frogsRnice
No user record in our sample, but frogsRnice has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
No user record in our sample, but frogsRnice has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
Sure - but people are still free to decide where they draw the line. Each extra bit of software is an additional attack surface after all
You all do amazing work, hope I can boast the same someday - or even 50% of it ;) Seriously, you are my heroes!
Imo its not just crypto- a lot of their reports are enlightening to read
It absolutely does
It could be pulling these resources over http ;) Edit: Whoops sorry, morning fog
Unrelated; I just wanted to say that I learned programming from your socket tutorials when I was a kid. Everything was so well written that I used it from highschool, to varsity to my day2day job. Without your tutorials…
At some point someone needs to take responsibility for allowing modification of environment variables via something dumb like http. Debugging interfaces are fine- we should expect more from developers.
No you misunderstand- it is super simple to pay some other company a small amount to do this for you. No complexity to worry about what so ever. And if things require even a slim amount of thought and planning - chuck…
Yeah I agree- I think the time spent verifying should vary based on the complexity and sensitivity of what you are looking at, but you never really get away from it. I think my issue with LLMs is moreso aimed at people…
As opposed to wondering if the llm is hallucinating? You have to expend a mental effort to think about your solutions anyway; I guess it’s pick your poison really.
My main gripe is that if someone finds a vulnerability that gives you a list of urls the model falls apart. I’ve seen this happen in organisations :/ But agree with your statement here and others about the lifetime of…
I guess were talking about optimising tail recursion. Would there be any reason to refer to a tail call other than that optimisation? I’ll do some reading on the latter part of your post, thank you!
Would you not have to use a jump instead of call for it to be a tail call at all- ie otherwise a new frame is created on each call
frida is an amazing tool - it has empowered me to do things that would have otherwise took weeks or even months. This video is a little old, but the creator is also cracked https://www.youtube.com/watch?v=CLpW1tZCblo…
I work in the security space and fell victim to an internal campaign as they sent a very enticing looking email at a point where I was on leave and my grandfather just passed. You simply cannot know what mindset youll…
Fair enough on the device compromise point, that said the implementation is still terrible and illustrates what I would be worried about- Maybe more succinctly put, how a credential is initially enrolled, managed and…
Ive also seen some pretty terrible implementations that don’t even allow end users to manage enrolled devices; so if someone steals your authenticator they have access to your account indefinitely. Personally I like the…
Making a website about it benefits other people; finding the vulnerability helps other people; even if its 10%, why can’t someone else do it? Surely someone doing all this would already have submitted a patch if they…
Don’t necessarily agree that selling hacks is ethical, but if I already spent time figuring out how to exploit a system - reporting it to the relevant place is charity. Ill do that, but Im definitely not spending time…
A vpn (that you trust) would certainly help a little, but in the above case the connection can still be mitmed from the vpn server to the application backend Edit: I would for my personal devices, unless I knew the app…
Haha thats terrifying! I was just trying to point out that assuming that apps do this correctly is a bad idea; but my experience echoes yours, its a common mistake - even just browsing stack overflow people give some…
There have been cases of applications not performing chain validation - see the paper Spinner: semi automatic detection of pinning without hostname verification (in particular page 8) While it may be paranoid, there are…
Interesting how tastes can vary, I’ve not used visual studio as much but always dread it when I’m forced to. CLion’s debugger has been fine for my uses, although the best debugging experience I’ve ever had was emacs and…
Pinning is very complex, there is always the chance that you forget to update the pins and perform a denial of service against your own users. At the point where the device itself is compromised, you can’t really assert…