Alexandre Dulaunoy

@[email protected]
2.7K Followers
3.4K Following
2K Posts

Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff.

The other side is at @a (photography, art and free software at large)

#infosec #opensource #threatintelligence #fedi22 #threatintel #searchable

Websitehttps://www.foo.be
GitHubhttps://github.com/adulau
Matrix@adulau:matrix.circl.lu
ORCIDhttps://orcid.org/0000-0002-5437-4652
PGP FP6BB5 6353 1D99 F112 4C00 8C4F 815D 4786 1ECB 73D5
Other Mastodonhttps://paperbay.org/@a
Alexandre Dulaunoy5h ago
Aristotelis Tzafalias5h ago

RE: https://infosec.exchange/@adulau/116322184098315128

aspirational security is when you focus on future threats to avoid dealing with the failure to address current ones.
in the words of the TED poet, what makes you beleive that we will get there by doing the same things that got us here?

Alexandre Dulaunoy5h ago
Show threadMaxime Verac6h ago
@adulau Thank you! And for many org, PQC issues should not even be in their threat model. But that's probably a sexy name to get some attention and budget, but indeed, should not make it into the priority list for most org...
Alexandre Dulaunoy5h ago
Show threadSerge Droz6h ago

@adulau Quantum Computing is the new block chain.

But let's face it: It's easier to babble about fuzzy threats than do something about existing ones, be this in IT-Security or Climate change. The former makes you important in a linkedin sense, the later is actually hard work.

Alexandre Dulaunoy6h ago

If someone comes to me today preaching about “post-quantum” security issues, I’ll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security devices like F5 and Ivanti are exposed (and compromised) to the internet, mailboxes get compromised just to change an IBAN in a PDF, and a simple phone call is still enough to get someone to hand over an MFA code.

But yes, by all means, let’s focus on post-quantum threats while handing AI tools SSH access like it’s a feature, not a confession.

#cybersecurity #stateoftheworld

Alexandre Dulaunoy20h ago
qjerome20h ago

🪲 Bug Fix in pure-magic!

I just fixed a tricky offset computation bug in pure-magic, your pure Rust port of libmagic for safe file identification. So, make sure you are using the latest version available for your toolings.

🔎 Check it out

- Rust Crate: https://crates.io/crates/pure-magic
- CLI Tool (replaces file): cargo install wiza
- Python Bindings: https://pypi.org/project/pure-magic-rs/
- Repository: https://github.com/qjerome/magic-rs

#Rust #FileIdentification #OpenSource #Python

crates.io: Rust Package Registry

crates.io serves as a central registry for sharing crates, which are packages or libraries written in Rust that you can use to enhance your projects

Alexandre Dulaunoy1d ago
gcve.eu1d ago

The GCVE project team will be at the Hackathon in Luxembourg on April 14–15, 2026, to present the project and collaborate on its future.

We’d be delighted to welcome anyone interested in joining us and contributing to the future of GCVE.

https://hackathon.lu/projects/#gcve

#gcve #cve #hackathon #cybersecurity

@circl

Projects at hackathon.lu

Team and Projects at hackathon.lu 2026

Alexandre Dulaunoy1d ago
Greg K-H1d ago
We've gotten five different "security reports" about the decades old USBIP protocol https://docs.kernel.org/usb/usbip_protocol.html and how it is "insecure" in the past few days.

Yes, it's only to be run between "trusted" devices, and we will gladly take patches so see the ones recently posted to the linux-usb mailing list to mitigate these issues, but this is very strange as to why all of a sudden this is being reported all at the same time by random different semi-anonymous accounts.

Is there some big usb-over-ip installation somewhere that people suddenly started caring about out there, or did some internal hacking tool that uses usbip just get leaked?

No one who we asked "why?" when they submitting these issues would give a very clear answer to that simple question so something is going on...
USB/IP protocol — The Linux Kernel documentation

Alexandre Dulaunoy1d ago
circl1d ago

Rulezet v1.4.1 Core Enhancements for Filtering, Pagination, and MISP Support

🔗 Release note https://github.com/ngsoti/rulezet-core/releases/tag/v1.4.1
🔗 Online version https://rulezet.org/

@misp

#rules #threatintelligence #opensource #cti #detection #threathunting #rulezet

Alexandre Dulaunoy1d ago
Vulnerability-Lookup1d ago

Vulnerability CVE-2026-3055 has received a comment on Vulnerability-Lookup:

Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)
http://vulnerability.circl.lu/comment/596d1296-f91f-4f84-a3e6-03aa10878635

#VulnerabilityLookup #Vulnerability #Cybersecurity #bot

Vulnerability-Lookup

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

Alexandre Dulaunoy2d ago
Aristotelis Tzafalias2d ago

the more you try something the more you appreciate professionals.

I started music lessons and now appreciate what it means to be a musician.

I started vibe coding and have a renewed and even greater than before appreciation for professional developers.

In fact, all my experiments with vibes have lead to same conclusion on their use in a corporate environment: easy to impress up where everything is abstract, impossible to convince down where details matter.