HackerLangs
TopNewTrendsCommentsPastAskShowJobs

mmsc

no profile record

Submissions

18 CVEs fixed in Curl 8.21.0

curl.se
3 points·by mmsc·17 ngày trước·0 comments

Meta Fixes Instagram AI Flaw Used in Account Takeovers

sqmagazine.co.uk
2 points·by mmsc·tháng trước·0 comments

[untitled]

1 points·by mmsc·tháng trước·0 comments

CVE-2026-42511 Breakdown: RCE in FreeBSD

aisle.com
28 points·by mmsc·2 tháng trước·1 comments

Finding and Fixing 24 CVEs in WeKan

aisle.com
1 points·by mmsc·2 tháng trước·0 comments

AISLE Discovers 38 CVEs in OpenEMR Healthcare Software

aisle.com
177 points·by mmsc·2 tháng trước·113 comments

System over Model: Zero-Day Discovery at the Jagged Frontier

aisle.com
3 points·by mmsc·3 tháng trước·0 comments

Wikipedia: AI or Not Quiz

en.wikipedia.org
2 points·by mmsc·4 tháng trước·0 comments

Aquasecurity/Trivy GitHub Repository and Homebrew Cask Compromised (again)

opensourcemalware.com
16 points·by mmsc·4 tháng trước·4 comments

Always 'Copy Clean Link' When Possible on Firefox, with UserChrome.css

joshua.hu
5 points·by mmsc·4 tháng trước·0 comments

CrackArmor: Multiple Vulnerabilities in AppArmor

cdn2.qualys.com
3 points·by mmsc·4 tháng trước·0 comments

Making Firefox's right-click not suck, more, with userChrome.css

joshua.hu
5 points·by mmsc·4 tháng trước·1 comments

Making Firefox's right-click not suck with about:config

joshua.hu
351 points·by mmsc·4 tháng trước·223 comments

Using Aisle to Find Vulnerabilities in Amazon's Crypto Stack: AWS-LC and S2n-TLS

aisle.com
2 points·by mmsc·4 tháng trước·0 comments

AISLE’s autonomous analyzer found all CVEs in the January OpenSSL release

aisle.com
197 points·by mmsc·5 tháng trước·130 comments

The end of the curl bug-bounty

daniel.haxx.se
17 points·by mmsc·6 tháng trước·0 comments

Investigating shared dictionaries and ChatGPT breakage in Firefox

joshua.hu
3 points·by mmsc·6 tháng trước·1 comments

Gixy-Next: Nginx Configuration Security and Hardening Scanner

gixy.io
3 points·by mmsc·6 tháng trước·0 comments

Iranian Censorship, Bypasses, Browser Extensions, and Proxies

joshua.hu
3 points·by mmsc·6 tháng trước·0 comments

comments

mmsc
·17 ngày trước·discuss
already exists: https://joshua.hu/comparing-redos-detection-tools. `recheck` and `redos-detector` are definitely the best. there's even an eslint plugin for the latter: https://github.com/tjenkinson/eslint-plugin-redos-detector
mmsc
·23 ngày trước·discuss
> Another month later, GitHub support sent me an email saying that they had removed these repositories.

I recently discovered a campaign where somebody was forking very small but useful codebases, and replacing the distributable with some malware, and making the repository have better SEO with changes to the README. My case was a simple macOS application that could be used to control some Phillips LED light strip.

I reported it to GitHub and it was removed within 24 hours.

I discovered another repository like this, and they still haven't replied since (one month).

No clue how their malware reports work. I'm surprised they don't partner with some antivirus company to at least scan "releases" for malware (not repositories themselves)
mmsc
·tháng trước·discuss
A missed opportunity to say you 'Fn' hate the Fn key :)
mmsc
·2 tháng trước·discuss
Aisle has hundreds of CVEs with publicly available models: https://aisle.com/wall-of-fame
mmsc
·2 tháng trước·discuss
https://codeberg.org/forgejo/governance/src/commit/5c07b3801...

> Failure to comply with these rules will be criticized publicly, and we reserve the right to no longer coordinate with you or your project in the future.

lol
mmsc
·3 tháng trước·discuss
How is that a scam? You don't get participation awards for solving half of a puzzle...
mmsc
·3 tháng trước·discuss
Unmaintained code is a security issue in of itself, so this is of course a net benefit.
mmsc
·3 tháng trước·discuss
The website of this blog and their connections listed are a sight to behold. I miss that version of the internet.
mmsc
·3 tháng trước·discuss
As long as it's not hydrofluoric acid...
mmsc
·3 tháng trước·discuss
> You say "works perfectly". I do not think it means what you think it means.

Copying some files from a different machine is not that burdensome. The point is, it works.
mmsc
·3 tháng trước·discuss
FreeBSD works perfectly on intel MacBooks if you've got one laying around: https://joshua.hu/FreeBSD-on-MacbookPro-114-A1398
mmsc
·3 tháng trước·discuss
> Also, a note to those who make fancy "[email protected]" addresses:

Just wait until one of these companies demands an email from the registered email address of your account!
mmsc
·4 tháng trước·discuss
Ah, finally catching up to ... The UK, Australia, Ireland, France, the Netherlands, and probably a lot more.
mmsc
·4 tháng trước·discuss


  こすり箸 Kosuribashi:
 To rub waribashi (disposable chopsticks) together to remove splinters.
I don't know about Japan, but everybody does this in Taiwan.
mmsc
·4 tháng trước·discuss
The offending commit seems to be: https://github.com/aquasecurity/trivy/commit/1885610c6a34811... which updates the action to `actions/checkout@70379aad1a8b40919ce8b382d3cd7d0315cde1d0 # v6.0.2`. https://github.com/actions/checkout/commit/70379aad1a8b40919... is not actually in `actions/checkout` but a fork, and it pulls malicious code from the typo-squatted "scan.aquasecurtiy.org" (note the _tiy_).

Any system with Trivy 0.69.4 on it (and being run) can be assumed to be compromised.
mmsc
·4 tháng trước·discuss
GitHub advertises itself as warning about those Unicode characters: https://github.blog/changelog/2025-05-01-github-now-provides...

Of course, it doesn't work though. I reported this to their bug bounty, they paid me a bounty, and told me "we won't be fixing it": https://joshua.hu/2025-bug-bounty-stories-fail#githubs-utf-f...

The exact quote is "Thanks for the submission! We have reviewed your report and validated your findings. After internally assessing your report based on factors including the complexity of successfully exploiting the vulnerability, the potential data and information exposure, as well as the systems and users that would be impacted, we have determined that they do not present a significant security risk to be eligible under our rewards structure." The funny thing is, they actually gave me $500 and a lifetime GitHub Pro for the submission.
mmsc
·4 tháng trước·discuss
Require dual sign off
mmsc
·4 tháng trước·discuss
> an LLM can ingest unstructured data and turn it into a feed.

An LLM can try to do that, yes. But LLMs are lossy compression. RSS feeds are accurate, predictable, and follow a pre-defined structure. Using LLMs to ingest data which can easily be turned into an parseable data structure seems strange: use the LLM to do the "next part" of the formula (comprehension, decision making, etc)

There is also LLMs.txt https://llmstxt.org/ eg https://joshua.hu/llms.txt / https://joshua.hu/llms-full.txt
mmsc
·4 tháng trước·discuss
https://paulgraham.com/disagree.html

Please consider reading.
mmsc
·4 tháng trước·discuss
It's cool that Mozilla updated https://www.mozilla.org/en-US/security/advisories/mfsa2026-1... because we were all wondering who had found 22 vulnerabilities in a single release (their findings were originally not attributed to anybody.)