bolo @bolo@mastodon.bida.im

EDIT: The position has been filled! Thanks, all!

We at Red Queen Dynamics have an opening for a #Django/#Python web application #developer (full time, contract, 100% #remote/flexible, emphasis on front end and SaaS applications). https://rqdn.io/web-application-developer. Reports directly to me, and you get to work with a great and fun team! Either respond to the JD as requested in the URL or email me at tarah@rqdn.io with the 18th and 34th post-decimal digits of #pi as the first two characters in the subject line and I'll review your resume/#Github first 😉

#infosec #infosecjobs #cybersecurity #hiring

Gianni Minà su Radio Onda Rossa https://www.ondarossa.info/redazionali/2023/03/gianni-mina-radio-onda-rossa

🔥💞✊

"Exploiting aCropalypse: Recovering Truncated PNGs"

My writeup on exploiting CVE-2023-21036 (un-cropping Android screenshots!)

https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at https://acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

tra i contributi ad altravista https://grafton9.net/altravista/ ne abbiamo trovato uno particolare: guardate un pò chi guardava ECN nel lontano 2001

https://web.archive.org/web/20020129134410/http://www.geocities.com/fylosofya/marx.htm

#USA 2023: Mehrere bekennende #Neonaz|is, „#WhiteLivesMatter“, #ProudBoys, #PatriotFront und Konservative, protestierten heute in einem öffentlichen Park in #Wadsworth, #Ohio. §86 StGB Berichterstattung frei.

I remember warning all my white friends in 2016 that Nazism was our future. They all thought I was crazy and told me to "take a break" from all of that "political stuff."

Anyways, 7 years later: we're having weekly Nazi rallies and the Republican Party announced a Holocaust against transgender and non-binary people last week, while Nick Fuentes announced one against Jewish people. This footage of armed Nazis in uniform is from Ohio at a drag show— happening RIGHT NOW.

🔗: https://twitter.com/FordFischer/status/1634647746811506689?s=19

We just pre-released our interview with Mixael Laufer of #FourThievesVinegar collective about DIY, #OpenSource medicine & medical technology, "doing your own research", abortificants, long covid + a whole lot more.
Our patreon ( https://patreon.com/tfsr ) covers the transcription of our weekly episodes & occasional early-releases are available for as low as $3/month.
Everyone else will get this episode this coming Sunday.

PSA: If you use #Veeam Backup & Replication (very common), upgrade. Especially if you face server to internet.

Screenshot from Code White, the API lets you remotely request Windows admin credentials for some reason, no auth request.

In their advisory Veeam claimed these are encrypted... it's base64 (lololol)

#CVE202327532 https://www.veeam.com/kb4424

LPE #exploit for CVE-2023-21768 (#Windows Ancillary Function Driver for WinSock Elevation of Privilege #Vulnerability)

// by @chompie1337 and @FuzzySec

https://github.com/xforcered/Windows_LPE_AFD_CVE-2023-21768

Releasing a Windows 11 LPE exploit by @FuzzySec
and I. Exploits CVE-2023-21768, a vuln in afd.sys. Blog post soon!
https://github.com/xforcered/Windows_LPE_AFD_CVE-2023-21768

Demo:
https://www.youtube.com/watch?v=M3IPsKAsxvQ

[23-03-07] Ofpcina @ Camere d'Aria https://balotta.org/event/ofpcina-2 #[objectSequelizeInstance:tag]

Le grandi aziende continuano a licenziare in massa nonostante decenni di profitti record.

Pagano enormi stipendi e bonus ai già ricchissimi super manager e non si fanno problemi a licenziare lavoratori per fare più profitti.

Ho raccolto alcune notizie degli ultimi giorni🧵