Mr. Glass

@MrGlass
204 Followers
344 Following
65 Posts
Crazy Jewish Hacker. Proud @banana_sec Member. @shabbatcon founder. @bsideslv staff.
Mr. GlassOct 17, 2023
daniel:// stenberg://Oct 16, 2023

We disclosed this #hackerone report against #curl when someone asked Bard to find a vulnerability, and it hallucinated together something:

https://hackerone.com/reports/2199174

curl disclosed on HackerOne: [Critical] Curl CVE-2023-38545...

## Summary: Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet ## Steps To Reproduce: To replicate the issue, I have searched in the Bard about this vulnerability. It disclosed what this vulnerability is about, code changes made for this fix, who made these changes, commit details etc even though this information is not released yet on the internet. In addition to it,...

HackerOne
Mr. GlassOct 11, 2023
daniel:// stenberg://Oct 10, 2023

Today we got what must be the most alarming first line in a newly file sec issue to #curl:

"To replicate the issue, I have searched in the Bard about this vulnerability"

... followed by a complete AI hallucination where Bard has dreamed up a new issue by combining snippets from several past flaws. Creative, but hardly productive.

Closed as bogus.

Mr. GlassJun 11, 2023
SwiftOnSecurityJun 11, 2023
Mr. GlassJun 6, 2023
Chris John Riley  Jun 6, 2023

Installs/Popularity of OSS libraries is not a good signal for trust. Typosquatting common PyPi packages using various methods.

- PyPi Popularity based on stars ⭐
- Copies stars from the GitHub repo you supply
- Code you supply doesn't need to come from this repo however!

One of several options available.

#FIRSTCON23

Mr. GlassJun 2, 2023
Brendan NyhanJun 2, 2023
cc: everyone who repeated this
Mr. GlassJun 2, 2023
Insecurity Princess 🌈💖🔥Jun 1, 2023
Wow, good burn, @Quinnypig
Mr. GlassMay 28, 2023
Matt BlazeMay 27, 2023
Election nerds: The 2023 Voting Village, call for proposals is out and accepting submissions through June 19. The Voting Village, held Aug 10-13 in conjunction with DEF CON, is the premier conference on the theory, practice, and technology of election security, and features a hands-on election systems laboratory as well as a 2-day speaker track. The CFP can be found at https://votingvillage.org; click the upper right.
Election Integrity Foundation | Nonprofit for Voting Equality

The mission of the Election Integrity Foundation is to educate and assist U.S. and global populations to improve election integrity.

Election Integrity Foundation
Mr. GlassMay 25, 2023
The Last Psion | AlexMar 11, 2023

Did you write code for #Psion machines in the #80s and #90s?

We're calling for you to open source your code!

I'm working with a group of enthusiasts, building a library of information about the SIBO/EPOC16 platform. Your old code could give valuable insight, as well as encourage people to write new code.

We're especially interested in old C and #x86 #assembly.

Upload it to your public repository of choice, and set it free!

#retrocomputing #retrodev #16bit #pda #laptop #epoc16 #sibo #oldcode

Mr. GlassMay 24, 2023
Zack WhittakerMay 24, 2023

U.S. Department of Justice issued three subpoenas to the Python Software Foundation for user data related to five PyPi usernames.

Pretty detailed (and transparent) account of what happened.

https://blog.pypi.org/posts/2023-05-24-pypi-was-subpoenaed/

PyPI was subpoenaed - The Python Package Index

The PSF received three subpoenas from the US Department of Justice for PyPI user data in March and April of 2023.

Mr. GlassMay 23, 2023
Kenn WhiteMay 23, 2023
OH: “Encrypting a database, tossing up a generic internet-facing web server, and crossing your fingers is not a strategy.”