metlstorm
@metlstorm.risky.biz
Unix berserker, retired hacker-con organiser (Kiwicon!) and now technology-editor-slash-sysadmin-janitor at Risky.biz.
Was @metlstorm on Twitter, am metlstorm@infosec.exchange on Masto.
Was @metlstorm on Twitter, am metlstorm@infosec.exchange on Masto.
I am mad about @jags.bsky.social 's cat on the pod. Why does't Riskybiz have a pod-kitty?! 😾
November 3, 2025 at 9:24 PM
I am mad about @jags.bsky.social 's cat on the pod. Why does't Riskybiz have a pod-kitty?! 😾
Lol its been a whlie since I last hit the "please write your card name, number, expiry and cvv in this pdf and email it back" ecommerce checkout flow. Such PCI! Very DSS. 🤦
Paging a QSA and an acquiring bank, cleanup aisle my card data
Paging a QSA and an acquiring bank, cleanup aisle my card data
September 12, 2025 at 7:20 AM
Lol its been a whlie since I last hit the "please write your card name, number, expiry and cvv in this pdf and email it back" ecommerce checkout flow. Such PCI! Very DSS. 🤦
Paging a QSA and an acquiring bank, cleanup aisle my card data
Paging a QSA and an acquiring bank, cleanup aisle my card data
Reposted by metlstorm
Reposted by metlstorm
Reposted by metlstorm
Well, yeah. We're going to let our "kernel bug" description of Crowdstrike's mass murder of Windows systems stand
I would argue it is in fact a bug in the kernel driver if an update file can cause a kernel panic…
July 4, 2025 at 1:23 AM
Well, yeah. We're going to let our "kernel bug" description of Crowdstrike's mass murder of Windows systems stand
Reposted by metlstorm
Maybe we should stagger newsletter releases in ringed deployments so we can catch these egregious errors... you know, like they should have done with their shitty content update that wiped out 8.5m boxes!
July 4, 2025 at 12:52 AM
Maybe we should stagger newsletter releases in ringed deployments so we can catch these egregious errors... you know, like they should have done with their shitty content update that wiped out 8.5m boxes!
Reposted by metlstorm
A Crowdstrike PR exec has written to us (twice) to demand we change some phrasing in one of our newsletters. We said a bug in their kernel driver caused their meltdown when it was actually a bad update file that caused a kernel panic. Huge mistake!
July 4, 2025 at 12:51 AM
A Crowdstrike PR exec has written to us (twice) to demand we change some phrasing in one of our newsletters. We said a bug in their kernel driver caused their meltdown when it was actually a bad update file that caused a kernel panic. Huge mistake!
Reposted by metlstorm
It is that time! Call for Participation (CFP) time!
Got a talk in mind? Done some cool research? Want to do something for hallway con? Want to be able to summon sparkle pots on cue?
Submit to our CFP! Closes eventually, so just get your submission in now! kawaiicon.org/cfp/
Got a talk in mind? Done some cool research? Want to do something for hallway con? Want to be able to summon sparkle pots on cue?
Submit to our CFP! Closes eventually, so just get your submission in now! kawaiicon.org/cfp/
a cartoon panda bear is holding a notebook and a pencil .
Alt: a cartoon panda bear is holding a notebook and a pencil .
media.tenor.com
June 19, 2025 at 2:03 AM
It is that time! Call for Participation (CFP) time!
Got a talk in mind? Done some cool research? Want to do something for hallway con? Want to be able to summon sparkle pots on cue?
Submit to our CFP! Closes eventually, so just get your submission in now! kawaiicon.org/cfp/
Got a talk in mind? Done some cool research? Want to do something for hallway con? Want to be able to summon sparkle pots on cue?
Submit to our CFP! Closes eventually, so just get your submission in now! kawaiicon.org/cfp/
Omg, how is the webdav CVE-2025-33053 so dumb?! You make a .url shortcut file to run a local binary, with working-dir set to a webdav path, and if the binary happens to fork out to another bin without an absolute path, cwd is first in the search path... oh no? Is it.. is the bug really that stupid?!
June 12, 2025 at 12:28 AM
Omg, how is the webdav CVE-2025-33053 so dumb?! You make a .url shortcut file to run a local binary, with working-dir set to a webdav path, and if the binary happens to fork out to another bin without an absolute path, cwd is first in the search path... oh no? Is it.. is the bug really that stupid?!
Reposted by metlstorm
Reposted by metlstorm
The most recent episode of Wide World of Cyber w @thekrebscycle.bsky.social and @stamos.org is back in our podcast feed... it was offline for a week(ish) due to the recent unpleasantness
So yeah, it's back. If you missed it, here it is
VIDEO: www.youtube.com/watch?v=JPYt...
AUDIO: risky.biz/WWC8/
So yeah, it's back. If you missed it, here it is
VIDEO: www.youtube.com/watch?v=JPYt...
AUDIO: risky.biz/WWC8/
Wide World of Cyber: How the Trump admin is changing the cybersecurity landscape
YouTube video by Risky Business Media
www.youtube.com
April 21, 2025 at 11:21 PM
The most recent episode of Wide World of Cyber w @thekrebscycle.bsky.social and @stamos.org is back in our podcast feed... it was offline for a week(ish) due to the recent unpleasantness
So yeah, it's back. If you missed it, here it is
VIDEO: www.youtube.com/watch?v=JPYt...
AUDIO: risky.biz/WWC8/
So yeah, it's back. If you missed it, here it is
VIDEO: www.youtube.com/watch?v=JPYt...
AUDIO: risky.biz/WWC8/
Reposted by metlstorm
I have cancelled our planned trip to the RSA Conference in San Francisco later this month. @metlstorm.risky.biz and I were headed over to record some live shows and see everyone. Unfortunately I have received advice that crossing the border into the United States right now would be a bad idea.
April 11, 2025 at 12:33 AM
I have cancelled our planned trip to the RSA Conference in San Francisco later this month. @metlstorm.risky.biz and I were headed over to record some live shows and see everyone. Unfortunately I have received advice that crossing the border into the United States right now would be a bad idea.
Reposted by metlstorm
I've pulled down the most recent episode of Wide World of Cyber with Chris Krebs and Alex Stamos at the request of their employer SentinelOne, the sponsor of the series. I will say more about this in next week's Risky Business, but I want to make one thing clear: SentinelOne is not the bad guy here
April 10, 2025 at 11:45 PM
I've pulled down the most recent episode of Wide World of Cyber with Chris Krebs and Alex Stamos at the request of their employer SentinelOne, the sponsor of the series. I will say more about this in next week's Risky Business, but I want to make one thing clear: SentinelOne is not the bad guy here
Reposted by metlstorm
@metlstorm.risky.biz @patrick.risky.biz looks like rapid7 found a nice exploit strategy for that Ivanti BOF you discussed in the recent ep:
attackerkb.com/topics/0ybGQ...
attackerkb.com/topics/0ybGQ...
CVE-2025-22457 | AttackerKB
On April 3, 2025, Ivanti published an advisory for CVE-2025-22457, an unauthenticated remote code execution vulnerability due to a stack based buffer overflow.…
attackerkb.com
April 10, 2025 at 6:29 PM
@metlstorm.risky.biz @patrick.risky.biz looks like rapid7 found a nice exploit strategy for that Ivanti BOF you discussed in the recent ep:
attackerkb.com/topics/0ybGQ...
attackerkb.com/topics/0ybGQ...
If you've ever run into your ios exploit dev mate at the pub after work and they seem a lil crazy-eyed, you can kinda see why:
googleprojectzero.blogspot.com/2025/03/blas...
googleprojectzero.blogspot.com/2025/03/blas...
Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued an out-...
googleprojectzero.blogspot.com
March 26, 2025 at 9:11 PM
If you've ever run into your ios exploit dev mate at the pub after work and they seem a lil crazy-eyed, you can kinda see why:
googleprojectzero.blogspot.com/2025/03/blas...
googleprojectzero.blogspot.com/2025/03/blas...
This is real handy to have in the pocket when some family/acquaintance asks about a service or platform you yourself don't use. "Just click about and see if anyone has logged in as you" makes sense to us nerds, but for normies, this is helpful as! Thanks Lorenzo!
It's never a bad time to take a look at your online accounts and see if you spot a weird device or login.
We have a comprehensive guide on how to check if your Gmail, Apple ID, Facebook, IG, WhatsApp, Telegram, Discord, etc have been hacked.
techcrunch.com/2025/03/25/h...
We have a comprehensive guide on how to check if your Gmail, Apple ID, Facebook, IG, WhatsApp, Telegram, Discord, etc have been hacked.
techcrunch.com/2025/03/25/h...
How to tell if your online accounts have been hacked | TechCrunch
This is a guide on how to check whether someone compromised your online accounts.
techcrunch.com
March 26, 2025 at 4:24 AM
This is real handy to have in the pocket when some family/acquaintance asks about a service or platform you yourself don't use. "Just click about and see if anyone has logged in as you" makes sense to us nerds, but for normies, this is helpful as! Thanks Lorenzo!
Reposted by metlstorm
We’re stoked to say Amberleigh Jack has joined Risky Biz full time as a producer and editor.
Amberleigh has mountains of experience as a journalist and editor and she’s already such an important part of the team.
She also has a deep connection to security via her (sadly departed) brother Barnaby
Amberleigh has mountains of experience as a journalist and editor and she’s already such an important part of the team.
She also has a deep connection to security via her (sadly departed) brother Barnaby
March 21, 2025 at 1:24 AM
We’re stoked to say Amberleigh Jack has joined Risky Biz full time as a producer and editor.
Amberleigh has mountains of experience as a journalist and editor and she’s already such an important part of the team.
She also has a deep connection to security via her (sadly departed) brother Barnaby
Amberleigh has mountains of experience as a journalist and editor and she’s already such an important part of the team.
She also has a deep connection to security via her (sadly departed) brother Barnaby
Jesus, I think rather than being booted outta FVEY, Canada’s spooks are gonna be more like
two men standing next to each other with the words lea may i be excused on the bottom
ALT: two men standing next to each other with the words lea may i be excused on the bottom
media.tenor.com
February 28, 2025 at 9:45 PM
Jesus, I think rather than being booted outta FVEY, Canada’s spooks are gonna be more like
Why you gotta be like this Cisco? Quote the url to get your "entitlement to a free upgrade" for a CVSS 10/10 bug in your product?
Really? Thats where we're at with product security in 2025AD? SMDH.
🖕🌉🖕
Really? Thats where we're at with product security in 2025AD? SMDH.
🖕🌉🖕
February 19, 2025 at 2:38 AM
Why you gotta be like this Cisco? Quote the url to get your "entitlement to a free upgrade" for a CVSS 10/10 bug in your product?
Really? Thats where we're at with product security in 2025AD? SMDH.
🖕🌉🖕
Really? Thats where we're at with product security in 2025AD? SMDH.
🖕🌉🖕