Jernej Simončič �

@jernej__s@infosec.exchange
253 Followers
147 Following
21.3K Posts
Websitehttps://eternallybored.org/
Show threadJernej Simončič �59m ago
@NanoRaptor 🎂
Jernej Simončič �2h ago
Inspirational Skeletor💀3h ago
Jernej Simončič �3h ago
Catalin Cimpanu3h ago

Motherboard manufacturer Gigabyte has failed to patch four vulnerabilities in its UEFI firmware.

The vulnerabilities can allow attackers to take over the System Management Mode (SMM), a highly privileged section of the CPU

https://kb.cert.org/vuls/id/746790

CERT/CC Vulnerability Note VU#746790

SMM callout vulnerabilities identified in Gigabyte UEFI firmware modules

Jernej Simončič �5h ago
Show threadTube Time6h ago
it should clean right up
Jernej Simončič �5h ago
Nanoraptor7h ago
Jernej Simončič �5h ago
Simon Tatham8h ago

General reminder:

The domain name putty.org is *NOT* run by the #PuTTY developers. It is run by somebody not associated with us, who uses the domain to interpose advertising for their unrelated commercial products. We do not endorse those products in any way, and we have never given any kind of agreement for PuTTY's name to be used in promoting them.

Please do not perpetuate the claim that putty.org is the PuTTY website. If anyone is linking to it on that basis, please change the link. The PuTTY website is https://www.chiark.greenend.org.uk/~sgtatham/putty/ and it always has been.

You can check this by downloading the source code, which cites that URL in many places (the README, the documentation, some strings in the actual code), or by using the "Visit Web Site" menu options in the official Windows binaries (the ones signed with my personal Authenticode certificate). The true PuTTY website is the one that PuTTY itself says it is.

Many search engines list putty.org above chiark. I don't know if this is due to active SEO on the part of the domain owner, or a heuristic in the rankings. Either way, don't believe them. It's not our site.

PuTTY: a free SSH and Telnet client

Jernej Simončič �5h ago
Shafik Yaghmour22h ago

Read “The Psychology of Money”

On having enough.

#books

Jernej Simončič �5h ago
Show threadDeborah PickettMay 19

Here's what I sent them:

I don't use generative AI. I have a computer science degree so I understand how large language models work, and I don't believe that they have any value. They are just stochastic parrots. That they so beguile their users with vapid statistically-probable output is distressing.

But LLMs have still changed my life, because the training models are forever scraping my personal web site, costing me bandwidth and money, violating the copyright on my original content without my consent. The datacentres that house LLMs consume vast amounts of energy and fresh water, an environmental disaster in the making.

I expect that in the future, LLMs will once again change my life as I'm called to cover for an entire generation of workers who lack important life skills such as composition and critical thinking. I'm not exactly looking forward to it.

Show threadJernej Simončič �13h ago
@bagder If you need a docking station, HP TB4 dock works well (and supports 3 4k monitors all running at 60Hz).
Jernej Simončič �13h ago
Tane Piper ⁂14h ago
I heard ICE being called "Ya'll-Qaeda" and "Ammosexuxals" and I'm all in on that
×
Kevin Beaumont2d ago
if anybody knows anybody at the UN Umoja (the UN's shared services), get them to patch these boxes for CitrixBleed2 and reset all sessions (including AAA) - there's somebody from Chinese state logged into them going brrr for the past three weeks.
Show threadKevin Beaumont2d ago
If anybody thinks 'Kevin cannot be serious with these posts', they're extraordinarily effective at getting stuff patched as usually somebody knows somebody.
Show threadcR0w 2d ago
@GossiTheDog Can confirm.
Show threadPeter2d ago
@GossiTheDog my wife works for the UN, just sent her this 😅
Show threadSam Bowne 1d ago
@peter @GossiTheDog White-hatting is always fraught. Posting on infosec.exchange seems as good as any method.
Show threadDusted2d ago

@GossiTheDog When you post I use it to get shit done in my place.

Thanks!

Show threadKevin Beaumont2d ago
@Dusted
Show threadPika Pika2d ago
@GossiTheDog Wait you're serious about all this?? /s
Show threaddoublemc2d ago
@GossiTheDog maybe this reply will get MS to fix their DNS lookups? https://forum.dmarcian.com/t/dkim-verification-failures-microsoft-365-exchange-online/2679/15
DKIM verification failures - Microsoft 365 / Exchange Online

We’ve opened a case with Microsoft and although it has been “escalated” to engineers, I’m curious if there’s examples of evidence that works. We sent screenshots of dmarcian and message headers illustrating the issue, but MS has been really quiet acknowledging the issue from our supplied evidence. Or key phrases to use with MS Support? I was informed they are not able to see this forum post because all external links are blocked from the support agent we received.

dmarcian forum
Show threadMoritz Dietz2d ago
@GossiTheDog but are people really thinking that this couldn't work?
Show threadJP1d ago
@GossiTheDog today we are all Kevin bacon.
Show threadJorgoogle Origami1d ago
@GossiTheDog passed the message to someone who works at the UN
Show threadEd1d ago
@GossiTheDog I think it's also just important that everyone knows stuff like this is happening
Show threadcaranea1d ago

@GossiTheDog
Darn. Timing... The UN ITU "AI for Good" summit just ended earlier today.

(and no, it wasn't as bad as it may sound from the title)

Show threaddrm1d ago
@GossiTheDog `cat | grep` oh no Kevin, please 😢
Show threadRobert Dresden1d ago
@GossiTheDog just distributed to all peeps where I know they have some sort of UN affiliation