Profile avatar
kugg.bsky.social
https://www.jerkeby.se
32 posts 31 followers 33 following
Regular Contributor
Active Commenter
Posts 18 Comments 23

Festligt att en app som skapades av en anarkist med dreadlocks blir officiell i Försvarsmakten. www.dn.se/sverige/appe...

submitted 14 days ago • 4 comments

En samtidskommentar: youtu.be/xwPhD3X6Tl0

submitted 19 days ago • 0 comments

Korea's attempted coup was no less dangerous or politically protected by career opportunists and cowards than the current coup in the US was. It was shut down in 6 hours. The president was in jail within weeks. It's only impossible to resist if you are convinced it is impossible to resist.

submitted 19 days ago • 14 comments

Try some atmospheric youtu.be/9G9HPThcyBE

submitted 24 days ago • 0 comments

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...

submitted 36 days ago • 1 comment

I really need the conversation not to veer towards "malicious contributors could just stealthily introduce bugs!" because 1) that's not what happened with xz-utils and 2) we all fuck up sooner or later and the last thing we need is to be accused of being sleeper intelligence agents.

submitted 329 days ago • 8 comments

github.com/amlweems/xzbot

submitted 332 days ago • 0 comments

I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission. The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It's RCE, not auth bypass, and gated/unreplayable.

submitted 334 days ago • 7 comments

Är det möjligt att kriminalisera telefonförsäljning? Alltså ett företag får inte ringa en kund (företag eller privatperson) om inte detta avtalats i förväg.

submitted 354 days ago • 0 comments

Så här idag på åttonde mars kan jag konstatera att säkerhetsbranschen inte varit den mest jämställda under de sisådär trettio år jag jobbat där. Fortfarande tror jag medvetenheten om detta är förvånansvärt låg bland de som uppför sig som mest "gubbigt".

submitted 356 days ago • 0 comments

Om det är något jag lärt mig efter några år med appsec så är det att dast och sast bara bidrar med en falsk trygghet. Endast om skanningen är anpassad som en regressionskoll av redan kända problem får den en positiv effekt på slutresultatet.

submitted 362 days ago • 1 comment

Vad är konsekvenserna av att polisen hackar tillbaka? Strategier bortom rätt och fel diskuteras, doxa, bränna eller radera och i vilken ordning? directory.libsyn.com/episode/inde...

submitted 364 days ago • 0 comments

En kritik av pentest branchen. Konkurensen har ökat. Tech kraven gör det svårt för nya att komma in. Hitta en nisch. Skippa konsultlivet, bli inhouse testare först. Bidra till öppen forskning. assume-breach.medium.com/im-not-a-pen...

submitted 396 days ago • 0 comments

Why would APPLE or ARM implement a hidden assembly instruction that disables memory protection on all devices? arstechnica.com/security/202...

submitted 414 days ago • 1 comment

Can I intrest you in a recording from my collection of floaty breakbeat idm records from recent years? (It makes you smart) m.soundcloud.com/bigup2dance/...

submitted 450 days ago • 0 comments

I keep hearing that there's a void in the InfoSec community because of the uncertainty around Twitter/X. I wonder where this will take us. BlueSky? Mastodon? Or is the party over at Telegram and Discord these days? P.S. I've been off of social media for a long time.

submitted 503 days ago • 2 comments

I still have not found anyone I know here. Do I use a migration tool or whats the plan?

submitted 510 days ago • 1 comment

How do you make nervous people happy?

submitted 512 days ago • 1 comment