B'ad Samurai 🐐🇺🇦Jan 29

Self-inflicted URL/domain typo Coffee Table book forthcoming.

Org: Mattel
Typo: Porn domain printed on toy packaging

https://www.boredpanda.com/mattel-accidentally-puts-url-to-adult-site-on-back-of-wicked-dolls/

Org: Washington State Dept. of Transportation
Typo: Missing space leads to anti-ICE activism.

https://www.reddit.com/r/SeattleWA/s/Wtovq1m0Ld

Org: Philadelphia Government
Typo: Missing letter on URL shortener leads to porn domain

https://cyberplace.social/@GossiTheDog/115968425821225508

#dns #typo #footguns

“Hard To Believe That’s An Accident”: Toy Company’s Adult Website Address Blunder Goes Viral

“I just checked my Mattel boxes and they also have the same website - that’s crazy!”. Celebrities, Entertainment, Movies & tv

Bored Panda
wowiamreallyamazed🍉️Dec 13
Zig needs to add a hard copiler error for using spaces for indentation instead of tabs, because it is a #footgun to use a non-flexible indentation, and also for writing too many comments in one place because if you can't read the code to understand, you already have too many #footguns , and you are a bad programmer, and you have to stop programming, as we have stated in zig zen "Focus on code rather than style.
", this is not about style. #zig #ziglang #Zigtools #programming #codestyle
Gabriel NNov 18

ugh, in 30 minutes I have seen 35 people expose their .git folder using tailscale funnel

and that was a quick poc, I think I'm only watching one of the CT firehoses

in reality it's probably worse

@danderson , if still have contacts there

I think funnel is a really dangerous footgun which should come with a big warning that whatever you expose will get scanned from the internet immediately

I recall there was a banner in the documentation, but it should be in BIG RED letters when running it

I intentionally only did HEAD requests, but when I exposed my little test server I immediately saw GET requests for .git/config

I assume next step is that they come for .git/HEAD and then pull down everything...

#tailscale #footguns

Hacker NewsJun 21, 2025

Unexpected security footguns in Go's parsers

https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/

#HackerNews #Unexpected #security #footguns #in #parsers #security #GoLang #programming #cybersecurity #softwaredevelopment

Unexpected security footguns in Go's parsers

File parsers in Go contain unexpected behaviors that can lead to serious security vulnerabilities. This post examines how JSON, XML, and YAML parsers in Go handle edge cases in ways that have repeatedly resulted in high-impact security issues in production systems. We explore three real-world attack scenarios: marshaling/unmarshaling unexpected data, exploiting parser differentials, and leveraging data format confusion. Through examples, we demonstrate how attackers can bypass authentication, circumvent authorization controls, and exfiltrate sensitive data by exploiting these parser behaviors.

The Trail of Bits Blog
robrichNov 8, 2023
https://noyaml.com/ - #YAML has lots of #FootGuns - e.g. it's easy to make mistakes by accident. Great site with lots of puns and wisdom https://linkedin.com/in/geoffreyhuntley.
🚨🚨 That's a lot of YAML 🚨🚨

Show threadurigMay 8, 2023

If I could have things my way, I would change MySQL to let users "fall into the pit of success". I.e., I would make it throw an error on both examples.

An INNER JOIN doesn't make any sense without an ON clause much the same way a CROSS JOIN with one makes no sense.

Sometimes throwing an error is the best thing you can do for your users.

#footguns