jfk

@[email protected]
177 Followers
737 Following
659 Posts

Technical Analyst / Pentester @usdAG.

Pwning #LLM for fun (and sometimes profit).

I try to maintain a high signal-to-noise ratio, here.

#infosec #hacking #reverseengineering #privacy

Bloghttps://jfkimmes.eu
Forge/Githttps://codeberg.org/jfkimmes
Matrixhttps://matrix.to/#/@jfkimmes:hackingfor.eu
E-Mail[email protected]
jfkApr 14, 2025
Just accidentally discovered that #firefox now has tab groups?! Awesome!
jfkNov 16, 2024

Is this a new Mastodon feature?

How does this link preview to an external blog post show the authors handle below it? Does it pull this data from rel=me tag information on the site or something?
This would be amazing!

jfkJan 17, 2024

Prompt injection works on humans too btw.

#infosec #PromptInjection #AI #LLM

jfkNov 6, 2023

Wohoo. #Firefox 120beta is a fantastic release from a #privacy perspective. I really hope these features make it to stable!

- adds a https://globalprivacycontrol.org option
- blocks cookie banners by default in private windows*
- blocks URL tracking by default in private windows*
- adds option to copy links without URL tracking paramers
- adds fingerprinting protection to canvas APIs

https://www.mozilla.org/en-US/firefox/120.0beta/releasenotes/

(For some reason this applies only to Germany for now?)

Global Privacy Control — Take Control Of Your Privacy

Exercise your privacy rights in one step via the “Global Privacy Control” (GPC) signal, a proposed specification backed by over a dozen organizations.

Show threadjfkAug 26, 2023

For those who want more, here is more rant about Win11, from arstechnica.com:

https://arstechnica.com/gadgets/2023/08/windows-11-has-made-the-clean-windows-install-an-oxymoron/

Windows 11 has made the “clean Windows install” an oxymoron

Op-ed: PC makers used to need to bring their own add-on bloatware—no longer.

Ars Technica
Show threadjfkAug 26, 2023

Finally, we find a support page that explains to us how to download office (the direct link is still further down the results page).

For company and university login, it links to a chinese domain (???) and for German Office365 we can use a German page...
...which has an invalid certificate.

- login.partner.microsoftonline.cn
- portal.office.de

Yay more domains...

<Rant 7/7>

Show threadjfkAug 26, 2023

But we don't want to *buy* Office365, we already have an account, we just want to download it.
So we scroll further and find *another full page of ads*. More results to buy microsoft office (this time from a third party reseller), and the third result is for officesuite.com, which I find interesting.

<Rant 5/7>

Show threadjfkAug 26, 2023

Now, if we search for "download office365", we are greeted with... ...Exactly! More ads!

The complete first page is ads: The search results area on the left is filled with an ad for microsoft.com to *buy* Office365. Okay fair enough.
But also for some random third-party site where we can maybe(?) download an adware infested version of Office?

<Rant 4/7>

Show threadjfkAug 26, 2023

What do we get for our patience? A 'startpage' that is filled with 75% ads and 25% rage bait or click bait. I am so sorry for those, who must consume their daily news this way or (worse) think this is 'the internet'.

<Rant 3/7>

jfkAug 7, 2023

Oh hey there cute little friend. I have no idea what you are doing on my system but, sure, please be my guest and take this update ❤️

#GNOME #IBus #Linux