kafrofrite
No user record in our sample, but kafrofrite has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
No user record in our sample, but kafrofrite has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
IIRC, around 2016 or so, Slack invited us in their office to pitch us the enterprise version and ask whether we would be interested in becoming one of their first enterprise customers. Among other requests, one…
I guess there's merit for that, especially if you are in a cloud environment. In a previous company, I decided to set up dnf/kpatch for VMs that we considered critical. At the time I had a healthy disregard for…
Please do share
It's probably not trivial to implement and there's already a bunch of problems that need solving (e.g., trusting keys etc.) but... I think that if we had some sort of lightweight code provenance (on top of my head…
The answer to your question is WebKit (because iOS), kernels (XNU, Linux, Windows) etc. In case you are not familiar with the domain I'd start with user-space exploitation and relevant write ups to get my feet wet.…
Most probably what Apple means is that since their codebase is shared, the vulnerability exists across devices. This does not mean that the vulnerability is actively exploited in iOS nor that it will not be actively…
> Has this happened before? That iPhones had a security hole that could be exploited over the web? Yes, there were exploits in the past that could be exploited remotely, including some that were used for jailbreaking.
I work as a security engineer and, yes, the CT logs are extremely useful not only for identifying new targets the moment you get a certificate but also for identifying patterns in naming your infra (e.g., dev-* etc.). A…
IIRC, in [1] it mentioned a few examples of AI that exhibited the same bias that is currently present in the judicial system, banks etc. [1] https://en.wikipedia.org/wiki/Weapons_of_Math_Destruction
I'm not a fan of Windows but Stuxnet didn't happen because of Windows. Iran decided to spin up a nuclear program and Israel and the US had concerns and wanted to stop it. They had the resources to develop something…
I'll try my best to explain everything (trying to avoid too much security lingo, hopefully). A password manager is a big database of passwords. There is a master password that decrypts the database and from there you…
Most providers had a semi-automated process that granted you permission to conduct your pentest (assuming you'd share any findings reg. their infra with them). In reality though, most of the findings didn't come from…
Reminded me of a funny story. Maybe a decade ago, when moving to the cloud was all the rage, my then employer decided to check whether the cloud was any good. Long story short, he asked me to conduct penetration tests…
IIRC, Intel announced about a year later plans to develop something similar. That being said, at the time they didn't have a specific timeline.
> I don't think OS becomes any less vulnerable than usual Linux/Windows installation. is not a good enough argument. For the story, SIP is Apple's "rootless". Effectively the OS runs with less privileges than root.…
DEP is a Windows implementation of a non-executable stack, i.e., memory permissions that do not allow execution on specific pages. Depending on the situation, an attacker can e.g., mmap() a new page with the execute…
My two cents reg. this. Creating backdoors that allow encryption schemes to be subverted is _fundamentally_ going to cause harm on the internet, and eventually fail the weakest users/those that need privacy/security the…
In the above he's mentioning that Privacy features like user-agent reduction, IP reduction, preventing cross- site storage, and fingerprint randomization make it more difficult to distinguish or reidentify individual…
Uh the joys of PHP's type juggling. Fairly sure this bug is still present in many systems.
You can target co-processors in general, e.g., here [1], thus I assume people do hack GPUs. Generally, the better we become in introducing mitigations, the more expensive attacks become and attackers have bosses,…
We actually have two libraries in the office :) The first library has, for the biggest part, engineering books. Everyone can order books and everyone can borrow them. Most modern books also exist internally as e-books…
> I like that they suggest better solutions I didn't think of. Although I don't write code full-time, when I do this is the part I enjoy more. People reviewing my code and coming up with better solutions on that same…
For what it's worth, Meta offered me slightly after the hiring freeze was announced for a security engineer position (L4 IIRC). I'm interviewing with Google for Security Engineering as well and still they haven't told…
Just adding to your comment, there is some VX activity here https://www.vx-underground.org/. Some fun stuff still takes place in game hacking and jailbreaking (whether iOS devices or consoles).
There's some theoretical background on how collision functions work. Generally, the assumption is that the hashing functions in cryptography meet the following: - Each input can be quickly converted to a digest (hash).…