Logyi várja a Mikulást
@lojikil
Followers
3K
Following
77K
Media
72
Statuses
2K
Brains in the "trying to be a good dad despite having a bad dad" gang. ☦️|Philosopher|Offensive Security|PLT
the infosec oil barrel
Joined September 2011
Will mastodon assuage the deep-seated concerns about social media that I have? Absolutely not. Will it maybe be a cool place to release some bots? Maybe.
0
0
4
this is a niche costume, but one year I want one of my kids to dress up as your company's complete lack of operational security
0
0
4
RT @GlaasGD: attending #RoguelikeCelebration right now and the talks are super good! it barely started, strongly recommend you check it out.
0
2
0
Every public Java library grows until it has some form of OGNL injection. /cc @DanAmodio.
@GossiTheDog Similar to CVE-2022-33980 🤔.${script:js:java.lang.Runtime.getRuntime().exec("ping -c1 10.10.10.10")}.
1
0
2
Also, the amount of semantic tools that default to CSV instead of n-triples or Turtle or the like is quite sad really.
1
0
1
I haven’t worked in semantic data properly in years, but it’s amazing how unfriendly the tools have become to import/export, even as they have become amazing for doing the work.
1
0
2
It’s basically me acting like Buck Turgidson for an hour
Absolute AppSec presents a special episode at 12 Noon Eastern/ 10 AM Mountain time! Join @sethlaw and guest host @lojikil with special guest @LegendaryPatMan. Key topics: #Informationwarfare vis-a-vis the real world case of Ukraine, #infosecurity, etc,
0
0
3
RT @absoluteappsec: Absolute AppSec presents a special episode at 12 Noon Eastern/ 10 AM Mountain time! Join @sethlaw and guest host @lojik….
0
2
0
It’s interesting that Multics solved certain classes of supply chain attacks (“Trojan horse” in the link below) in the 70s and we now act like this is truly a hard problem that is hard to solve…
1
4
7
Thinking about this further, part of the issue is that CVEs are taken as a quality statement, rather than a point in time, point in environment issue. - Zero CVEs doesn’t mean your system has no flaws.- Finding CVEs means your bug tracking issue is public, not how smart you are.
The House passed a defense spending bill saying you can't sell software to the DoD that has *any* known CVEs in it.
0
5
21
hardly surprising from experience but super interesting research pinning harder numbers as to the why.
0
1
4
Me: [disables all location information in twitter and phone preferences].Twitter: hey would you like to know what people in your town are tweeting about?.Me: literally no.
0
0
3
Does anyone know of the *opposite* of a boot2root? Like a local or online blue team CTF where you are given an image/log/whatever and have to find and remediate the problem?.
1
0
0
Collecting “incredible journeys” one tshirt and tchotchke at a time….
Meet Christian Warren, the software developer who has developed a niche hobby: collecting branded swag from massively hyped companies with epic flameouts — like Fyre Festival and CNN+.
0
0
1
Listen, Google, I get it, I’m bad about opening a new calendar tab each time rather than finding the open one, but please only play the sound once, not 32 or more times, ok?.
2
0
12
RT @herokustatus: Update: Heroku Security Notification
0
10
0
RT @GitHubSecurity: GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrat….
github.blog
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to...
0
662
0
RT @TheMijCipher: Check out our latest blog post! My teammates and I have discovered several, severe vulnerabilities stemming from insecure….
0
8
0