Oletko #Vastaamon uhri? Haluatko kirjoittaa kokemuksistasi? Tässä on sinulle mahdollisuus: services.fsd.tuni.fi/penna/vastaamo…

Security Researcher Alexander Hagenah has developed a proof-of-concept which programmatically extracts data out of Microsoft Recall Microsoft said it would be safe, but as is tradition, it was beaten with a stick before it was even fully deployed github.com/xaitax/TotalRe…

Tämä #vaalitentti on taas yhtä suurta huutoa ja melskettä. Pakko pistää telkkari kiinni, ei kestä.

Check out our friend hisvault.eth here, who is totally not a bot. GRU needs to insert more coin into OpenAI it seems? Also, an interesting translation 🤔 Security - you are seeing this? Not sure if this is legit, but I guess it wouldn't hurt to check?

This is a really interesting vulnerability, but *the Internet is not on fire.* Please read the actual advisory before spreading FUD. If you can't understand the original advisory, please get someone to explain it to you. In short, the exploit has only been proven against x86

Kuka hilloaa Helsingin kaupunkipyöriä ja missä? Kolmen jälkeen Käpylä - 0 pyörää. Pasilan asema - piti olla 2, todellisuus 0. Ruoholahden metro - 0.

Regarding the SSH bug 1) First OpenSSH vuln discovered in almost 20 years - wow 2) Bug was (re)introduced almost 4 years ago. So remote root in OpenSSH for 4 years and nobody found it? 3) Exploit takes hours/days to run. Watch your logs!

Okay, after finally reading/puzzling through CrowdStrike's Root Cause Analysis (the way the 20 vs 21 inputs thing actually worked is confusing as hell) I can empathize a bit more with CS's people. And I finally think I can explain what happened here in layman's terms: 🧵

Much security... 😂

Hyvin sä vedät, Telia Finland, tiketti ei ehtinyt täyttää edes vuotta! En ymmärrä miksi kukaan firma lähtisi #Telia asiakkaaksi. Kyse ei ollut liittymistä, vaan muista IT-palveluista.

Päivän UX #fail - palautan nettiostospaketin. Teen palautusilmoituksen, valitsen automaatin, saan Helposti-koodin. Automaagilla painan "Paketin palautus" mutta koodi ei kelpaa. Soitan helppariin. Selviää että olisi pitänyt painaa "Paketin lähetys", jossa Helposti-koodi kelpaa.

It is amazing how the industry came together to invent a universal USB-C connector and then decided to instead make it all a giant mess.

Sigh, they should have known better.

#EU:ssa esillä oleva lainsäädäntöehdotus lasten hyväksikäyttöä sisältävän #CSAM materiaalin kitkemiseksi on tavoitteeltaan hyvä, mutta nyt on valittu väärät keinot. Suomen on ehdottomasti vastustettava tätä. yle.fi/a/74-20115616

Friendly reminder I have created what I (non-humbly) consider the greatest SQL injection cheatsheet of all time: tib3rius.com/sqli Unlike others, it contains payloads for 5 main database variants, and doesn't use weird quote chars (IYKYK 👀).

As much as I like PortSwigger #BurpPro the new API scan is a joke. One can't deselect parameters for scanning, as you do for endpoints, nor can one give any static parameter strings (for example, dates or valid object ids). The value of 404/403 returns isn't great, GIGO.

I'm talking at a conference later this year (on UX+AI). I just saw an ad for the conference with my photo and was like, wait, that doesn't look right. Is my bra showing in my profile pic and I've never noticed...? That's weird. I open my original photo. No bra showing. I put

Apple decided that the CVE-2022–46723 Calendar Arbitrary File Write vuln did not deserve a bounty because it only affected macOS Monterey, and Ventura was already in the beta phase and did not have this issue, even though Monterey was still the latest version in production. (1/x)

Last week, I fell victim to a sophisticated social engineering scam and ended up downloading a trojan. 😔 I feel stupid, but I'm sharing this so you'll be more cautious and vigilant, especially when you're in a hurry. 🧵👇