Mastodawn

Show thread

kugg 8h ago

Kantlök, rankspenat och funkia får det bli

kugg 11h ago

Köpejord? nej tack!

kugg 4d ago

Will programming education be eradicated?

kugg Mar 21

tmpout Mar 21

🚨 We are extending the deadline for our Volume 5 Call For Papers and its Rootkit Competition!

Check out the updated dates below:

→ https://tmpout.sh/blog/vol5-cfp.html (until May 1st 2026)
→ https://tmpout.sh/blog/vol5-rootkit-competition.html (until May 31st 2026)

We are looking forward to reading your work!

kugg Mar 17

Rebane Mar 17

in linux you can use the evil bird emoticon (:>) to destroy files, eg `:> important_document.txt`

the bird will eat the file and leave it completely empty!

kugg Mar 14

Martin Kirchgessner Mar 14

I've always thought YubiKeys are expensive and too easy to loose or forget, so many thanks @Foxboron for ssh-tpm-agent ! I already had per-laptop #ssh keys, now they're sealed with its Tusted Platform Module (and a much shorter pass)👌

Install instructions: https://linderud.dev/blog/store-ssh-keys-inside-the-tpm-ssh-tpm-agent/
Presented at FOSDEM'25: https://archive.fosdem.org/2025/schedule/event/fosdem-2025-5544-hardware-backed-ssh-keys-ssh-tpm-agent/
Access rights tweaked with the help of https://fosdem.org/2026/events/attachments/ARFTHB-tpms_and_the_linux_kernel_unlocking_a_better_path_to_hardware_security/slides/267448/ignat-tpm_ornb8fs.pdf
poke #selfhosted

Store ssh keys inside the TPM: ssh-tpm-agent

After writing age-plugin-tpm a friend of mine at the hackerspace was super excited to finally have easy file encryption with TPM sealed keys, all without having to rely on gnupg. “This is great!” he said. “I wish I could have my SSH keys sealed in a TPM just as easily”. We should have left it at that. I shouldn’t have replied with a random assortment of facts like “I know google/go-tpm now”, or “but Go has a ssh-agent protocol implementation” followed-up with “Filippo has already implemented yubikey-agent, it can’t be that hard”. So I wound up writing a new ssh agent.

Morten Linderud

kugg Mar 13

TechGlimmer Mar 13

Most AppSec tools drown teams in false positives.

Codex Security by OpenAI takes a different route: build a threat model of your app, validate vulns in a sandbox, then propose context‑aware fixes. In my latest piece I cover the beta results, OSS CVEs, and who can access it now.

🔗 https://techglimmer.io/codex-security-by-openai-codex-security-review/

#CodexSecurity #OpenAI #AppSec #DevSecOps #AIsecurity #FOSS

Codex Security by OpenAI: The AI Agent That Finds Bugs Before Hackers Do

Codex Security is OpenAI's new AI-powered security agent that scans your codebase, validates real vulnerabilities and many more.

techglimmer.io

kugg Mar 1

beka valentine Mar 1

when Athens was at its peak in 500 BC, the Egyptian pyramids were already an ancient mystery people would go visit on vacation

the Trojan War happened a thousand years earlier and the pyramids were still ancient by comparison

kugg Feb 22

Johan Jönsson Feb 22

83 år sedan Hans och Sophie Scholl och Christoph Probst, medlemmar i motståndsgruppen Weiße Rose, avrättades för att ha spridit material som manade till motstånd mot nazistregimen. Målet är inte att ha deras mod, målet är att aldrig hamna där de var. Att försvara demokratin medan demokrati finns.

kugg Feb 21

Endor Labs Feb 21

CVE-2026-25896 (CVSS 9.3) disclosed in fast-xml-parser

A critical entity encoding bypass affects fast-xml-parser (40M+ weekly npm downloads).
-Allows attackers to shadow built-in XML entities (<, >, &, ", ')
-Can lead to XSS or injection when parsing untrusted XML and rendering the output
-Exploitable with default settings (processEntities: true)
-Impacts >= 4.1.3 and < 5.3.5, including transitive dependencies

Fix: upgrade to v5.3.5+
Advisory: GHSA-m7jm-9gc2-mpf2

https://www.endorlabs.com/learn/cve-2026-25896-fast-xml-parser

Github	https://github.com/kugg
Blog	https://www.jerkeby.se