Harry Sintonen

@[email protected]
1.5K Followers
233 Following
2.4K Posts
Infosec consultant at REVƎЯSEC https://reversec.com - Coding, Research + various other interests
PGPhttps://sintonen.fi/pgpkey.txt
Researchhttps://sintonen.fi/advisories/
Githubhttps://github.com/piru
Harry Sintonen13h ago
Show threadKevin Beaumont15h ago

Handala have phished Kash Patel, the director of the FBI, and released his emails.

See the prior rest of thread on this, they've been doing it for years with Israeli politicians - they just phish Gmail and iCloud logins, then sync devices.

The FBI have confirmed the emails are authentic. It looks like they are releasing them in batches.

Harry Sintonen1d ago

#libpng 1.6.56 fixes two high-severity vulnerabilities: CVE-2026-33416 and CVE-2026-33636.

Out of these CVE-2026-33416: Use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE is particularly serious as arbitrary code execution has been demonstrated. Applications that call png_free_data() to release memory between png_read_info() and png_read_update_info() are affected.

https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j

The second vulnerability CVE-2026-33636: Out-of-bounds read/write in the palette expansion on ARM Neon is of more limited concern as only crashes has been demonstrated. More serious impacts have not been ruled out, however.

https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2

#infosec #cybersecurity #CVE_2026_33416 #CVE_2026_33636

Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

## Summary Use-after-free via pointer aliasing between `png_struct` and `png_info` in `png_set_tRNS` and `png_set_PLTE`. ## Description In libpng versions through 1.6.55, `png_set_tRNS` an...

GitHub
Harry Sintonen1d ago

I highly recommend everyone (software developers and others alike) to check #privacyguides for their knowledge base. They have a lot of very good advice on securing your personal systems and processes. These two documents are a good starting point: https://www.privacyguides.org/en/basics/common-threats/ and https://www.privacyguides.org/en/basics/threat-modeling/

https://mastodon.social/@bagder/116294927524710539

Harry Sintonen2d ago

The Finnish Supreme Court has convicted MP Päivi Räsänen for incitement to hatred over her public statements about sexual and gender minorities.

https://yle.fi/a/74-20217430 (in english)

Räsänen "shocked" by Supreme Court hate speech conviction

Former interior minister and Christian Democrats leader Päivi Räsänen was found guilty of incitement after four years of court proceedings.

News
Harry Sintonen2d ago

#Microsoft sent an email to everyone saying they're listening to people now and they will definitely not pushing AI to everything anymore.

Also Microsoft enabled #github to collect all your "inputs, outputs and associated context to train and improve AI models". This new tickbox is enabled by default, even if you explicitly disabled Copilot before.

Actions speak louder than words.

You can disable the option at https://github.com/settings/copilot/features

#enshittification

Harry Sintonen2d ago
Garvin Hicking2d ago
https://github.com/settings/copilot/features > "Privacy" > "Allow GitHub to use my data for AI model training"
Build software better, together

GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.

GitHub
Harry Sintonen2d ago
Show threadFrédéric Jacobs2d ago

Best of luck to Isar Aerospace for another attempt at reaching orbit with their #Spectrum rocket from Andøya Spaceport in Norway!

📺: https://www.youtube.com/live/MsbZj8PxmUk (T-0h50 at post time)

#GoingFullSpectrum

Livestream: "Onward and Upward" Mission of Isar Aerospace

YouTube
Harry Sintonen2d ago
4am ❧2d ago

Amazing comment in the Copy ][+ source code:

#AppleII #retrocomputing

Harry Sintonen2d ago

"Meta and Google found liable in landmark social media addiction trial"

https://www.bbc.com/news/articles/c747x7gz249o

Meta and YouTube found liable in social media addiction trial

A woman has been awarded $6m in a verdict that could have implications for hundreds of other cases in the US.

Harry SintonenMar 19

Two 20-year-old vulnerabilities fixed in XML::Parser 2.48:

- CVE-2006-10002: XML::Parser versions through 2.47 for Perl could
overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes https://www.openwall.com/lists/oss-security/2026/03/19/1

- CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack https://www.openwall.com/lists/oss-security/2026/03/19/2

The patch fixing these has been available since 2006 but it's nice to see the fix in actual release, too.

#CVE_2006_10002 #CVE_2006_10003

oss-security - CVE-2006-10002: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes