Malcolm Stagg
@malcolmst
Followers
509
Following
2K
Media
41
Statuses
164
Ethical hacker @synackredteam. Working on software/electronics, AI and robotics projects @sodium_24. Former @DARPA challenge competitor. Opinions are my own.
Keller, TX
Joined June 2009
Government overreach kidnapped an orphan squirrel and executed him ….
0
0
1
@Microsoft @MicrosoftHelps Is there any way I can have correct formatting without being forced to change my privacy settings @Microsoft?.
1
0
0
@Microsoft @MicrosoftHelps the only difference between these two screenshots is turning the privacy setting on or off. This shouldn’t cause the formatting to be completely different.
1
0
0
Apparently if you have the Office 365 privacy setting “Turn on all connected experiences” turned off, the Apsos font no longer renders correctly. It silently uses Apsos Display which is totally different spacing. Is this expected @Microsoft? Why force me to have this turned on?.
1
2
2
I have a video demo showing exploitation against an enterprise extension.
0
0
3
Appreciate @synack @README_Security publishing my writeup about CVE-2024-0333:.
synack.com
Discover how the Zip Embedding Attack targets Google Chrome Extensions. Malcolm Stagg explains this critical vulnerability and its security implications.
1
0
6
RT @xvonfers: (CVE-2024-0333)[1513379][Extensions][Updater ][crx_file]CRX3 File Signature Verification Bypass via Embedded ZIP64 Payload is….
0
1
0
Interesting Google Chrome vulnerability I reported before Christmas was fixed today (CVE-2024-0333). I’ll post more details later after people have a chance to update.
chromereleases.googleblog.com
The Stable channel has been updated to 120.0.6099.216 for Mac,Linux and 120.0.6099.216/217 to Windows which will roll out over the coming da...
1
0
8
The new @DARPA challenge from @perribus looks very exciting! Seriously considering coming out of DARPA challenge “retirement” to work on this one.
I’m excited to announce the AI Cyber Challenge, a major, two-year @DARPA competition challenging the best and the brightest in cybersecurity and AI to secure the systems on which all American rely.
0
0
3
RT @README_Security: As we prepare for the holidays, we’re counting down our most popular stories of 2022, starting with “How I hacked my w….
0
2
0
Incredibly happy and excited to become an American citizen today! I love this country and all it represents. It is truly the greatest nation in the world. God Bless America!
4
0
23
This looks like an awesome platform. Great work developing this @bunniestudios! Looking forward to making use of it for some projects. #Precursor #riscv
0
0
6
Are there any US domestic PCB fabrication services that support microvias in-house? Surprised to see that fabrication for microvias always seems to be outsourced overseas. Wish I could just use @oshpark 🙂.
1
0
1
Thanks for the mention in the “security near miss” @openbsd! 🙂 Great to see this was patched as a precaution.
OpenSSH 8.9 has been released. This release contains support for path-restricted keys in ssh-agent(1), a "near miss" security fix, a post-quantum algorithm was added to the default KEXAlgorithms list, & many other improvements! Read the release notes here:
1
2
11
RT @README_Security: ICYMI: A DARPA-backed bug bounty challenged >500 top security researchers to find vulnerabilities in ultra-secure comp….
0
1
0
Working on the @DARPA FETT bug bounty with @SynackRedTeam for a few months in 2020 was an incredible experience for me. I really appreciate @Synack, @DARPA, and @README_Security letting me share about it all.
1
33
86
RT @SynackRedTeam: Check out this deep dive from @malcolmst on how he #hacked secure hardware prototypes as part of the @DARPA FETT #BugBou….
0
18
0