Advertisement · 728 × 90

Posts by fysac

Post image

Nooooooo!

3 weeks ago 0 0 0 0

Is anyone actually able to get CVEs assigned these days? It’s been over two months for some of my requests.

3 weeks ago 0 0 0 0
Progress: [ 28%] packages have been installed but needrestart is suspended packages have been installed but needrestart is suspended packages have been installed but needrestart is suspended Exception during pm.DoInstall(): E:Sub-process /usr/bin/dpkg received a segmentation fault.

Progress: [ 28%] packages have been installed but needrestart is suspended packages have been installed but needrestart is suspended packages have been installed but needrestart is suspended Exception during pm.DoInstall(): E:Sub-process /usr/bin/dpkg received a segmentation fault.

Um... that's bad

2 months ago 0 0 0 0

do-release-upgrade over unmultiplexed remote terminal #yolo

2 months ago 0 0 1 0

I think fuzzing activates the same addiction pathways in my brain as a slot machine or something. I’m always just one harness modification away from getting a crash. My brain feels absolutely fried afterward in a way that’s unlike any other way I use a computer.

3 months ago 0 0 0 0
Post image Post image
3 months ago 0 0 0 0

A reminder that if I block you, it’s definitely because I’m afraid of your superior intellect, arguments, and attractiveness. It has nothing to do with your being an annoying, toxic dimwit.

5 months ago 52 3 0 0

Happy Memory Safety Day to all who observe. 🔐

5 months ago 13 3 0 0
Video

Exploit demo for CVE-2024-51317, a use-after-free in the NetSurf web browser enabling arbitrary code execution when JavaScript is enabled. Target is NetSurf 3.11 on Ubuntu 22.04.

Patched in upstream source code, still making its way to distro packages. To mitigate, disable JS (off by default).

5 months ago 0 0 0 0

Cable management is the bane of my existence

6 months ago 0 0 0 0
Advertisement

I am doing a survey of supply chain attacks, and it's annoying how 95% of the analysis is on payloads vs. compromise vectors.

Yes, you are a very smart reverser and that's a very clever payload. Yes, rolling out phishing-resistant auth is a slog. No, this is not how we make progress.

</rant>

6 months ago 88 14 6 0
11 months ago 59 14 3 1

New in Go 1.24: os.Root, to prevent path traversal by constraining filesystem ops to a root directory. Seems pretty cool.

pkg.go.dev/os@master#Root

1 year ago 0 0 0 0

reddit allowing threads less than a year old to be archived is legitimately infuriating.

1 year ago 1 0 0 0

VPN vendors have huge budgets to advertise on your favorite podcasts.

We don't have marketing for the IETF, browser and OS security teams, CAs (Let's Encrypt), CDNs, researchers, open source authors, website builders, digital rights activists...

We made the web secure and didn't tell anyone.

1 year ago 818 179 10 5