Profile avatar
wdormann.infosec.exchange.ap.brid.gy
I play with vulnerabilities and exploits. I used to be https://twitter.com/wdormann but Twitter has become unbearable, so here I am. [bridged from https://infosec.exchange/@wdormann on the fediverse by https://fed.brid.gy/ ]
169 posts 80 followers 3 following
Regular Contributor
Active Commenter
Posts 26 Comments 24

It's sorta funny to see the diff where Mozilla removes the phrase: > Unlike other companies, we don’t sell access to your data. > from their ToS. 😬 > https://github.com/mozilla/bedrock/commit/d459addab846d8144b61939b7f4310eb80c5470e

submitted 11 hours ago β€’ 0 comments

There something cathartic about just holding down Cmd-W for a minute or so and taking a deep breath. Yes, sometimes it takes a minute to go through all of my open tabs. πŸ˜‚

submitted 16 hours ago β€’ 0 comments

Is um @signalapp down?

submitted 19 hours ago β€’ 2 comments

Something I just figured out based on a discussion over at the Bad Place: Apparently Windows has a major flaw in the handling of the Microsoft recommended driver block rules This list is composed of bad drivers that are listed by mainly either the […] [Original post on infosec.exchange]

submitted 1 day ago β€’ 1 comment

Recently I learned that a carbon arc lamp is a thing. I feel like David Lynch would have enjoyed this sort of light source. https://www.youtube.com/shorts/PcXPJK2drWI

submitted 1 day ago β€’ 0 comments

[uspol] Every federal credit card is frozen for the next 30 days, unless it's used for disaster relief or natural disaster purposes, so that DOGE can do DOGE things […] [Original post on infosec.exchange]

submitted 1 day ago β€’ 0 comments

Infosec thoughts: Microsoft has crystal clear recommendations for compile-time exploit mitigations that they recommend **However** , when it comes to Mark of the Web (MotW), I can find no such advice. (e.g. if I'm a file consumer, I should do `foo` when opening a file tagged with MotW, or if […]

submitted 1 day ago β€’ 1 comment

Did Barron's really leave a headline out there for 5 hours that said the exact opposite of what they intended? Original: > Tesla Stock Is Rising. Where the Charts Say It Could Be Headed Next. Updated: > Tesla Stock Is Falling Again. Where the Charts Say […] [Original post on infosec.exchange]

submitted 2 days ago β€’ 2 comments

[Twitter, Elon Musk] There is a non-trivial group of people in this world who consider Elon Musk to be brilliant. I just don't get it. Yes, I still occasionally check in on Twitter, due to the infosec holdouts that are apparently Nazi-accepting. And […] [Original post on infosec.exchange]

submitted 2 days ago β€’ 0 comments

From over at the Bad Place: There's an interesting NTFS symlink attack outlined here: https://dfir.ru/2025/02/23/symlink-attacks-without-code-execution/ Basically, if an NTFS filesystem is corrupted in a way to provide duplicate file names, Windows will […] [Original post on infosec.exchange]

submitted 3 days ago β€’ 0 comments

Me to a major vendor, in a PGP-encrypted email (their request): . Here's an animated GIF showing exploitation of the vul. Please let me know how I can get a large file to you so I can get the PoC to you. Vendor: Please send us a GIF and the PoC. Me: I already sent the GIF. Are you saying you […]

submitted 3 days ago β€’ 1 comment

[Uspol, Twitter] Just think... It's probably somebody's full-time job at Twitter to steer Grok away from reality and towards Elon Musk's worldview. Compare yesterday's answer to "Who are the 3 people doing the most harm to America right now? Just list the […] [Original post on infosec.exchange]

submitted 5 days ago β€’ 1 comment

I'm sure that such things can be purchased, but I made a thing! For tending to my plant babies, I figure it would be useful to have a way to control lights and maybe a fan on a schedule. Using mostly electronics junk and a couple of new pieces, I now have […] [Original post on infosec.exchange]

submitted 7 days ago β€’ 1 comment

Encrypted Apple iCloud option for UK customers is being pulled. Because only criminals use e2e encryption, this will only hurt criminals. https://www.bbc.com/news/articles/cgj54eq4vejo

submitted 7 days ago β€’ 0 comments

Me: It's kind of nice that so many things just use USB-C cables these days. Also me: I don't like that there are basically 7 different cable types that have the same physical form factor. 😬

submitted 8 days ago β€’ 2 comments

New Parallels "victim"-assisted LPE 0day dropped due to ZDI not playing well with the reporter: https://jhftss.github.io/Parallels-0-day/ I've confirmed that it works fine on Intel. Though ARM may require some retooling (if it's vulnerable)

submitted 8 days ago β€’ 1 comment

Sometimes I google man pages. And sometimes those man pages make me chuckle. https://linux.die.net/man/1/lshw And then I realize that those online man pages might be really old. (This bug in the man page was fixed 15 years ago) I gotta get out more.

submitted 9 days ago β€’ 0 comments

[Uspol] "I am pleased to announce that the Great Elon Musk, working in conjunction with American Patriot Vivek Ramaswamy, will lead the Department of Government Efficiency," Trump said in December 2024. Joshua Fisher: "[Musk] is not an employee of the U.S […] [Original post on infosec.exchange]

submitted 10 days ago β€’ 1 comment

[Uspol] Clbuttic example of what happens when you search for bad words and take action on them without engaging a brain. "OSHA Best Practices for Protecting EMS Responders During Treatment and Transport of Victims of Hazardous Substance Releases" has been […] [Original post on infosec.exchange]

submitted 11 days ago β€’ 1 comment

[Twitter] Twitter is blocking Signal links. Rumor has it that the reason is that Signal is being used by federal workers to blow the whistle on DOGE. Obviously I cannot confirm the rationale, but I can (and have) confirm that such links are indeed being blocked on Twitter […]

submitted 11 days ago β€’ 1 comment

[uspol] This official White House page that justifies the shutdown of USAID has lots of references. Given all the references, this surely is well-grounded, right? Let's look at where most of the references go, and example publications from such resources […] [Original post on infosec.exchange]

submitted 15 days ago β€’ 0 comments

[uspol] How long before Trump realizes that he's clearly not the center of attention anymore? Even Musk's toddler prop/human-shield is probably getting more attention than the president. I'm pretty sure that narcissists don't like this?

submitted 16 days ago β€’ 0 comments

Well, it's game over, folks. I'd attackers in the wild are successfully convincing victims to run whatever is in your clipboard as admin... https://x.com/MsftSecIntel/status/1889407814604296490

submitted 17 days ago β€’ 0 comments

For folks still running Ivanti stuff for some reason, you've got work to do. Again. CVE-2025-22467 is a CVSS 9.9 stack buffer overflow RCE […]

submitted 17 days ago β€’ 1 comment

Apparently Google is just shitty. No duress signal or anything here. Just trying to fit in by being shitty. πŸ€¦β€β™‚οΈ

submitted 17 days ago β€’ 4 comments

People who updated to iOS 18.3.1 today: Did you see a "Welcome" screen on reboot, and subsequently also an Apple Intelligence screen that automatically turns it on? Out of my two iPhone devices (on two different Apple accounts), both of them got the […] [Original post on infosec.exchange]

submitted 18 days ago β€’ 1 comment