://gamechangersfpos[.]com
October 24, 2023 at 3:48 PM
Anyone interested in researching multi-level marketing schemes/scams #mls
I got a message from someone claiming to offer work for #gamechangersf sending me an invite for https://gamechangersfpos[.]com
Waarom wordt gecondenseerde melk verkocht in blikjes van 397g? #dtv
September 23, 2023 at 3:54 PM
Waarom wordt gecondenseerde melk verkocht in blikjes van 397g? #dtv
The way we do #science 🧪currently could do with some shakeups. This blog post by experimental history builds on some earlier posts, and lays bare the pain points of the current scientific climate. But it also presents a way to get out of that! Let’s build more #ScienceHouses !
Let’s build a fleet and change the world
Abandon Big Ship, get on a Little Ship
www.experimental-history.com
September 13, 2023 at 8:05 AM
The way we do #science 🧪currently could do with some shakeups. This blog post by experimental history builds on some earlier posts, and lays bare the pain points of the current scientific climate. But it also presents a way to get out of that! Let’s build more #ScienceHouses !
It's fascinating to see that AtlanticCouncil uses archive.ph in their latest "Sleight of Hand" report: www.atlanticcouncil.org/in-depth-res...
Sleight of hand: How China weaponizes software vulnerabilities
China's new vulnerability management system mandates reporting to MIIT within 48 hours, restricting pre-patch publication and POC code. This centralized approach contrasts with the US voluntary system...
www.atlanticcouncil.org
September 6, 2023 at 3:27 PM
It's fascinating to see that AtlanticCouncil uses archive.ph in their latest "Sleight of Hand" report: www.atlanticcouncil.org/in-depth-res...
This symbol selection is just mean.
🧪
🧪
September 4, 2023 at 7:56 AM
This symbol selection is just mean.
🧪
🧪
Interesting post on what can go wrong in BGP, how he tested for this and how this was finally fixed.
Grave flaws in BGP Error handling
blog.benjojo.co.uk
August 29, 2023 at 2:54 PM
Interesting post on what can go wrong in BGP, how he tested for this and how this was finally fixed.
CVE 2020-19909 in Curl has been interesting to watch. It's weird that NVD decided last week that it needed a CVSS score, and even weirder that they came up with a 9.8 for it.
Now it's been marked "Disputed" with an explanation that it is not likely to be exploited.
Now it's been marked "Disputed" with an explanation that it is not likely to be exploited.
August 29, 2023 at 12:17 PM
CVE 2020-19909 in Curl has been interesting to watch. It's weird that NVD decided last week that it needed a CVSS score, and even weirder that they came up with a 9.8 for it.
Now it's been marked "Disputed" with an explanation that it is not likely to be exploited.
Now it's been marked "Disputed" with an explanation that it is not likely to be exploited.
🧪
Interested in a PhD Research position on internet security and post-quantum developments? Please apply! utwentecareers.nl/en/vacancies...
2x PhD position on transitioning internet protocols and applications to post-quantum cryptography - ...
You will perform your research as part of the DACS group, the Twente University Centre for Cybersecurity Research (TUCCR) and the international context. Interaction with international network operator...
utwentecareers.nl
August 24, 2023 at 5:37 PM
🧪
Interested in a PhD Research position on internet security and post-quantum developments? Please apply! utwentecareers.nl/en/vacancies...
2x PhD position on transitioning internet protocols and applications to post-quantum cryptography - ...
You will perform your research as part of the DACS group, the Twente University Centre for Cybersecurity Research (TUCCR) and the international context. Interaction with international network operator...
utwentecareers.nl
August 24, 2023 at 9:06 AM
Interested in a PhD Research position on internet security and post-quantum developments? Please apply! utwentecareers.nl/en/vacancies...
Reposted by Jeroen van der Ham
Naomi Wu and the Silence That Speaks Volumes
https://www.hackingbutlegal.com/naomi-wu-and-the-silence-that-speaks-volumes/
https://www.hackingbutlegal.com/naomi-wu-and-the-silence-that-speaks-volumes/
Naomi Wu and the Silence That Speaks Volumes
When China's prodigious tech influencer, Naomi Wu, found herself silenced, it wasn't just the machinery of a surveillance state at play. Instead, it was a confluence of state repression and the someti...
www.hackingbutlegal.com
August 16, 2023 at 8:49 AM
Naomi Wu and the Silence That Speaks Volumes
https://www.hackingbutlegal.com/naomi-wu-and-the-silence-that-speaks-volumes/
https://www.hackingbutlegal.com/naomi-wu-and-the-silence-that-speaks-volumes/
A wonderful short introduction to the current state of LLMs, and some helpful pointers to start hacking yourself (warning: 🐰🕳️)
https://simonwillison.net/2023/Aug/3/weird-world-of-llms/
https://simonwillison.net/2023/Aug/3/weird-world-of-llms/
Catching up on the weird world of LLMs
I gave a talk on Sunday at North Bay Python where I attempted to summarize the last few years of development in the space of LLMs—Large Language Models, the technology …
simonwillison.net
August 16, 2023 at 10:26 AM
A wonderful short introduction to the current state of LLMs, and some helpful pointers to start hacking yourself (warning: 🐰🕳️)
https://simonwillison.net/2023/Aug/3/weird-world-of-llms/
https://simonwillison.net/2023/Aug/3/weird-world-of-llms/
I thought that ‘X’ looked familiar. Now you know too:
July 24, 2023 at 6:43 AM
I thought that ‘X’ looked familiar. Now you know too:
Can’t wait till they’re all talking about “x-ing”, that does not sound awkward at all.
Amazing. Twitter and tweeting have become synonymous with microblogging to the point that imitators come up with shit as dumb as "skeeting" and "tooting," and Musk is throwing it out the window.
July 23, 2023 at 9:52 PM
Can’t wait till they’re all talking about “x-ing”, that does not sound awkward at all.
It seems surprising that as a society we lose the ability to do certain things. And then this week I ran into one: we have lost the ability to quickly set up a mailinglist.
Even the age old mailop list ends up in my spam folder due to standard outlook spam filtering.
Even the age old mailop list ends up in my spam folder due to standard outlook spam filtering.
July 9, 2023 at 9:42 AM
It seems surprising that as a society we lose the ability to do certain things. And then this week I ran into one: we have lost the ability to quickly set up a mailinglist.
Even the age old mailop list ends up in my spam folder due to standard outlook spam filtering.
Even the age old mailop list ends up in my spam folder due to standard outlook spam filtering.
Reposted by Jeroen van der Ham
When was the last time a company was compromised _solely_ because a user clicked on a link? Which product is so dangerous that an entire company can be shut down because someone used that product as intended? Details welcome!
July 8, 2023 at 4:08 PM
When was the last time a company was compromised _solely_ because a user clicked on a link? Which product is so dangerous that an entire company can be shut down because someone used that product as intended? Details welcome!