HackerTrans
トップ新着トレンドコメント過去質問紹介求人

mmsc

no profile record

投稿

18 CVEs fixed in Curl 8.21.0

curl.se
3 ポイント·投稿者 mmsc·17 日前·0 コメント

Meta Fixes Instagram AI Flaw Used in Account Takeovers

sqmagazine.co.uk
2 ポイント·投稿者 mmsc·先月·0 コメント

[untitled]

1 ポイント·投稿者 mmsc·先月·0 コメント

CVE-2026-42511 Breakdown: RCE in FreeBSD

aisle.com
28 ポイント·投稿者 mmsc·2 か月前·1 コメント

Finding and Fixing 24 CVEs in WeKan

aisle.com
1 ポイント·投稿者 mmsc·2 か月前·0 コメント

AISLE Discovers 38 CVEs in OpenEMR Healthcare Software

aisle.com
177 ポイント·投稿者 mmsc·2 か月前·113 コメント

System over Model: Zero-Day Discovery at the Jagged Frontier

aisle.com
3 ポイント·投稿者 mmsc·3 か月前·0 コメント

Wikipedia: AI or Not Quiz

en.wikipedia.org
2 ポイント·投稿者 mmsc·4 か月前·0 コメント

Aquasecurity/Trivy GitHub Repository and Homebrew Cask Compromised (again)

opensourcemalware.com
16 ポイント·投稿者 mmsc·4 か月前·4 コメント

Always 'Copy Clean Link' When Possible on Firefox, with UserChrome.css

joshua.hu
5 ポイント·投稿者 mmsc·4 か月前·0 コメント

CrackArmor: Multiple Vulnerabilities in AppArmor

cdn2.qualys.com
3 ポイント·投稿者 mmsc·4 か月前·0 コメント

Making Firefox's right-click not suck, more, with userChrome.css

joshua.hu
5 ポイント·投稿者 mmsc·4 か月前·1 コメント

Making Firefox's right-click not suck with about:config

joshua.hu
351 ポイント·投稿者 mmsc·4 か月前·223 コメント

Using Aisle to Find Vulnerabilities in Amazon's Crypto Stack: AWS-LC and S2n-TLS

aisle.com
2 ポイント·投稿者 mmsc·4 か月前·0 コメント

AISLE’s autonomous analyzer found all CVEs in the January OpenSSL release

aisle.com
197 ポイント·投稿者 mmsc·5 か月前·130 コメント

The end of the curl bug-bounty

daniel.haxx.se
17 ポイント·投稿者 mmsc·6 か月前·0 コメント

Investigating shared dictionaries and ChatGPT breakage in Firefox

joshua.hu
3 ポイント·投稿者 mmsc·6 か月前·1 コメント

Gixy-Next: Nginx Configuration Security and Hardening Scanner

gixy.io
3 ポイント·投稿者 mmsc·6 か月前·0 コメント

Iranian Censorship, Bypasses, Browser Extensions, and Proxies

joshua.hu
3 ポイント·投稿者 mmsc·6 か月前·0 コメント

コメント

mmsc
·17 日前·議論
already exists: https://joshua.hu/comparing-redos-detection-tools. `recheck` and `redos-detector` are definitely the best. there's even an eslint plugin for the latter: https://github.com/tjenkinson/eslint-plugin-redos-detector
mmsc
·23 日前·議論
> Another month later, GitHub support sent me an email saying that they had removed these repositories.

I recently discovered a campaign where somebody was forking very small but useful codebases, and replacing the distributable with some malware, and making the repository have better SEO with changes to the README. My case was a simple macOS application that could be used to control some Phillips LED light strip.

I reported it to GitHub and it was removed within 24 hours.

I discovered another repository like this, and they still haven't replied since (one month).

No clue how their malware reports work. I'm surprised they don't partner with some antivirus company to at least scan "releases" for malware (not repositories themselves)
mmsc
·先月·議論
A missed opportunity to say you 'Fn' hate the Fn key :)
mmsc
·2 か月前·議論
Aisle has hundreds of CVEs with publicly available models: https://aisle.com/wall-of-fame
mmsc
·2 か月前·議論
https://codeberg.org/forgejo/governance/src/commit/5c07b3801...

> Failure to comply with these rules will be criticized publicly, and we reserve the right to no longer coordinate with you or your project in the future.

lol
mmsc
·3 か月前·議論
How is that a scam? You don't get participation awards for solving half of a puzzle...
mmsc
·3 か月前·議論
Unmaintained code is a security issue in of itself, so this is of course a net benefit.
mmsc
·3 か月前·議論
The website of this blog and their connections listed are a sight to behold. I miss that version of the internet.
mmsc
·3 か月前·議論
As long as it's not hydrofluoric acid...
mmsc
·3 か月前·議論
> You say "works perfectly". I do not think it means what you think it means.

Copying some files from a different machine is not that burdensome. The point is, it works.
mmsc
·3 か月前·議論
FreeBSD works perfectly on intel MacBooks if you've got one laying around: https://joshua.hu/FreeBSD-on-MacbookPro-114-A1398
mmsc
·3 か月前·議論
> Also, a note to those who make fancy "[email protected]" addresses:

Just wait until one of these companies demands an email from the registered email address of your account!
mmsc
·4 か月前·議論
Ah, finally catching up to ... The UK, Australia, Ireland, France, the Netherlands, and probably a lot more.
mmsc
·4 か月前·議論


  こすり箸 Kosuribashi:
 To rub waribashi (disposable chopsticks) together to remove splinters.
I don't know about Japan, but everybody does this in Taiwan.
mmsc
·4 か月前·議論
The offending commit seems to be: https://github.com/aquasecurity/trivy/commit/1885610c6a34811... which updates the action to `actions/checkout@70379aad1a8b40919ce8b382d3cd7d0315cde1d0 # v6.0.2`. https://github.com/actions/checkout/commit/70379aad1a8b40919... is not actually in `actions/checkout` but a fork, and it pulls malicious code from the typo-squatted "scan.aquasecurtiy.org" (note the _tiy_).

Any system with Trivy 0.69.4 on it (and being run) can be assumed to be compromised.
mmsc
·4 か月前·議論
GitHub advertises itself as warning about those Unicode characters: https://github.blog/changelog/2025-05-01-github-now-provides...

Of course, it doesn't work though. I reported this to their bug bounty, they paid me a bounty, and told me "we won't be fixing it": https://joshua.hu/2025-bug-bounty-stories-fail#githubs-utf-f...

The exact quote is "Thanks for the submission! We have reviewed your report and validated your findings. After internally assessing your report based on factors including the complexity of successfully exploiting the vulnerability, the potential data and information exposure, as well as the systems and users that would be impacted, we have determined that they do not present a significant security risk to be eligible under our rewards structure." The funny thing is, they actually gave me $500 and a lifetime GitHub Pro for the submission.
mmsc
·4 か月前·議論
Require dual sign off
mmsc
·4 か月前·議論
> an LLM can ingest unstructured data and turn it into a feed.

An LLM can try to do that, yes. But LLMs are lossy compression. RSS feeds are accurate, predictable, and follow a pre-defined structure. Using LLMs to ingest data which can easily be turned into an parseable data structure seems strange: use the LLM to do the "next part" of the formula (comprehension, decision making, etc)

There is also LLMs.txt https://llmstxt.org/ eg https://joshua.hu/llms.txt / https://joshua.hu/llms-full.txt
mmsc
·4 か月前·議論
https://paulgraham.com/disagree.html

Please consider reading.
mmsc
·4 か月前·議論
It's cool that Mozilla updated https://www.mozilla.org/en-US/security/advisories/mfsa2026-1... because we were all wondering who had found 22 vulnerabilities in a single release (their findings were originally not attributed to anybody.)