wow its been a while since i posted here
Administered by:
eva@eva@coolmathgam.es
computer witch, unprofessional hacker
- Joined
- pronouns
- she/her
- matrix
- @eva [coolmathgam.es]:blahaj.nyc
- website
- https://kibty.town
- xyzeva@riseup.net
wow i havent checked here in a while
i hate modern web security
nothing like randomly scrolling on twitch and seeing a streamer use a service and then continuing to find a critical vuln in it
900 Sites, 125M accounts, 1 Vulnerability
https://news.ycombinator.com/item?id=39742422 (upvotes appreciated)
https://env.fail/posts/firewreck-1
news.ycombinator.com900 Sites, 125M accounts, 1 Vulnerability | Hacker News
NEW: An AI hiring chatbot used by fast food franchises got hacked, allowing hackers to hire or reject fast food workers and revealed chat logs and personal data
https://www.404media.co/hackers-break-into-hiring-ai-chat-bot-chattr/
404 Media · Hackers Break into AI Hiring Chatbot, Could Hire and Reject Fast Food ApplicantsChat logs sent to 404 Media show the chatbot automatically denying at least one applicant on certain criteria.
@notniteThunderstore: the only mod platform where they'll mass delete innocent uploads of mods and then ban the package from ever existing because their code thinks my CI that's worked for months is now invalid
my mind is still blown by how simple a vuln i found 2 days ago is
the fuck-ups of a microsoft partner
kibty.townwhy client-side environment variables are a bad idea - kibty.town
can i get some boosts to make sure federation doesnt explode
evapersonal, frens
eva<p>reversing rust binaries (even in debug mode) with lots of libraries is hard</p>
eva<p>hello fedi</p>
annie 🧸
LogoiLab<p>Facial recognition is just facial recognition.</p>
eva<p>Loving the security theathre of Jellyfin, this critical PR (<a href="https://github.com/jellyfin/jellyfin/pull/10291" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/jellyfin/jellyfin/p</span><span class="invisible">ull/10291</span></a>) that fixes CVE-2023-4863 got closed because "We are aware.".</p>
Pierre Bourdon<p>"Note: To increase the safety of Mattermost users, specific details on security updates in Mattermost releases are announced 30 days after the availability of the update."</p><p>As a package maintainer: seriously, fuck off. No way of knowing whether they fixed a particular public vuln, because they don't even cross-ref pre-existing CVEs...</p><p>Your security theater practices are harming your users.</p>
eva<p>why are websites using supabase so god damn vulnerable all the time</p>
abadidea<p>Someone on GitHub is providing a medically-tuned LLM where the readme says “This is an open-source project with a mission to provide everyone their own private doctor” with absolutely no mention of the risks and limitations. AI Ethics grade: F-</p>
eva<p>why is bluesky just a copy of the fediverse??</p>
Justin Searls<p>Thanks Apple for my new email signature:</p><p>"Please do not reply this message to avoid starting a new interaction."</p>
mta<p>i open sourced my minecraft server scanner (it has its own tcp stack and other cool features) <a href="https://github.com/mat-1/matscan" rel="nofollow noopener" target="_blank">https://github.com/mat-1/matscan</a></p>
eva<p>petition to rename matrix meowtrix</p>
eva<p>i love it when matrix just randomly breaks and i have to send a message 2 times</p>
eva<p>why dont we all just meow until all our problems go away :3</p><p>meow meow</p>
eva<p>im unfollowing everyone who polluted my feed with glub i hate you all /hj</p>
evaramble, nitpick, firefish/calckey
asie<p><span>wait how did some band name a song after my existence<br><br></span><a href="https://www.youtube.com/watch?v=1GF7ji40k2A" rel="nofollow noopener" target="_blank">https://www.youtube.com/watch?v=1GF7ji40k2A</a></p>
Minecraft Malware Prevention Alliance<p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/minecraft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>minecraft</span></a> <a href="https://infosec.exchange/tags/modding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modding</span></a> </p><p>Heres our blogpost about a documentation issue leading to pretty convincing phishing attempts for minecraft accounts:<br><a href="https://blog.mmpa.info/posts/gasauth" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">blog.mmpa.info/posts/gasauth</span><span class="invisible"></span></a></p>
Minecraft Malware Prevention Alliance<p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/minecraft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>minecraft</span></a> <a href="https://infosec.exchange/tags/modding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modding</span></a> </p><p>Heres our blogpost about a critical RCE vulnerability in popular minecraft mods: <a href="https://blog.mmpa.info/posts/bleeding-pipe/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.mmpa.info/posts/bleeding-</span><span class="invisible">pipe/</span></a></p>
waylandlover20<p>it miiight be related to my multiple pull requests to a repository called "NotABackdoor", or my bio saying "go to my gitlab"</p>
Adrian Sampson<p>super sorry to the guy with the username @reset on GitHub, whom we keep accidentally sending email to when we talk about setting registers to zero <a href="https://github.com/cucapra/calyx/issues/1640#issuecomment-1652270808" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/cucapra/calyx/issue</span><span class="invisible">s/1640#issuecomment-1652270808</span></a></p>
eva<p>wow i want to fucking perish, on other news i sure hope theres no vulns in the ffxiv fanfest</p>
eva<p>cc: <span class="h-card" translate="no"><a href="https://coolmathgam.es/@notnite" class="u-url mention">@<span>notnite</span></a></span></p>
evano context
Essem :skeeter:<p>autistic people will really get bored one day and end up finding a vulnerability with a CVE score of 9.3</p>
eva<p>no context</p><p><span class="h-card" translate="no"><a href="https://coolmathgam.es/@notnite" class="u-url mention">@<span>notnite</span></a></span></p>
:maia:begpost, please boost