Rodolfo Saccani

@[email protected]
79 Followers
262 Following
128 Posts
CTO / Head of R&D @ Libraesva.
infosec / free flight safety @ FIVL, EHPU and EAS.
Expert @ CEN and UNI.
Opinions are my own because that's how opinions work.
Personal (ITA)https://www.saccani.net
Company (ENG)https://www.libraesva.com
Rodolfo SaccaniOct 3, 2024
Johnny RyanOct 3, 2024
Our new report shows the leakage of sensitive "Real-Time Bidding" (RTB) data by Google and others about Australian defence personnel and political leaders to foreign states and non-state actors
@wolfiechristl
https://www.iccl.ie/digital-data/australias-hidden-security-crisis/
Rodolfo SaccaniAug 29, 2024

Over Half (55%) of US IT and Security Professionals Surveyed Not Prioritizing Email Security, Despite Almost 9 in 10 (88%) Experiencing Successful Attacks in the Last Quarter | Business Wire

https://www.businesswire.com/news/home/20240529500085/en/Over-Half-55-of-US-IT-and-Security-Professionals-Surveyed-Not-Prioritizing-Email-Security-Despite-Almost-9-in-10-88-Experiencing-Successful-Attacks-in-the-Last-Quarter

Over Half (55%) of US IT and Security Professionals Surveyed Not Prioritizing Email Security, Despite Almost 9 in 10 (88%) Experiencing Successful Attacks in the Last Quarter

Libraesva's report highlights the need to plug the gap created by lack of skills, budget and inadequate technology

Show threadRodolfo SaccaniJun 23, 2024
@schizanon then maybe this one is better https://youtu.be/zxQyTK8quyY?si=Oo5-RoKzLevaC9X1
Transformer Neural Networks, ChatGPT's foundation, Clearly Explained!!!

YouTube
Show threadRodolfo SaccaniJun 23, 2024
@schizanon this should work https://youtu.be/xU_MFS_ACrU?si=b2V8UhTDfHUie5KI
How does ChatGPT work? Explained by Deep-Fake Ryan Gosling.

YouTube
Rodolfo SaccaniApr 23, 2024
@GossiTheDog we process tens of thousands email samples reported by users as “bad”. A tiny percentage is actual malicious samples worth the time of an analyst, most of them are one-to-one sales pitches, unsolicited contacts or offers (“I’ve noticed your profile on LinkedIN, may I send you …” and such). AI can “read” and tag such messages based on their content, so that we can surface the real attacks that we are interested in being analyzed by a human without delay. We do all the processing locally.
Rodolfo SaccaniMar 31, 2024
Ivan Enderlin 🦀Mar 31, 2024

xz/liblzma: Bash-stage Obfuscation Explained, https://gynvael.coldwind.pl/?id=782.

#xz #bash

xz/liblzma: Bash-stage Obfuscation Explained

Rodolfo SaccaniMar 31, 2024
lcamtuf   Mar 31, 2024

"The maintainers of libcolorpicker.so can’t be the only thing that stands between your critical infrastructure and Russian or Chinese intelligence services"

https://lcamtuf.substack.com/p/oss-backdoors-the-allure-of-the-easy/?1

OSS backdoors: the allure of the easy fix

Intelligence agencies and Big Tech, not hobbyists, should shoulder the responsibility for preventing the next xz-style hack.

lcamtuf’s thing
Rodolfo SaccaniMar 30, 2024
lcamtuf   Mar 30, 2024

OK, so here's my slightly more eloquent take on the xz thing, complete with a zinger closing paragraph:

https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor

Techies vs spies: the xz backdoor debate

Diving into some of the dynamics and the interpretations of the brazen ploy to subvert the liblzma compression library.

lcamtuf’s thing
Rodolfo SaccaniMar 29, 2024
Show threadEvan B🥥ehsMar 29, 2024

https://boehs.org/node/everything-i-know-about-the-xz-backdoor

I have begun a post explaining this situation in a more detailed writeup. This is updating in realtime, and there is a lot still missing.

#security #xz #linux

Everything I know about the XZ backdoor

Please note: This is being updated in real-time. The intent is to make sense of lots of simultaneous discoveries

Rodolfo SaccaniMar 29, 2024
Steve BellovinMar 29, 2024
If you use Homebrew on MacOS, you're affected—do 'brew update' and 'brew upgrade’.
https://infosec.exchange/@wdormann/112179988525798247
Will Dormann (@[email protected])

Just a backdoor in XZ. Nothing important. https://www.openwall.com/lists/oss-security/2024/03/29/4

Infosec Exchange