so apparently a Palestine protest group are committing serious acts of vandalism in central london but this is not being reported because: a) the victims don't want to advertise the vulnerability b) the group fucked up and the intended victim moved location

another obviously untested/unreviewed cryptographic challenge implementation. you can tell because the challenge looks like: [B@12ab34cd . why would you have the result of java bytes.toString() in your authentication protocol?

https://t.co/C1cB6X1Cmw is on fire. this also seems to be effecting the EC2 ubuntu mirrors. I suspect they lazily cache packages so if your package is not cached the EC2 ubuntu mirrors are returning 503.

looks like a new frida 16.2.0 release is in github but no announcement on the main frida site yet

has anyone else noticed the interesting list of naught words in /System/Library/PrivateFrameworks/DialogEngine.framework/DialogEngine > "it’s like they hired some dutch boomer to come up with the most depraved combos"

Colorado should not be able to bar Trump from the Primaries due to being unqualified under the 14th since it is not clear that he would be unqualified at the point of assuming office even if he was guilty of insurrection. A vote by both houses can remove the disqualification.

aws ipv4 charging rant: * you want to access dynamodb streams from EC2 you will need a public ipv4 address and we will charge you for it * you can't even use private link and pay AWS the privilege of connecting to their own services.

for anyone playing around with AWS ALB MTLS. the new headers are: X-Amzn-Mtls-Clientcert w/passthru, and X-Amzn-Mtls-Clientcert-Serial-Number, X-Amzn-Mtls-Clientcert-Issuer, X-Amzn-Mtls-Clientcert-Subject, X-Amzn-Mtls-Clientcert-Validity and X-Amzn-Mtls-Clientcert-Leaf w/verify

TIL: glib uses a mutex that is shared between all objects for handling signals. https://t.co/9Dma0PTHss https://t.co/XBcDi1xoEx

has anyone seen sites hosted behind Cloudflare return HTTP2 message of type 12 [?] which have a 16 bit length followed by the string https://t.co/fGyDIwafVo . a bit spooky...

i present to you jan 6th the broadway muscial:

hash-dos review of #erlang/#elixir phash/phash2 https://t.co/D30cKDA9yz erlang dict/ets potential denial of service. new maps based on hash array mapped trie don't seem vulnerable

An upside of the current voter fraud allegations should be more support for voting that is automatically verified by risk limited audits conducted manually using paper ballots. The good thing is some of the states in question already do this.

Even light censorship works for a while. I, for example, apparently had no idea just how crazy the claims in the Hunter Biden story really are. Still trying to get my head around what I think I just saw.

Anyone else get an email purporting to be from Maryland State Board with passing SPF and DKIM but DKIM is from https://t.co/SooqOO19CD which looks like a scam.

I think some of the AV vendors have a closed source version of this.

Is there a TLS mitm solution that can decrypt and inject live using knowledge of the master secret? I can use wireshark for this offline. An interface where I implement the function (handshake_records) -> master_secret would be perfect.

OTP-16765 -> If you were using {session_tickets, auto} with TLS 1.3 and connecting to server A and B then server B could MITM traffic going to server A. ( https://t.co/BR1uF8v6lH)

Remember 2^5 . 100 maximum fine applies if you fail to wear a mask on public transport. The same law was in effect when it was 2^0 . 100 minimum but now the sign is red.

TIL: Phoenix will kill your request PIDs when a client closes the TCP connection. it’s like the user has the option to pull the power from your server whenever they choose. I’m sure there won’t be any security issues related to this. #elixir