Re entry blasts from maccheroni dropped from orbit (stored in said satellites)trigger localized emp shockwaves which selectively bitflip results in specific machines.
Easy, as long as you don't put cream in it.
After a few days in Thailand.
Me: takes picture of "interesting" engineering solution in the streets
Wife: are you prepping for that slide deck *again*?
Me: ....
Wife: you promised you'd stop
Me: sorry love, this narrative basically writes itself!
Guess we are about to find out if we can prop up OSV fast enough.
My kneejerk reaction to CVEs for EOL software is reasonably positive. It's clearly abusing the system, but would most likely have a net positive security impact in many cases.
(of course I know of the various pwn2own-like, have visibility on a number of bounty programs, dealers etc. I'm specifically asking about a ready-to-use, commonly accepted resource)
I recently had to walk someone through their concerns of being targeted by hackers, and take steps to defend. One of the things we considered was "how much money will they spend on you", assessing the cost of 0days for a few software.
That got me wondering: do we have a handy, accepted pricelist?
Impressively enough none of them are correct.
Let's ask clippy:
It seems you are trying to translate Italian cousins. Don't you want to order McDonald's instead?
:)
On the fifth day of Christmas, Thucydides sent to me
Tragic irony!
Four hundred oligarchs,
Fear, honour and interest,
A bipolar conflict
And a κτῆμά ἐς αἰεὶ.
CVE-2024-12727 Sophos coming in with an unauthenticated SQLi in their firewall appliance 👏
Repeat after me: I will not talk about vulnerability management until I've at least read CVSSv4 and understood it.
Deep down we all expect, at some point, out of the blue, you will just post something that revolutionizes security and we want to be the first to know and say "ah! All those chainsaws did not fool ME"
Ssssssst.
Trade secrets.
I'm now reading Red Mars and it's great. Of course as any good book suggestion it's actually a trap.
Most fucking definitely.
I can't quite believe it but I woke up this morning with the distinct feeling we might actually have a real, no BS usage for formally written down threat models.
My 24y old self pentester would laugh so hard at me I'd break a rib.
Picard management tip: Try your best to speak in a way the other person will understand, even when it seems nearly impossible.
We have a few CVEs lying around if you ever feel like upping those numbers Lea :+)
All jokes aside, I think cyber warfare would be tough as the baseline reliability of many critical IT systems isn't that great anyway.
If Amazon could link my buying habits and your book tweets, they would probably give you some incentives to tweet more...
#warhammer enjoyers and other hobbyists: Vallejo workers are on strike. Please try not to get any Vallejo product until the situation changes!
Wiz really is a very serious player in vuln management. I like a number of things about dazz's tech. Well done.
I'm only here for the shitposting sir
Yeah I probably have to fix stuff
That's a very Jason answer :)
@geffner.bsky.social I see you are working in scanning these days :+)
Oh, I never posted my gotofail story on here.
Early 2014, someone came to me about a catastrophic vulnerability in Apple's TLS implementation.
I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.
Word of advice: do not exclusively rely on agent(less) and/or cicd based scanning, unless you are purely serverless. Quite a few gaps you cannot pick up without network based, starting from trivial stuff like weak passwords.
Even a basic open source solution is better than nothing :)