Dear vendors: the more irritating it is (for me) to download your software, the less likely I am to engage in coordinated disclosure when I find bugs.

Listen, bear spray DOES NOT work like bug spray. We would like to not have to say that again.

Oklahoma Department of Wildlife Conservation

Dried and powdered oyster mushrooms. Looks like they need another go in the dehydrator, get rid of the last of the moisture for storage. This shit is powdered flavour.

I'm not sure which I find worse about this image: The implications Or Their absolute dogshit groupings.

The BBC/Apple dinosaur series is very, very good.

Fucking lol

I'm gonna hand it to Yunus Aydın, you may disagree with their methods, but they certainly got everyone's undivided* attention. * For about five minutes, before infosec got distracted by some other shit that's probably less fundamentally important than supply chain security.

Scholz can shut the fuck up. We can just give Ukraine the place formerly occupied by the UK. Simples.

The liquid limit is among the most egregiously pointless, poorly thought out, completely lacking a threat model rules inflicted on us by the aviation security idiots during the US led global war on common sense.

Ok, this is fucking hilarious.

This was exploited as 0day. Mitel's advisory neglects to say so (cc Maddie Stone) mitel.com/en-ca/support/…

Yet again being infuriated by another writeup that uses "inclusion" instead of "disclosure" or "reading" in the context of local files. Unless the file content is evaluated, it's not file inclusion. It's file disclosure or file reading. Thanks for coming to my Ted talk.

When will Signal no longer require a phone number to use?

Today, we are dropping this repo github.com/star-sg/NotQui… Basically all the bugs in the repo are either ignored or not fixed at all even after vendors acknowledged We hope we will not need to drop in the future Today's bugs are brought to you by Daniel Lim

Adventures in disclosure lately: - well known security product vendor: crickets, no security contact, etc. - router vendor that also does firewalls: really responsive PSIRT, surprisingly good. - some other appliance manufacturer: actually directed me to their bug bounty page?!

Rumour has it you get a discount on the ransom if you subscribe to their SoundCloud.

Awesome work, using a symlink exploit in unrar to get pre-auth code exec on Zimbra (and as mentioned in the blog post, can be chained with one of my LPE's).