Martin Boller     

@itisiboller@infosec.exchange
1.8K Followers
3.4K Following
5.3K Posts
Security Curmudgeon & InfoSec Worrier.
I don't need to drink to be offensive!
#InfoSec #Cyber #Forensics #Elasticsearch #OpenSearch #OpenVAS #BlueTeam
PronounsHe/Him/His
Websitehttps://www.infosecworrier.dk
Githubhttps://github.com/martinboller
ISO 3166 Alpha 2DK
Martin Boller     7h ago
Scott Wilson8h ago

#AI hot take:

If your email is long enough that you need a #Gemini summary, then your email is too damn long.

Martin Boller     1d ago
K. Reid Wightman  🌻 1d ago
My reaction catching up on the latest Epstein fallout: (and in all seriousness, everyone involved in that human trafficking bidness needs to rot in jail. Every. last. one.)
Martin Boller     1d ago
Lesley Carhart 2d ago
Just a veteran, not wanting to live in a country that hand waves away the bloody Epstein investigation.
Martin Boller     2d ago
Ivan Ožić Bebek2d ago
WSUS Exploitation - All you need to know https://lorenzomeacci.com/wsus-exploitation-all-you-need-to-know
WSUS Exploitation - All you need to know | Lorenzo Meacci

In this blog post, I will walk you through various techniques for abusing WSUS on Windows Server 2022. We'll start with the basics, explaining how WSUS works and why it is a valuable target. From there, I will demonstrate attacks such as delivering a malicious PsExec.exe as an update, ARP spoofing clients to serve rogue updates, and achieving local privilege escalation. I will also explore special configurations and scenarios that allow an attacker to upload custom payloads to WSUS and have clients download them.

Lorenzo Meacci
Martin Boller     3d ago
bert hubert 🇺🇦🇪🇺🇺🇦3d ago
Although tons of words have been written already on Europe's cloud predicament, I've found that it makes sense to briefly describe the very high level picture of where we are. "We rely on non-European SaaS based on non-European clouds":
https://berthub.eu/articles/posts/the-european-situation/
The European Cloud/Computing Situation - Bert Hubert's writings

A brief addition to the 50000 words I wrote earlier on the cloud: what is the European situation? Software Initially, companies and governments would buy licenses to software. You’d typically have a piece of software in your office, on one of your computers, to calculate payroll with. Most other computers would have copies of WordPerfect installed. This software would function for years without updates or maintenance. If WordPerfect-the-company would disappear, you would not even notice.

Bert Hubert's writings
Martin Boller     3d ago
bert hubert 🇺🇦🇪🇺🇺🇦3d ago
"It is very impressive. A whole generation has **forgotten** that you can run software on servers instead of on clouds. Even though this can be an order of magnitude cheaper." - https://berthub.eu/articles/posts/the-european-situation/
The European Cloud/Computing Situation - Bert Hubert's writings

A brief addition to the 50000 words I wrote earlier on the cloud: what is the European situation? Software Initially, companies and governments would buy licenses to software. You’d typically have a piece of software in your office, on one of your computers, to calculate payroll with. Most other computers would have copies of WordPerfect installed. This software would function for years without updates or maintenance. If WordPerfect-the-company would disappear, you would not even notice.

Bert Hubert's writings
Martin Boller     4d ago
Kevin Beaumont4d ago

If you’ve detected exploitation of CitrixBleed 2 aka CVE-2025-5777 I’d be interested to hear - Signal GossiTheDog.1337, obviously I won’t publish details.

I’ve already had one contact, which is an incident with a ransomware group initial access - I’d be interested to help people compare notes on IP addresses and such so there’s a common understanding of level of activity and scale of threat.

Martin Boller     4d ago
End Of 10 Campaign4d ago

This Saturday 12 July Linux install parties in #Danmark and #Nederland (all times local)!

* AlsSund Linux User Group (#AlsLUG) #Sønderborg, 13h-16h

https://alslug.dk/index.md

* Repair Café #Amsterdam, 13h-16h

https://www.repaircafe.org/cafe/linux-repair-cafe-amsterdam-javaplein/

@RepairCafeInternational

For details and more events worldwide: https://endof10.org/events/

#EndOf10 #FreeSoftware #OpenSource #FOSS #Linux #GNULinux #Windows #Windows10 #Windows11

Martin Boller     4d ago
bert hubert 🇺🇦🇪🇺🇺🇦4d ago
With @Karlitschek and various luminaries, I'll be visiting Executive Vice President Henna Virkkunen of the European Commission today to talk about European digital sovereignty. We may have a long way to go, but the attention is now there! https://mastodon.social/@Karlitschek/114826877070584689
Martin Boller     5d ago
Tom5d ago

Does anyone on the Fediverse who runs #FreeBSD ever got WINE to work properly in 14.3? It just won't play games. I get weird memory issues.

If you do run FreeBSD and WINE to run Windows apps, please share how you got it working. Thanks!

Boosts very welcome!

×
Gytis RepečkaJun 4

Attention server admins! Yesterday I've read a post by @simon_brooke how nasty AI scraper bots are attacking his self-hosted @forgejo instance. Soon after I'm seeing unusual, periodic traffic spikes on mine and again - dominated by OpenAI, but some other freeloaders too:

20.171.207.41 GPTBot/1.2 85.208.96.211 SemrushBot/7~bl 54.36.148.64 AhrefsBot/7.0 114.119.139.53 PetalBot

With GPTBot and SemrushBot attacking hardest 

They've been hammering my little server periodically today as well, slowing down my instance dramatically as if I was experiencing malicious DDoS attack  Well, in a sense it is one 

Watch out - it seems corporate AI techbros learned to scrape  content and starts doing it on a massive scale  Remember when @Codeberg was (and repeatedly is) hit?

For now blocked IP ranges and User-Agent combinations, not sure for how long that will be enough 

Please boost for visibility and be prepared!

#forgejo #developerlife #coding #attack #techbros #aislop #openai #bots #ddos

Show threadGytis RepečkaJun 4

Scraping hits my server every 3 hours and lasts for about 30 min.

When I blocked IP range of OpenAI crawler (GPTBot), it immediately switched to another one. While these techbros publish their IP ranges, list is not complete and server admins around the world report more 

Fuck you, Sam Altman, fuck you OpenAI, fuck all who work there and damn those who use their products.

Fuck whole AI industry that broke the internet 

Show threadGytis RepečkaJun 10

Installed and configured Anubis to protect my Forgejo instance 

Will be monitoring closely - so far so good 

Show threadGytis RepečkaJun 12
Server load back to normal 
Show threadForgejoJun 6
@gytisrepecka @simon_brooke @Codeberg Anubis seems to do a solid job for our Forgejo development instances (and at @Codeberg, too). See https://forgejo.org/2025-04-monthly-update/#crawlers-hitting-forgejo-instances
~ @mahlzahn
Forgejo monthly report - April 2025

Show threadGytis RepečkaJun 6

@forgejo Thanks for the details 

Will try to deploy Anubis - wasn't too excited about enforcing mandatory enablement of JavaScript, but for time being it seems there's no better choice 

@simon_brooke @Codeberg @mahlzahn

Show threadS.R. WeaverJun 19

@forgejo @gytisrepecka @simon_brooke @Codeberg @mahlzahn

Yea in my case I think ironically me hosting my own private instance off the public internet may be priming me against it, as much as I don't like being super private.

Show threadTim Ward ⭐🇪🇺🔶 #FBPEJul 5
@gytisrepecka @simon_brooke @forgejo @Codeberg Wot I don't get is why these bots burn carbon and waste money REPETITIVELY SCANNING THE SAME UNCHANGING CONTENT.
Show threadGytis RepečkaJul 5

@TimWardCam Because they have enough resources to burn - I'd guess it's good to report how many GBs scrapers ate for investors. You know, KPIs, milestones and all that crap 

@simon_brooke @forgejo @Codeberg

Show threadTim Ward ⭐🇪🇺🔶 #FBPEJul 5
@gytisrepecka @simon_brooke @forgejo @Codeberg The word "unique" should be in the KPI somewhere. These companies are bright enough to have several members of staff who realise this.
Show threadGytis RepečkaJul 5

@TimWardCam There is hardly any sanity when companies are sourcing for investment - anything goes, bright minds may have no word in it at all 

@simon_brooke @forgejo @Codeberg

Show threadTim Ward ⭐🇪🇺🔶 #FBPEJul 5

@gytisrepecka @simon_brooke @forgejo @Codeberg That sort of reminds me of that period in the 1980s when word processors were sold on the number of words in the spelling dictionary - the more the better, according to the marketdroids.

But do you really want the word "formicate" in your spelling dictionary (I see it's in this one). Isn't it far more likely to be an error for "fornicate"?

More isn't always better.

Show threadSimon BrookeJul 5
@gytisrepecka @TimWardCam @forgejo @Codeberg I'm guessing it's cheaper for them to repeatedly hit my poor little server than to just keep their own local clones of my repositories.
Show threadsleepfreeparentJul 5
@TimWardCam @gytisrepecka @simon_brooke @forgejo @Codeberg because they asked the LLM to write the scrapers. To pull in its own training material. Then they train the next LLM on that and ask it for the next version of the scraper. Rinse and repeat. They assumed they'd bring about the singularity with this shit.
But none of it learns. The "what is wrong with this picture" signal is clear and loud, ask any LLM why LLM scrapers are bad and it'll reproduce what we've all been saying about them. But there's no underlying learning mechanism that would make anything get better.
It's bullshit all the way down
Show threadTim Ward ⭐🇪🇺🔶 #FBPEJul 5
@sleepfreeparent @gytisrepecka @simon_brooke @forgejo @Codeberg 🤣
Show threadMarjorieRJul 5

@TimWardCam @gytisrepecka @simon_brooke @forgejo @Codeberg because they are stupid and uncoordinated (lots of different scapers for competing firms).
What they obviously think they need to add is new content and the current approach is extremely inefficient both for themselves and the site they attack.
If we must have LLMs that are aware of news then cab I suggest a more efficient approach would be:
1) Sites periodically produce a diff that just shows what's new. For many sites this will be empty.
2) You have one bot that scans the sites on the web once and consolidates this into an archive of new stuff.
3) Bots from each LLM company scan that new stuff archive. They only do it when they need to build a new training set.
4) The original scanning and the cost of maintaining the news archive is paid for by the Bots owners according to their use.

Maybe they could work out something with the Internet Archive.

Show threadAlexandre DulaunoyJul 5

@gytisrepecka

Same here. I think we're also running into some design decisions in forge software that rely on dynamic content generation, in-memory access to large Git binaries, and heavy computing resources just to distribute a single file.

Not blaming open source software here, but maybe it's time to rethink HTTP access perhaps going back to basics with static content for crawlers and reserving dynamic content for actual users.

@simon_brooke @forgejo @Codeberg

Show threadCyberFrogJul 5
@gytisrepecka mine has been getting hammered by bots for... probably since forever? I remember some sneaky custom gitea bot hit the forgejo API and spam-created accounts on every service it could see to scrape data even, had to manually ban and block them lol

they've definitely been able to do this for literal years, maybe they only just found your service
Show threadCyberFrogJul 5
@gytisrepecka to be real I don't actually care enough to block these things, and their traffic doesn't impact my service at all so I pretty much just ignored them lol

going to mess with some WAF deployment stuff and see if some convenient rules can block them, otherwise I'll just leave it alone, I honestly couldn't care less since they have zero impact on my systems by doing this anyway

I just treat them like the billion other abusive bots hitting my servers every day, same as the 10,000 SSH bots always trying to login and failing forever lol
Show threadTFed 🍉🌻🚀Jul 7
@gytisrepecka @simon_brooke @forgejo @Codeberg i love forgejo, dont give up!!!