Software Engineer. Security Researcher. Puerto Rican 🇵🇷. New Yorker. Bilingual. LG(B)TQ 🏳️🌈. He/him.
Focused on browser research. Glad to collaborate.
Website: https://AlesandroOrtiz.com
(Header 📷: roriv3ra on IG)
| Website | https://AlesandroOrtiz.com |
| Location | Queens, NY / Puerto Rico |
| Infrequent Newsletter | https://AlesandroOrtiz.com/subscribe |
| Twitter (unused) | https://twitter.com/AlesandroOrtizR |
Great research by @tuckner about Mellowtel, a company that sells bandwidth of extension users: https://secureannex.com/blog/mellow-drama/
It allows a surprising amount of functionality, including many which can be abused by bad actors. Mellowtel is also associated with other entities, such as Olostep and some self-developed extensions.
This week at Google bugSWAT/0x0g and DEF CON has been reinvigorating on so many levels.
Meeting so many incredible Latinx and queer people, meeting/reconnecting with some of the best hackers in the world, personally thanking many of them for inspiring me to do security research, and sharing our common struggles in infosec and personal lives has been incredibly healing. They're all so generous with their kindness and I feel so lucky to be in this community.
If I've talked to you this week for 5 mins or an hour, you're in this group and I'm so grateful to have crossed paths with you.
I found a Linux kernel security bug (in AF_UNIX) and decided to write a kernel exploit for it that can go straight from "attacker can run arbitrary native code in a seccomp-sandboxed Chrome renderer" to kernel compromise:
https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html
This post includes fun things like:
Pepijn
tuckner
Jann HornCONFIG_RANDOMIZE_KSTACK_OFFSET as an exploitation aidsched_getcpu() usable inside Chrome renderers despite getcpu being blocked by seccomp (thanks to vDSO)I'm in Vegas for DEF CON and Google 0x0g this week. Hit me up if you want to chat about browser/web/extension security and privacy.
#defcon #defcon33 #browsersecurity #websecurity #infosec #bugbounty
Told y'all we were cooking.
Say hello to Conjured Ink ( https://conjured.ink ): an #IndieWeb-based, #decentralized ecosystem of shops networked together to resist the kind of nonsense Itch and Steam have been dealing with.
We're a collective designing and building the software needed for folks who aren't techies to basically self host without feeling like they're self-hosting. Because you shouldn't need to be a sysadmin to free yourself from this yoke.
Join us!
do I know anyone who knows a bunch about Firebase auth?
I've got a target where I have full control over one of the domains in the "authorizedDomains" list reported by the identitytoolkit /v1/projects REST API.
the target supports a bunch of different authentication flows - Google, OIDC, password, some others.
what can I do with control over an "authorised domain"? the docs are frustratingly vague. I tried a bunch of stuff and nothing worked.
(no guess responses please)
Verified: It is a really silly MOTW bypass accessible from browsers with certain preconditions. Any more details would probably give it away.
It's quite simple once preconditions are met and probably works down to Win 7 or thereabouts.
Chances are someone must have found this before. Now looking if it's documented online somewhere or if MSRC told someone else it's "not serviceable".
Told y'all we were cooking.
Say hello to Conjured Ink ( https://conjured.ink ): an #IndieWeb-based, #decentralized ecosystem of shops networked together to resist the kind of nonsense Itch and Steam have been dealing with.
We're a collective designing and building the software needed for folks who aren't techies to basically self host without feeling like they're self-hosting. Because you shouldn't need to be a sysadmin to free yourself from this yoke.
Join us!
@fasnix that’s fine Discord is there because it’s the better way to be in touch with creatives, who are the people we’re making this for. I don’t think it’s fair to them to talk down to them about free software and making them use things with terrible experiences like IRC or Matrix, when you’re literally trying to do something for them.
That said, the nexus of development stuff is our Codeberg, which we try to keep our documentation and project actions in, while using Discord for outreach and in-the-moment conversation
@zkat Congrats on the launch!
Maybe a naive question, but I remember you had another art platform called Banchan that you were working on. Is that still a thing, and if so, how does it compare to Conjured Ink?
@KevinOfComputer Banchan had to shut down in December :(
Basically we ran out of money and it wasn’t going anywhere.
This effort, though, isn’t a company. It’s just a foss project. It’s meant to be a tool for others to build what they need
@zkat Oh, sorry to hear that, it sounded like a good platform.
Good luck with Conjured Ink!
@zkat Interesting project, but the “we just link to” approach won’t sustain at least in German legislation, where they can make you responsible for websites you link to. (The original verdict was limited, but there are absurd cases.)
The usual disclaimer is “when I made the link I could see nothing illegal”. I don’t know if that’s enough. IANAL
Liability of “platforms” for their users’ doings is another beast.
Better prepare for a legal fund.
The text in the second graphic is not the same as the post:
"Itch and Sream got a bunch of thinking: we need a catalogue where creative (especially NSFW & Queer) works are less vulnerable to censorship. A storefront we won't be delisted from. One giving us the autonomy to sell stuff our way. So we're making Conjured Ink. You can join us."
Did you find a way to protect yourself from censorship pressure by payment processors?
I get from the blog post that conjured.ink is designed to protectr the storefront, per se, from that pressure; but I can't seem to find how the individuals would be protected from payment processors simply refusing to process their individual business transactions?
I see. It is an improvement, yes. Thank you for your good work!
@zkat I made something similar when the itchio thing happened https://github.com/liana-p/indie-game-storec which is a template for self hosting for free that can be deployed straight to Vercel and only requires changing environment variables. I think it's especially important to keep it free or low upfront/upkeep because there's a lot of niche small devs who might not make much money from their games and can't afford the running monthly costs that a lot of platforms cause, hence the free tiers
Discoverability is still gonna be the issue long term and being able to connect different stores sounds good, though at the same time I think it might be better long term if discoverability was software agnostic.
That is to say, whatever open platforms we create for people to find and browse game shouldn't need to care about how the websites selling the games are made, they should just link to the stores. Then people can sell their games on any platform or self hosted solution and still list them on the platforms where people find games
Kat Marchán 🐈
Graham Sutherland / Polynomial
flo
KevinOfComputer
Hraban (fiëé visuëlle)
Acin ☆
katzenberger
Kristell L.
marceles 🌴🌴
Liana 
