Robert Gützkow

@robertguetzkow@infosec.exchange
57 Followers
101 Following
93 Posts
IT security, software engineering and digital art. he/him
Robert Gützkow5d ago
Show threadKevin Beaumont5d ago

First exploitation details for CVE-2025-5777 - the Netscaler vuln - are out. https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/

If you call the login page, it leaks memory in the response 🤣

I don’t want to specify too much extra technical info on this yet - but if you keep leaking the memory via requests, there’s a way to reestablish existing ICA sessions from the leaked memory.

Robert GützkowJul 1
Blender StudioJul 1

DOGWALK will be officially released on July 11th, 17.00 CEST 🎉 join us then for our online release party!
Lots of frolicking in the snow and talking with artists, to be sure ☃️

#b3d #BlenderStudio #game #gamedev #OpenProject #DOGWALK
https://studio.blender.org/blog/dogwalk-release-date/

Robert GützkowJun 23
Jacques LuckeJun 23
Next week Thursday (2025-07-03), 6-9 pm, we'll have our second Blender Meetup in Berlin this year. We'll meet in room MAR 0.007 of the TU Berlin (see link below). If you're interested in Blender, computer graphics and/or open source, feel free to drop by. #b3d
Robert GützkowJun 9
Blender 🔶Jun 9

Have you worked on a cool project using Blender recently?

Share it at the upcoming Blender Conference 2025 in September! There’s one week left before the call for submissions closes. Check it out: https://conference.blender.org/2025/call-for-participation/ #b3d #bcon25

Blender Conference 2025 — conference.blender.org

Blender Conference 2025 - The event of the year celebrating the Free and Open 3D Creation Software

Blender Conference 2025 — conference.blender.org
Robert GützkowJun 8
Erik Uden 🍑May 28

EU plant neues Massenüberwachungsgesetz mit Vorratsdatenspeicherung & Zwangs-Backdoors – jetzt ist noch Widerspruch möglich!

Hey Leute,

die EU plant gerade ein neues Gesetz zur Vorratsdatenspeicherung, das echt krass werden könnte. Es geht nicht nur um ein paar Verbindungsdaten, sondern darum, jeden Online-Dienst zur Überwachung zu verpflichten – also auch Messenger, Hosting-Anbieter, Webseiten usw.

Das Ganze läuft unter dem Titel:

„Retention of data by service providers for criminal proceedings“

Hier kann man bis zum 18. Juni 2025 Feedback abgeben: Have Your Say

Was ist geplant?

  • Pflicht zur Datenspeicherung mit Identitätsbindung – also alles, was du online machst, muss auf dich zurückführbar sein.
  • Sanktionen für Dienste, die keine Nutzerüberwachung einbauen – darunter könnten auch VPNs, selbstgehostete Sachen oder Open-Source-Projekte fallen.
  • Backdoors in Geräte und Software – mit Hardwareherstellern soll zusammengearbeitet werden, um „gesetzlichen Zugriff“ zu ermöglichen.
  • Auch kleine Anbieter betroffen – es geht ausdrücklich nicht nur um Meta, Google & Co.

Das Ganze basiert auf Empfehlungen einer „High Level Group“, deren Mitglieder komplett geheim gehalten werden. Patrick Breyer (Piraten/MEP) @echo_pbreyer hat nachgefragt – die EU hat ihm eine geschwärzte Liste geschickt.

Laut EDRi wurde die Zivilgesellschaft explizit ausgeschlossen. Lobbyismus deluxe.

Was kann man tun?

Einfach Feedback abgeben, geht in 2 Minuten.

Kurz schreiben, dass man gegen anlasslose Vorratsdatenspeicherung und Überwachung ist, reicht schon. Jeder Kommentar zählt.

Deadline ist der 18. Juni 2025, Mitternacht (Brüsseler Zeit).

Wäre gut, wenn wir aus der IT-Szene da nicht still bleiben. Das betrifft wirklich alle – Entwickler, Admins, SysOps, Hoster, ganz normale Nutzer.

European Commission - Have your say

European Commission - Have your say

European Commission - Have your say
Robert GützkowJun 5
Ton Roosendaal 🔶Jun 5
Something stunning is cooking here in the studio. Andy's new short: Singularity. https://studio.blender.org/blog/announcing-singularity/ #b3d
Announcing 'Singularity' - Blender Studio

Let's set out on an epic space adventure to put our painterly tools to the test!

Blender Studio
Robert GützkowJun 4
Julien KasparJun 4

Implementing stop-motion style animation for DOGWALK was fascinating.
We animated the characters on 2s (meaning 12 fps).
To make the movement sync up I made sure the animation blending & character rotation is matching that, instead of just using linear interpolation!

#b3d #godotengine #gamedev

Robert GützkowJun 4
Caesar WirthJun 4
uBlock Origin on Bluesky vs Mastodon
Robert GützkowMay 23
mccMay 23

I stopped using Reddit because the company was feeding my words into a large language model, and I stopped using StackOverflow because the company was feeding my words into a large language model, and I will stop using Discord if the company starts feeding my words into a large language model

https://www.theverge.com/apps/673208/discord-ai-forums-anniversary-gamechat

Robert GützkowMay 15
Show threadMr. BitternessMay 15

watchTowr has produced, as always, a quite excellent writeup about this.

The "issue in third-party code"?

Ivanti took the example code for hibernate-validator that screamingly announces that you should ABSOLUTELY NOT do, and...
implemented something equivalent to it in EPMM.

The fix for CVE-2025-4428 was in Ivanti's code that used a third-party library in a way that they explicitly warn to not use in such a way.

But yeah, the issue is "in third-party code". Got it. Whatever helps you sleep at night...

Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)

Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest was piqued this week when news of fresh vulnerabilities was announced in a close friend -

watchTowr Labs