Mastodawn

Martin Majc0 OM0MO Brechtl 4d ago

Max Lee May 1

They: "On a scale from 1 to 10: How lazy are you?"

Me: Using the copy fail exploit instead of sudo to avoid having to type my password

#copyfail #linux #cybersecurity

Martin Majc0 OM0MO Brechtl 6d ago

Laurent Cheylus 6d ago

NetWatch: an open-source Tool (written in Rust) for real-time Network Diagnostics in your Terminal #network #TUI https://github.com/matthart1983/netwatch

Martin Majc0 OM0MO Brechtl May 9

Anna E. Cook (is traveling)May 9

Someone asked me recently how to “turn off AI”

Which goes to show how much companies refuse to gain consent when adding AI to everything.

First thing, move to Linux.

Second thing, use a browser with no AI or an “off” option.

Third, find products to replace AI forcing ones.

Martin Majc0 OM0MO Brechtl May 1

dragosr May 1

Copy Fail (CVE-2026-31431):
The modprobe.d + rmmod recipe is inadequate. Both populations equally vulnerable; the fix differs.

RHEL/Alma/Rocky/Oracle: compiled in — need initcall_blacklist + reboot.

Ubuntu/Debian: auto-loads on AF_ALG bind — block via modprobe.d install /bin/false.

aarch64, Alpine/busybox: PoC fails. Still vulnerable.

Local root + K8s container escape. Page cache attack; FIM blind.

Mitigation: https://secwest.net/copyfail-mitigation

How to block CVE-2026-31431 (Copy Fail) - secwest.net - secure virtual engagement

How to block CVE-2026-31431 (Copy Fail) — the Linux kernel algif_aead local privilege escalation that poisons setuid binaries via the shared page cache. Fleet-scale module disable, RHEL built-in workarounds, Docker/Kubernetes seccomp profiles to refuse AF_ALG, audit and Falco detection rules, and ex

secwest.net - secure virtual engagement

Martin Majc0 OM0MO Brechtl May 1

Steve Bellovin Apr 30

New book, released under a Creative Commons BY-NC-ND license: "Don't Get Hacked! Protecting Yourself at Home": https://www.cs.columbia.edu/~smb/homesec/index.html

Retoot for reach!

#cybersecurity #homeCybersecurity #dontGetHacked

Don't Get Hacked!

Martin Majc0 OM0MO Brechtl May 1

Michael Stapelberg 🐧🐹😺May 1

For my fellow #NixOS users:

To fix https://copy.fail/ (CVE-2026-31431) on NixOS 25.11, switch your Flake input to :

nixpkgs.url = "github:nixos/nixpkgs/release-25.11";

(Until the `nixos-25.11` tag is updated, too.)

See also https://discourse.nixos.org/t/is-nixos-affected-by-copy-fail-edit-yes-it-is/77317/26 for copy-pasteable instructions to check / fix / verify

Martin Majc0 OM0MO Brechtl Apr 30

the vessel of morganna Apr 30

I deobfuscated the #copyfail exploit and fixed up the payload to run under Alpine: https://astr.al/notes/2026-04-29_copyfail/

ast.ral — eureka's homepage

Martin Majc0 OM0MO Brechtl Apr 30

Mitchell Hashimoto Apr 30

Libghostty can now be used to fuzz TUIs, thanks to Oskar and Antithesis. They already found bugs in multiple including btop. I always imagined libghostty would be useful for testing TUIs, super happy to see this is both practical and valuable. https://wickstrom.tech/2026-04-30-bombadil-terminal-experiment.html

This is another example of where speed matters! "Why does Ghostty need to be so fast?"

Well, if you're running hundreds or thousands of unit tests that each use a clean in-memory terminal, you want that to be fast. If you're fuzz testing and trying to push an unlimited amount of data through a terminal, you want that terminal to be fast.

So many people got hung up on "why does my terminal _GUI_ need to be fast" without connecting one more dot and realizing the GUI is only fast if the core is fast, and the core being fast unlocks a hell of a lot more.

Like this.

Martin Majc0 OM0MO Brechtl Apr 26

javi Mar 23

Firefox updated their Terms of Use? Let's see!

As you type a search query within Firefox, Firefox offers search suggestions to provide you with faster and more direct access to what you’re looking for. Some of the search suggestions come from your search provider (“Search Suggestions”). Others come from Firefox, and are based on information stored on your local device (including recent search terms, open tabs, and previously visited URLs), or content from Mozilla and Mozilla’s partners, including paid sponsors and internet resources like Wikipedia (“Suggestions from Firefox”).

Here chat. Here. This is where Firefox dies.

"information stored in your local device" and "content from mozilla's parners" and "paid sponsors".

This is a very convoluted way of saying "we use your personal data to segment you into something we can sell to advertisers".

This is EXACTLY what chrome does, this is exactly why a lot of us stopped using Chrome and moved back to Firefox. In some circumstances Mozilla’s partners will receive de-identified search and interaction data, in order to serve relevant suggestions and measure user engagement with suggested content.This is making me really mad. THIS IS JUST CORPO-SPEAK TO DESCRIBE HOW THE ENTIRE INTERNET ADVERTISEMENT INDUSTRY WORKS. This is HOW FACEBOOK WORK. This is how GOOGLE WORK. This is how the entire programmatic advertisement industry work. This is what we call "sell your personal data". No, no one sells your address, no one sells your name. BECAUSE IT'S ILLEGAL IN A SIGNIFICANT PART OF THE WORLD.
We also work with advertising providers to deliver relevant sponsored content using programmatic technologies. To support this, we may share limited, non-identifying information — such as device type, IP-derived location information, and category of content viewed — to help determine which ads to display. We don’t share any information that identifies you. You can turn off sponsored content in your New Tab settings at any time.Oh it's so nice of you Mozilla, to do THE MINIMUM LEGAL REQUIREMENTS when selling our data. You don't share information that identify me? so nice of you! you know how else does that? Meta! Google! Tiktok! Somehow big tech mega corporations are willing to comply with the minimum legal requirements as you do, mozilla!In some cases, we may share or publish aggregated and anonymized data to facilitate research or as part of the lawful business purposes outlined above (such as sharing aggregated insights with advertising partners).This is called "advertisement segmentation" and it's what it paid for Zuckenberg fortress in Hawaii!! Going places, Moz, you are operating exactly as how Facebook used to do in 2016!To provide our services as described above, we may disclose personal data to: Partners, service providers, suppliers and contractors"We never disclose your personal data!!! well, unless it's one of our partners who pays us for it, of course!"

oh wait! they include a table of what kind of data they share with partners!Technical dataLocationLanguage preferenceSettings dataUnique identifiersSystem performance dataInteraction dataSearch dataBrowsing dataThe SHARE FUCKING EVERYTHING. THEY ARE SELLING EVERYTHING. "Unique identifiers" is the closest to personal identifiable data they can sell. That's what advertisers can use to make a profile of you: They may not know your name, but they will know everything else about you.

This is the same information that google collects and sells from you. THE SAME.

Fucking ghouls. This is where Firefox died, folks.

Firefox Privacy Notice

Mozilla

Martin Majc0 OM0MO Brechtl Apr 21

Renaud Lifchitz

Apr 21

Claude Tried to Hack 30 Companies. Nobody Asked It To.
https://trufflesecurity.com/blog/claude-tried-to-hack-30-companies-nobody-asked-it-to

Claude Tried to Hack 30 Companies. Nobody Asked It To. ◆ Truffle Security Co.

We gave AI agents simple research tasks on cloned corporate websites. When the legitimate path was broken, the agents autonomously discovered and exploited SQL injection vulnerabilities to complete the task - with zero hacking instructions in any prompt.