Evvy 
linux doesn't have malware if you don't count seventeen malicious npm packages per second as malware
| Github | https://github.com/australeo |
- 89 Followers
- 213 Following
- 231 Posts
C/C++ object lifetime auditor. hacking, rust, food. [he/him]
Lin NahAre you in France with a cat that used to live in Aotearoa NZ and the cat is missing?
A cat found in Antony France with a NZ chip. Someone posted in reddit hoping to reunite the cat with the cat''s owners/slaves.
Post with pic:
https://www.reddit.com/r/newzealand/comments/1rm8cnc/nz_pussy_found_in_france/
Apparently also posted in NZers in France fb page.
#cat #cats #lechat #Aotearoa #NewZealand #NZ #Nouvelle-Zélande #France #francaise
@skinnylatte if you want any food recs while you are here I would be happy to offer some (if more than a little intimidated!)
Keira (She/Her)My partner is looking for work. I'd appreciate boosts.
He's looking to move into #appsec, but will accept short #webdev or #devops contracts (<12 months). Location: Melbourne Australia, or remote. For a short enough contract he'd go anywhere though.
He's a senior full stack web dev (Linux/python/django/js/elm, ~12 years).
Experienced in dev ops, dev sec ops and automation (ansible, selenium, etc etc).
He has experience with OWASP ZAP, bandit and Snyk, and is part way through the PortSwigger academy.
FOSS contributions include writing a django authentication function for OWASP ZAP, making a wrapper to improve accessibility and usability for selenium (Elemental), and other bits and bobs.
He isn't on any socials, but if you want to get in touch I can share his email or signal ID (or give him yours).
He and I have been the security people for little apps without any dedicated security team, for the last decade or so. If you're in security you might have met him (or me) at conferences (Disobey, BSides, CCC, Defcon and Ruxmon), because we've been attending since we launched our own app in 2014, picking up everything we can to protect our users.
(Yep, he is aware a move to security from senior dev roles will be a step down in seniority and $. He just really likes security.)
RE: https://infosec.exchange/@cxiao/116111084846495192
I spend a lot of time consuming C++ developer resources (talks, blog posts) and I can’t imagine someone trying to RE modern C++ without doing so. Viewing everything through a C abstraction just doesn’t cut it anymore.
Trying to understand why a *documented feature* causes null deref when you try to call its API is like something out of Hitchhikers:
"Eventually I found a single comment from the vendor, inside a closed git issue, in a disused repo with a sign on homepage reading 'this project is now archived'"
RE: https://cyberplace.social/@GossiTheDog/115929393014353710
Thankfully no one uses telnet anymore, except maybe every major bank on the planet and probably various government orgs.
Kevin Beaumontlol https://seclists.org/oss-sec/2026/q1/89
telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter.
If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes
In telnetd for a decade 💀
Natalie SilvanovichToday, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.
https://projectzero.google/2026/01/pixel-0-click-part-1.html
@mcc Apologies if someone has already suggested it but this seems like a good use-case for Compiler Explorer. You could have a look at the assembly generated for various struct layouts and compiler configs, and match those to your known requirements: https://godbolt.org/z/Ychb7jvhc
