Tired of S3 buckets getting created as public? I put together a Python script that can go into a Lambda function that closes them. I've found this helpful for environments where S3 buckets don't need to be public within an AWS account. #AWS github.com/hackersifu/s3l…

I'm assuming the lack of follow up form Keybase means I can chat about the issue I reported to them that they don't think is a big deal. I'm gonna have to write this one up

After some peer discussion, I've decided to follow Google's timeline for disclosure of vulnerabilities being publicly exploited in the wild, which is 7 days. I have the advisory written up and will disclose on November 20th, unless Keybase wishes to engage further

$iot->burn($garbage); # Periodic reminder that IOT is terrible. Reversing a phone firmware, after unpacking the proprietary blob I find a bug that was previously reported 4 years ago. Tracking the supply chain, I am now 3 deep. We need software BOMs and reproducible builds ASAP

Summary: ✅Yes PoC helps bad people do bad things faster ✅Defenders need the PoC more than the attackers do, even though both sides are helped by its release ✅Giving defenders even slight edges over the majority of criminal attackers is net good ✨Non disclosure is far worse

I wanted to fully test this “Responsible Disclosure” theory so I submitted a one click RCE in Microsoft Teams to #msrc on Sep 01, 2018. It is still open. The disclosure policy of Tavis Ormandy and others gets bugs fixed. This does not.

Linux ProTip: sysctl -a | grep rp_filter If any values are 2, you may be vulnerable to hijacked VPN(OpenVPN/IPSec/Wireguard/etc) tunnels. Set rp_filter to 1 please. Ref: CVE-2019-14899 #stayfrosty #linux #vpn #security #networks

It’s a poorly kept secret that some great Android 0days come from upstream patches. CVE fixes in mainline don’t always make it into Android, so it’s free vuln research.

There's a "security.txt" proposal to IETF (the RFC ppl) for a robots.txt-like way for researchers to contact website owners about vulns. Comment needed ASAP, and anybody can comment via email! Personally I'm for security.txt (RFC 9116). Make vuln reporting easier! mailarchive.ietf.org/arch/msg/ietf-…

Bug bounty reports be like: I've got arbitrary vibration execution on any cell phones if I know as little as a phone number

And @cvenew is still publishing IDs that do not have provenance of the vulnerability. This should be a serious concern to anyone that works with vulnerability intelligence.

If you are depressed this Christmas, just remember that one inebriated developer committed the heartbleed vulnerability to OpenSSL during their festivities, always check those late at night new year's eve open-source commits!

Dept Homeland Security Pitches Cyber Vulnerability Disclosure Policy - bit.ly/2tZKbly

"The products saturating our lives are released in the worst, most broken, untested, and often dangerously flawed forms imaginable. Think Skynet, but a dumbass."

At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes): googleprojectzero.blogspot.com/2020/01/policy…

The new RCE in Citrix is... a directory traversal?! Goddammit people. Will you ever learn? 😥

Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws ow.ly/wGef50xYyFz by Rob Lemos (@roblemos just about everywhere) #Oracle #patching #vulnerabilities #software

Dmitry Vyukov "modest estimation, syzkaller have found more than 1000 security vulnerabilities"

Some of the most egregious findings from a study of the world's 100 largest airports: ▪️100% of the mobile apps contain at least five external software frameworks. ▪️100% of the mobile apps contain at least two vulnerabilities. scmagazine.com/home/security-…

this maybe the worst modern paper on the subject of vulnerabilities and cyber norms cfr.org/blog/three-mea…