Profile avatar
todb2.hugesuccess.org
Shmethical #Hacker. #Research mucky-muck at @runzero. #Election Judge. #CVE bagman. #Metasploit collaborator. Briefly a fed. #FriendofDeSoto. #Podcaster […] [bridged from https://infosec.exchange/@todb on the fediverse by https://fed.brid.gy/ ]
154 posts 40 followers 1 following
Prolific Poster
Conversation Starter
Posts 36 Comments 14

I have only anecdotal evidence, but I feel like iOS autocorrect is being more aggressively wrong lately. Correcting we’ll to well, border to boarder, and Tod to Today are three pretty consistent examples. This a known thing? Right now I’m on iOS 18.5 (22F76).

submitted 17 hours ago • 0 comments

I've shared this one before, but it's worth saying again... Price is Right was kind of formative for me as a kid... I was homeschooled, and it came on after my morning skating, so my treat was getting to watch it before getting to my homework for the day. It turns out there's a lot of shit you […]

submitted 1 day ago • 2 comments

Well I just got a refresher on how to spot #LLM generated #LinkedIn content and now I'm insufferable. https://www.youtube.com/watch?v=9Ch4a6ffPZY

submitted 1 day ago • 0 comments

A couple of things about these claims circulating that the 2024 election was "rigged": 1. The supposed "proof" is essentially the same nonsensical statistical gobbledygook that the MAGA people were claiming about 2020, with the parties reversed. 2. There is no legal mechanism to "recount" an […]

submitted 3 days ago • 1 comment

Back the blue.

submitted 4 days ago • 0 comments

Do not psych yourself out of going to #NoKings Day because of scary-sounding viral content. That’s not the vibe. This is a mass demonstration designed to be big, safe, and accessible. I can't wait to see you all out there. ♡

submitted 4 days ago • 79 comments

There are #NoKings events worldwide, but the map for North and Central America is wild. Find the one near you at https://www.nokings.org/

submitted 4 days ago • 3 comments

I was real bummed to discover that Mobile Justice from the ACLU was shut down. What do people like for live streaming at protests? https://www.aclu.org/mobilejustice (I'm looking forward to being scolded for live streaming from a public protest.)

submitted 4 days ago • 0 comments

Jen Easterly, formerly of #CISA, posted about the silly/fanciful names we give to threat actors […]

submitted 4 days ago • 0 comments

"Why does anyone still post to Twitter?" I muse to myself as I buy yet another hunk of trash from Amazon.

submitted 4 days ago • 0 comments

I’m in a real fscking mood today. So much fragmentation.

submitted 4 days ago • 1 comment

OH NO Battista's is remodelling? NO NO NO https://battistaslasvegas.com

submitted 5 days ago • 0 comments

Good news, everyone! @runZero just launched a pretty spiffy integration with Nuclei with our friends from Project Discovery! Pretty cool. Check it: https://www.runzero.com/blog/integrating-nuclei/

submitted 6 days ago • 0 comments

So here's a dumb question. Does CVE-2025-33053 actually affect Apache #mod_dav after all? #CISA #KEV seems to be implying this: "This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows." Like, is it a protocol bug, or a product […]

submitted 7 days ago • 0 comments

Well, that's curious. @greynoise is tracking a spike in #ApacheTomcat login attempts. https://www.greynoise.io/blog/coordinated-brute-force-activity-targeting-apache-tomcat-manager

submitted 7 days ago • 0 comments

#CISA added the Erlang/OTP and RoundCube bugs to the #KEV today. @runZeroInc already has queries for both of these -- the Erlang/OTP one since April. Both are trivial to #exploit. rZ users should be well ahead of this today. https://www.runzero.com/blog/erlang-otp-ssh/ […]

submitted 8 days ago • 0 comments

It's not just me, right? Post-quantum crytography aka #PQC, especially quantum-resistant cryptography, smells an awful lot like snake oil. I cannot figure out how people sell this stuff with apparent sincerity when it's clearly impossible to test in production.

submitted 8 days ago • 6 comments

#RoundCube bugs are nearly always a big deal. Pay attention to this one, CVE-2025-49113. I’d be surprised if a #PoC #exploit takes longer than a day or two to surface. It does require the attacker to have an account, but that’s sometimes a pretty low barrier to entry (depending on the site) […]

submitted 13 days ago • 1 comment

This is a pretty amazing piece. It’s a great experiment to show that ChatGPT, the arguable best of breed in generalized LLMs, is absolutely not trustworthy without close monitoring. For basically anything. https://amandaguinzburg.substack.com/p/diabolus-ex-machina

submitted 13 days ago • 0 comments

mini Mikko and maxi Mikko at #infosecEurope

submitted 14 days ago • 0 comments

“I teach 18 year olds who range in reading levels from preschool to college, but the majority of them are in the lower half that range. I am devastated by what AI and social media have done to them. My kids don’t think anymore. They don’t have interests. Literally, when I ask them what they’re […]

submitted 15 days ago • 2 comments

holy shit Cliff Stoll is amazing. Please let me grow up to be like Cliff. #THOTCon

submitted 18 days ago • 0 comments

#FTP (and especially FTPS) is such a weird and terrible protocol. I’m glad #curl continues to support it but hoo boy, is it nightmarish to actually operate on a network level. https://mastodon.social/@bagder/114593126392344341

submitted 19 days ago • 0 comments

I’m staying at Longman & Eagle while in town for #THOTCon and it’s pretty much the Prancing Pony. I am expecting to get entangled in a quest before the weekend is out. So cool. https://www.longmanandeagle.com

submitted 19 days ago • 0 comments

Welcome @ieeespectrum to the #fediverse with this new account! A very worthwhile follow! cc: @fediversenews @fediversereport https://mastodon.social/@ieeespectrum/114580636498075304

submitted 19 days ago • 0 comments

Last #THOTCon I got to hang out with Information Society at Rocky Horror Picture Show. Maybe this year I'll hang out with the surviving cast of RHPS at an InSoc show? I really don't know what else could top last year.

submitted 20 days ago • 0 comments

Hey, this is kind of a drop what you're doing event if you're an #ASUS router user. Check now. https://www.runzero.com/blog/asus-ssh-backdoor/

submitted 20 days ago • 0 comments

Oh don't worry it's getting worse at #CISA https://www.cybersecuritydive.com/news/cisa-senior-official-departures/748992/

submitted 21 days ago • 0 comments

[todb-spotting] I’m going to be at #thotcon this week and #infosecEurope next week. Just fyi. No speaking slots to shill for, just chill hangs on offer.

submitted 23 days ago • 0 comments

Say, what's the first major-release film to mention either "the internet" or "the world wide web?" (Or, alternatively, "DNS" or "SMTP" or "TCP/IP" or other uniquely internet technology, though that seems doubtful.) And I mean mention as in, either in dialogue or printed and shown on screen in […]

submitted 25 days ago • 2 comments

I can see some marginal utility for the new iPhone mirroring functionality in the new MacOS. But I wasn't expecting it to stick to the crummy tiny screen. Why? Even View > Larger isn't all that big. I suspect the main use is to annoy your audience with […] [Original post on infosec.exchange]

submitted 27 days ago • 0 comments

I had a pretty good idea recently that, if implemented, might literally trigger WWIII. I guess we’ll all find out together!

submitted 27 days ago • 1 comment

Well, that’s another pretty serious blow to #CISA. I know there are tons of good people still left but without folks like Matt to do the block and tackle work to keep them safe, it’s going to be harder for them to keep doing the work in keeping America secure […]

submitted 27 days ago • 0 comments

Scoop: Matt Hartman, the No. 2 official at CISA's Cybersecurity Division, is leaving the government at the end of the month. Hartman, a 15-year DHS employee, told staff in a town-hall meeting this morning. www.linkedin.com/in/matt-hart... www.cisa.gov/speaker/matt...

submitted 28 days ago • 2 comments

I am flabbergasted that there isn’t a low quality, high volume industry based around Victoria Day decorations and costumes. #Steampunk #cosplay aficionados, why haven’t you been riding for this for decades? I feel like Spirit Halloween could really do with some diversification, and this is in […]

submitted 30 days ago • 0 comments

It’s amazing how crummy my #Tmobile international roaming is in Canada (piggybacking on TELUS). Almost nothing works, except for my #Mastodon client, @ivory. Seems like it’s the only one designed for low bandwidth environments.

submitted 31 days ago • 0 comments