Sijisu
@sijisu.eu
computers are an insecure mess
Computer Science student mff.cuni.cz, CTFs with wrecktheline.com & czechcyberteam.github.io
Computer Science student mff.cuni.cz, CTFs with wrecktheline.com & czechcyberteam.github.io
Reposted by Sijisu
BREAKING: Spyware maker NSO Group must pay $167 million to WhatsApp for a hacking campaign in 2019 that targeted more than 1,400 chat app users.
This is a huge win for WhatsApp. NSO says it will consider appealing.
techcrunch.com/2025/05/06/n...
This is a huge win for WhatsApp. NSO says it will consider appealing.
techcrunch.com/2025/05/06/n...
NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign | TechCrunch
The five-year legal battle between the Meta-owned company and the most notorious spyware maker in the world ends with a huge win for WhatsApp.
techcrunch.com
May 6, 2025 at 9:21 PM
BREAKING: Spyware maker NSO Group must pay $167 million to WhatsApp for a hacking campaign in 2019 that targeted more than 1,400 chat app users.
This is a huge win for WhatsApp. NSO says it will consider appealing.
techcrunch.com/2025/05/06/n...
This is a huge win for WhatsApp. NSO says it will consider appealing.
techcrunch.com/2025/05/06/n...
Reposted by Sijisu
"Were any of the Houthi Signal group members compromised at the time they discussed the Yemen attack plans? Frankly, it would be shocking if they were not."
My latest in @foreignaffairs.com on "The Real Lessons of SignalGate"
www.foreignaffairs.com/united-state...
My latest in @foreignaffairs.com on "The Real Lessons of SignalGate"
www.foreignaffairs.com/united-state...
The Real Lesson of SignalGate
A surveillance arms race has poked a gaping hole in national security.
www.foreignaffairs.com
April 24, 2025 at 11:52 AM
"Were any of the Houthi Signal group members compromised at the time they discussed the Yemen attack plans? Frankly, it would be shocking if they were not."
My latest in @foreignaffairs.com on "The Real Lessons of SignalGate"
www.foreignaffairs.com/united-state...
My latest in @foreignaffairs.com on "The Real Lessons of SignalGate"
www.foreignaffairs.com/united-state...
Reposted by Sijisu
Hot take: Skoro měsíc úplně vevnitř veřejné správy v tom mám docela jasno.
Veřejná správu nepotřebuje další rady, jak to dělat líp, ale potřebuje lidi vevnitř, kteří to líp odmakají.
Veřejná správu nepotřebuje další rady, jak to dělat líp, ale potřebuje lidi vevnitř, kteří to líp odmakají.
April 12, 2025 at 3:31 PM
Hot take: Skoro měsíc úplně vevnitř veřejné správy v tom mám docela jasno.
Veřejná správu nepotřebuje další rady, jak to dělat líp, ale potřebuje lidi vevnitř, kteří to líp odmakají.
Veřejná správu nepotřebuje další rady, jak to dělat líp, ale potřebuje lidi vevnitř, kteří to líp odmakají.
Reposted by Sijisu
I wrote a TempleOS pwn challenge for m0leCon CTF Finals 2025, which took place last week. Pretty fun, players really seemed to like it. Source and writeup here: github.com/mebeim/ctf-c.... Also shout out to Phillipp Mao from 0rganizers for his own writeup: philippmao.github.io/writeups/hol...
March 24, 2025 at 9:47 PM
I wrote a TempleOS pwn challenge for m0leCon CTF Finals 2025, which took place last week. Pretty fun, players really seemed to like it. Source and writeup here: github.com/mebeim/ctf-c.... Also shout out to Phillipp Mao from 0rganizers for his own writeup: philippmao.github.io/writeups/hol...
Reposted by Sijisu
Hours you work
carstein.github.io
March 22, 2025 at 9:48 AM
Reposted by Sijisu
Exciting news! Zed now has native Git support starting from v0.177. Designed for speed, Git-native functionality, and a keyboard-first workflow.
March 12, 2025 at 5:57 PM
Exciting news! Zed now has native Git support starting from v0.177. Designed for speed, Git-native functionality, and a keyboard-first workflow.
Reposted by Sijisu
I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.
Slides are here:
docs.google.com/presentation...
Slides are here:
docs.google.com/presentation...
Memory Safety
Is this memory safety here in the room with us? Halvar Flake / Thomas Dullien DistrictCon 0 2025
docs.google.com
February 22, 2025 at 11:40 AM
I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.
Slides are here:
docs.google.com/presentation...
Slides are here:
docs.google.com/presentation...
Reposted by Sijisu
Surely this new video won't make me seem like a crank.
www.youtube.com/watch?v=QEJp...
www.youtube.com/watch?v=QEJp...
Algorithms are breaking how we think
YouTube video by Technology Connections
www.youtube.com
February 22, 2025 at 5:05 PM
Surely this new video won't make me seem like a crank.
www.youtube.com/watch?v=QEJp...
www.youtube.com/watch?v=QEJp...
Reposted by Sijisu
(AP) — Elon Musk’s cost-cutting team is eliminating jobs at the vehicle safety agency that oversees Tesla and has launched investigations into deadly crashes involving his company’s cars.
#OligarchEra 🇺🇸
apnews.com/article/musk...
#OligarchEra 🇺🇸
apnews.com/article/musk...
February 22, 2025 at 7:10 PM
(AP) — Elon Musk’s cost-cutting team is eliminating jobs at the vehicle safety agency that oversees Tesla and has launched investigations into deadly crashes involving his company’s cars.
#OligarchEra 🇺🇸
apnews.com/article/musk...
#OligarchEra 🇺🇸
apnews.com/article/musk...
Reposted by Sijisu
The people who think they are good at everything because they are good at coding are also bad at coding.
February 4, 2025 at 7:34 PM
The people who think they are good at everything because they are good at coding are also bad at coding.
Reposted by Sijisu
Deepseek-R1...
1) Is very impressive
2) The 32B version runs very well locally on a 4090
3) Will put a lot of pressure on the big US labs to open-source
4) Will be used in a lot of abuse/spam
5) Has some interesting holes in its knowledge:
1) Is very impressive
2) The 32B version runs very well locally on a 4090
3) Will put a lot of pressure on the big US labs to open-source
4) Will be used in a lot of abuse/spam
5) Has some interesting holes in its knowledge:
January 25, 2025 at 10:35 PM
Deepseek-R1...
1) Is very impressive
2) The 32B version runs very well locally on a 4090
3) Will put a lot of pressure on the big US labs to open-source
4) Will be used in a lot of abuse/spam
5) Has some interesting holes in its knowledge:
1) Is very impressive
2) The 32B version runs very well locally on a 4090
3) Will put a lot of pressure on the big US labs to open-source
4) Will be used in a lot of abuse/spam
5) Has some interesting holes in its knowledge:
Reposted by Sijisu
This is a great post on bug bounty reddit!
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
January 24, 2025 at 2:14 PM
This is a great post on bug bounty reddit!
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
Reposted by Sijisu
A bug in Cloudflare (and just the nature of how CDNs work) let an attacker learn the broad location of Discord, Signal, Twitter users by just sending them an image, according to a security researcher. It works because check which data center cached the image www.404media.co/cloudflare-i...
Cloudflare Issue Can Leak Chat App Users' Broad Location
A security researcher made a tool that let them quickly check which of Cloudflare's data centers had cached an image, which allowed them to figure out what city a Discord, Signal, or Twitter/X user mi...
www.404media.co
January 21, 2025 at 2:40 PM
A bug in Cloudflare (and just the nature of how CDNs work) let an attacker learn the broad location of Discord, Signal, Twitter users by just sending them an image, according to a security researcher. It works because check which data center cached the image www.404media.co/cloudflare-i...
Reposted by Sijisu
Many YouTube videos lately are clickbait and stretch out a Wikipedia page into 30 minutes. Many videos are just questions with simple answers.
So I built tldw.tube: put in the URL and save your time!
(No hate on Veritasium, it just happened to work well for the screenshot)
So I built tldw.tube: put in the URL and save your time!
(No hate on Veritasium, it just happened to work well for the screenshot)
January 11, 2025 at 5:24 AM
Many YouTube videos lately are clickbait and stretch out a Wikipedia page into 30 minutes. Many videos are just questions with simple answers.
So I built tldw.tube: put in the URL and save your time!
(No hate on Veritasium, it just happened to work well for the screenshot)
So I built tldw.tube: put in the URL and save your time!
(No hate on Veritasium, it just happened to work well for the screenshot)
Reposted by Sijisu
My new C programming book is slowly taking shape. If you want to learn along, let's start with the basics of control flow:
godbolt.org/z/3GerY3zEc
1/5
godbolt.org/z/3GerY3zEc
1/5
January 8, 2025 at 7:55 PM
My new C programming book is slowly taking shape. If you want to learn along, let's start with the basics of control flow:
godbolt.org/z/3GerY3zEc
1/5
godbolt.org/z/3GerY3zEc
1/5
Reposted by Sijisu
I presented about file formats at #38C3.
Thanks for the feedback everyone!
speakerdeck.com/ange/fearsom...
Thanks for the feedback everyone!
speakerdeck.com/ange/fearsom...
Fearsome File Formats
Presented at 38C3 in Hamburg on the 28th December 2024.
With so many open-source parsers being tested and fuzzed, and widely available specs,
what c…
speakerdeck.com
December 28, 2024 at 5:19 PM
I presented about file formats at #38C3.
Thanks for the feedback everyone!
speakerdeck.com/ange/fearsom...
Thanks for the feedback everyone!
speakerdeck.com/ange/fearsom...
Reposted by Sijisu
Modern solutions against cross-site attacks (frederikbraun.de/modern-solut...): An article about cross-site leak attacks and browser-based defenses. You will also learn why web security best practices is always opt-in and finally how YOU can get increased security controls.
Modern solutions against cross-site attacks
Modern solutions against cross-site attacks
frederikbraun.de
November 27, 2024 at 7:50 AM
Modern solutions against cross-site attacks (frederikbraun.de/modern-solut...): An article about cross-site leak attacks and browser-based defenses. You will also learn why web security best practices is always opt-in and finally how YOU can get increased security controls.
Reposted by Sijisu
**This Website is Hosted on Bluesky**
This weekend I found myself digging through the AT Protocol specifications and the Bluesky Personal Data Server (PDS) implementation. In doing so, I discovered that I could setup a website that is fully hosted on Bluesky.
danielmangum.com/posts/this-w...
This weekend I found myself digging through the AT Protocol specifications and the Bluesky Personal Data Server (PDS) implementation. In doing so, I discovered that I could setup a website that is fully hosted on Bluesky.
danielmangum.com/posts/this-w...
November 24, 2024 at 8:40 PM
**This Website is Hosted on Bluesky**
This weekend I found myself digging through the AT Protocol specifications and the Bluesky Personal Data Server (PDS) implementation. In doing so, I discovered that I could setup a website that is fully hosted on Bluesky.
danielmangum.com/posts/this-w...
This weekend I found myself digging through the AT Protocol specifications and the Bluesky Personal Data Server (PDS) implementation. In doing so, I discovered that I could setup a website that is fully hosted on Bluesky.
danielmangum.com/posts/this-w...
Reposted by Sijisu
Spending hours with ChatGPT can save you minutes of reading the documentation.
November 18, 2024 at 12:45 PM
Spending hours with ChatGPT can save you minutes of reading the documentation.