LadyBug 🐞 (@leaviljanen) 's Twitter Profile
LadyBug 🐞

@leaviljanen

Full stack cybersecurity at lavsecurity.fi and #bugbounty @hackrfi . Occasional medievalist. Tweets EN & FI. She/her. Started to move to other platforms.

ID: 262826768

calendar_today08-03-2011 21:01:28

6,6K Tweet

998 Followers

750 Following

LadyBug 🐞 (@leaviljanen) 's Twitter Profile Photo

Oletko #Vastaamon uhri? Haluatko kirjoittaa kokemuksistasi? Tässä on sinulle mahdollisuus: services.fsd.tuni.fi/penna/vastaamo…

vx-underground (@vxunderground) 's Twitter Profile Photo

Security Researcher Alexander Hagenah has developed a proof-of-concept which programmatically extracts data out of Microsoft Recall Microsoft said it would be safe, but as is tradition, it was beaten with a stick before it was even fully deployed github.com/xaitax/TotalRe…

Matthias Fischer (@mfi82) 's Twitter Profile Photo

Check out our friend hisvault.eth here, who is totally not a bot. GRU needs to insert more coin into OpenAI it seems? Also, an interesting translation 🤔 Security - you are seeing this? Not sure if this is legit, but I guess it wouldn't hurt to check?

Check out our friend <a href="/hisvault_eth/">hisvault.eth</a> here, who is totally not a bot. 

GRU needs to insert more coin into <a href="/OpenAI/">OpenAI</a> it seems?

Also, an interesting translation 🤔

<a href="/XSecurity/">Security</a> - you are seeing this? Not sure if this is legit, but I guess it wouldn't hurt to check?
Jake Williams (@malwarejake) 's Twitter Profile Photo

This is a really interesting vulnerability, but *the Internet is not on fire.* Please read the actual advisory before spreading FUD. If you can't understand the original advisory, please get someone to explain it to you. In short, the exploit has only been proven against x86

LadyBug 🐞 (@leaviljanen) 's Twitter Profile Photo

Kuka hilloaa Helsingin kaupunkipyöriä ja missä? Kolmen jälkeen Käpylä - 0 pyörää. Pasilan asema - piti olla 2, todellisuus 0. Ruoholahden metro - 0.

Charlie Miller (@0xcharlie) 's Twitter Profile Photo

Regarding the SSH bug 1) First OpenSSH vuln discovered in almost 20 years - wow 2) Bug was (re)introduced almost 4 years ago. So remote root in OpenSSH for 4 years and nobody found it? 3) Exploit takes hours/days to run. Watch your logs!

Brian in Pittsburgh (@arekfurt) 's Twitter Profile Photo

Okay, after finally reading/puzzling through CrowdStrike's Root Cause Analysis (the way the 20 vs 21 inputs thing actually worked is confusing as hell) I can empathize a bit more with CS's people. And I finally think I can explain what happened here in layman's terms: 🧵

LadyBug 🐞 (@leaviljanen) 's Twitter Profile Photo

Hyvin sä vedät, Telia Finland, tiketti ei ehtinyt täyttää edes vuotta! En ymmärrä miksi kukaan firma lähtisi #Telia asiakkaaksi. Kyse ei ollut liittymistä, vaan muista IT-palveluista.

Hyvin sä vedät, <a href="/teliafinland/">Telia Finland</a>, tiketti ei ehtinyt täyttää edes vuotta!  En ymmärrä miksi kukaan firma lähtisi #Telia asiakkaaksi. Kyse ei ollut liittymistä, vaan muista IT-palveluista.
LadyBug 🐞 (@leaviljanen) 's Twitter Profile Photo

Päivän UX #fail - palautan nettiostospaketin. Teen palautusilmoituksen, valitsen automaatin, saan Helposti-koodin. Automaagilla painan "Paketin palautus" mutta koodi ei kelpaa. Soitan helppariin. Selviää että olisi pitänyt painaa "Paketin lähetys", jossa Helposti-koodi kelpaa.

Ethan Mollick (@emollick) 's Twitter Profile Photo

It is amazing how the industry came together to invent a universal USB-C connector and then decided to instead make it all a giant mess.

It is amazing how the industry came together to invent a universal USB-C connector and then decided to instead make it all a giant mess.
LadyBug 🐞 (@leaviljanen) 's Twitter Profile Photo

#EU:ssa esillä oleva lainsäädäntöehdotus lasten hyväksikäyttöä sisältävän #CSAM materiaalin kitkemiseksi on tavoitteeltaan hyvä, mutta nyt on valittu väärät keinot. Suomen on ehdottomasti vastustettava tätä. yle.fi/a/74-20115616

Tib3rius (@0xtib3rius) 's Twitter Profile Photo

Friendly reminder I have created what I (non-humbly) consider the greatest SQL injection cheatsheet of all time: tib3rius.com/sqli Unlike others, it contains payloads for 5 main database variants, and doesn't use weird quote chars (IYKYK 👀).

LadyBug 🐞 (@leaviljanen) 's Twitter Profile Photo

As much as I like PortSwigger #BurpPro the new API scan is a joke. One can't deselect parameters for scanning, as you do for endpoints, nor can one give any static parameter strings (for example, dates or valid object ids). The value of 404/403 returns isn't great, GIGO.

Elizabeth Laraki (@elizlaraki) 's Twitter Profile Photo

I'm talking at a conference later this year (on UX+AI). I just saw an ad for the conference with my photo and was like, wait, that doesn't look right. Is my bra showing in my profile pic and I've never noticed...? That's weird. I open my original photo. No bra showing. I put

I'm talking at a conference later this year (on UX+AI).

I just saw an ad for the conference with my photo and was like, wait, that doesn't look right.

Is my bra showing in my profile pic and I've never noticed...? That's weird.

I open my original photo.
No bra showing.

I put
Mikko Kenttälä (@turmio_) 's Twitter Profile Photo

Apple decided that the CVE-2022–46723 Calendar Arbitrary File Write vuln did not deserve a bounty because it only affected macOS Monterey, and Ventura was already in the beta phase and did not have this issue, even though Monterey was still the latest version in production. (1/x)

Avishay Yanai (@avishaiy) 's Twitter Profile Photo

Last week, I fell victim to a sophisticated social engineering scam and ended up downloading a trojan. 😔 I feel stupid, but I'm sharing this so you'll be more cautious and vigilant, especially when you're in a hurry. 🧵👇