Robert Gützkow

@robertguetzkow@infosec.exchange
57 Followers
102 Following
98 Posts
IT security, software engineering and digital art. he/him
Robert Gützkow17h ago
Jacques Lucke19h ago

I've started a blog to be able to share some projects I work on with my future self and curious others. It will mostly focus on stuff I do on my own time that might not be related to Blender. This site is still WIP, but two posts are up already.

https://jlucke.com/blog/personal-website/

Robert Gützkow2d ago
Bart 5d ago

Blender Studio has released its first game, DOGWALK, and it’s free! It was created by our incredible artists and developers using only open source tooling: Blender and the Godot Game engine.

https://store.steampowered.com/app/3775050/DOGWALK/

If you’d like to see more projects like this and/or want to browse the game source code, consider supporting the studio at studio.blender.org :)

DOGWALK on Steam

Explore a hand-crafted winter forest as a big adorable dog and with a little kid in tow. A short, free, open source project brought to you by Blender Studio.

Robert Gützkow2d ago
Show threadKevin Beaumont2d ago

CitrixBleed 2 update.

- Citrix have finally, quietly admitted exploitation in the wild -- by not commenting to press and then editing an old blog post and not mentioning it on their security update page.

- Orgs have been under attack from threat actors in Russia and China since June

- It's now under spray and pray, wide exploitation attempts.

https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f

CitrixBleed 2 situation update — everybody already got owned

The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence. So they get to hope nothing too bad happened, I guess. The reason for this is the exploitation activity…

DoublePulsar
Robert GützkowJul 4
Show threadKevin BeaumontJul 4

First exploitation details for CVE-2025-5777 - the Netscaler vuln - are out. https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/

If you call the login page, it leaks memory in the response 🤣

I don’t want to specify too much extra technical info on this yet - but if you keep leaking the memory via requests, there’s a way to reestablish existing ICA sessions from the leaked memory.

Robert GützkowJul 1
Blender StudioJul 1

DOGWALK will be officially released on July 11th, 17.00 CEST 🎉 join us then for our online release party!
Lots of frolicking in the snow and talking with artists, to be sure ☃️

#b3d #BlenderStudio #game #gamedev #OpenProject #DOGWALK
https://studio.blender.org/blog/dogwalk-release-date/

Robert GützkowJun 23
Jacques LuckeJun 23
Next week Thursday (2025-07-03), 6-9 pm, we'll have our second Blender Meetup in Berlin this year. We'll meet in room MAR 0.007 of the TU Berlin (see link below). If you're interested in Blender, computer graphics and/or open source, feel free to drop by. #b3d
Robert GützkowJun 9
Blender 🔶Jun 9

Have you worked on a cool project using Blender recently?

Share it at the upcoming Blender Conference 2025 in September! There’s one week left before the call for submissions closes. Check it out: https://conference.blender.org/2025/call-for-participation/ #b3d #bcon25

Blender Conference 2025 — conference.blender.org

Blender Conference 2025 - The event of the year celebrating the Free and Open 3D Creation Software

Blender Conference 2025 — conference.blender.org
Robert GützkowJun 8
Erik Uden 🍑May 28

EU plant neues Massenüberwachungsgesetz mit Vorratsdatenspeicherung & Zwangs-Backdoors – jetzt ist noch Widerspruch möglich!

Hey Leute,

die EU plant gerade ein neues Gesetz zur Vorratsdatenspeicherung, das echt krass werden könnte. Es geht nicht nur um ein paar Verbindungsdaten, sondern darum, jeden Online-Dienst zur Überwachung zu verpflichten – also auch Messenger, Hosting-Anbieter, Webseiten usw.

Das Ganze läuft unter dem Titel:

„Retention of data by service providers for criminal proceedings“

Hier kann man bis zum 18. Juni 2025 Feedback abgeben: Have Your Say

Was ist geplant?

  • Pflicht zur Datenspeicherung mit Identitätsbindung – also alles, was du online machst, muss auf dich zurückführbar sein.
  • Sanktionen für Dienste, die keine Nutzerüberwachung einbauen – darunter könnten auch VPNs, selbstgehostete Sachen oder Open-Source-Projekte fallen.
  • Backdoors in Geräte und Software – mit Hardwareherstellern soll zusammengearbeitet werden, um „gesetzlichen Zugriff“ zu ermöglichen.
  • Auch kleine Anbieter betroffen – es geht ausdrücklich nicht nur um Meta, Google & Co.

Das Ganze basiert auf Empfehlungen einer „High Level Group“, deren Mitglieder komplett geheim gehalten werden. Patrick Breyer (Piraten/MEP) @echo_pbreyer hat nachgefragt – die EU hat ihm eine geschwärzte Liste geschickt.

Laut EDRi wurde die Zivilgesellschaft explizit ausgeschlossen. Lobbyismus deluxe.

Was kann man tun?

Einfach Feedback abgeben, geht in 2 Minuten.

Kurz schreiben, dass man gegen anlasslose Vorratsdatenspeicherung und Überwachung ist, reicht schon. Jeder Kommentar zählt.

Deadline ist der 18. Juni 2025, Mitternacht (Brüsseler Zeit).

Wäre gut, wenn wir aus der IT-Szene da nicht still bleiben. Das betrifft wirklich alle – Entwickler, Admins, SysOps, Hoster, ganz normale Nutzer.

European Commission - Have your say

European Commission - Have your say

European Commission - Have your say
Robert GützkowJun 5
Ton Roosendaal 🔶Jun 5
Something stunning is cooking here in the studio. Andy's new short: Singularity. https://studio.blender.org/blog/announcing-singularity/ #b3d
Announcing 'Singularity' - Blender Studio

Let's set out on an epic space adventure to put our painterly tools to the test!

Blender Studio
Robert GützkowJun 4
Julien KasparJun 4

Implementing stop-motion style animation for DOGWALK was fascinating.
We animated the characters on 2s (meaning 12 fps).
To make the movement sync up I made sure the animation blending & character rotation is matching that, instead of just using linear interpolation!

#b3d #godotengine #gamedev

×
Show threadMr. BitternessMay 15

watchTowr has produced, as always, a quite excellent writeup about this.

The "issue in third-party code"?

Ivanti took the example code for hibernate-validator that screamingly announces that you should ABSOLUTELY NOT do, and...
implemented something equivalent to it in EPMM.

The fix for CVE-2025-4428 was in Ivanti's code that used a third-party library in a way that they explicitly warn to not use in such a way.

But yeah, the issue is "in third-party code". Got it. Whatever helps you sleep at night...

Show threadMr. BitternessMay 16

The authentication bypass (CVE-2025-4427) in Ivanti is in their use of the Spring Framework.

Specifically, prior to the fix, apparently endpoints beginning with /mifs/rs/api/v2/ could all be handled at the Spring layer without requiring authentication.

After the fix, the everything is required to be processed with an access="isAuthenticated()" rule, and there are explicit allowances for specific anonymous URIs related to cert enrollment, Azure, registration, and the like.

Is Ivanti's failure to restrict access to Spring URIs Spring's fault? If you would read the Ivanti advisory, you'd think so. They don't mention Spring by name, but they are crystal clear that is issue is in third-party code. 🤦‍♂️

Admitting mistakes is a sign of maturity. Pointing your finger at somebody else and saying they are responsible for the mistakes that you made, is, well...

Show threadinvisiblethreatMay 16
@wdormann the sign of being a PE portfolio company trying to wring profits out of FOSS without any accountability?
Show threadFritz AdalisMay 15
@wdormann
Please tell me they called the function UnsafeValidator...