Mastodawn

Sebastian Schinzel 2d ago

ADFC Panketal 3d ago

Ein Leben ohne #Fahrrad ist möglich, aber sinnlos.

Sebastian Schinzel 6d ago

Show thread

Signal 6d ago

Because we don’t collect user data, what we know about these attacks comes from the victims of phishing. And from what victims have told us, the attacks followed a broad pattern: after tricking people into revealing their Signal credentials, attackers then used those credentials to take over their account and also frequently changed the associated phone number. 4/

Sebastian Schinzel 6d ago

Signal 6d ago

A response to recent reporting in Germany, in service of clarity and accountability:

First, it’s important to be precise when it comes to critical infrastructure like Signal. Signal was not “hacked” — in that our encryption, infrastructure, and the integrity of the app’s code was not compromised. 1/

Sebastian Schinzel Apr 25

Frederik Braun �Apr 24

Hey speakers!

If you have some interesting app security story to share, consider submitting to the German OWASP Day CfP.

Nice community event run by fine volunteer people. This year, the OWASP Day is in Karlsruhe on September 24th. https://god.owasp.de/2026/en/cfp.html

German OWASP Day 2026

Sebastian Schinzel Apr 21

Frederik Braun �Apr 21

What Mythos access got us. Now public. https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/

The zero-days are numbered | The Mozilla Blog

Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser.

Sebastian Schinzel Apr 20

Frederik Braun �Apr 20

Do I know someone who works on security for freedesktop.org software projects, specifically cairo? :)

Sebastian Schinzel Apr 18

Show thread

Mike Sheward Apr 18

ok, curiosity won and I tried it on a couple

yes, they all willingly sent the password reset link to the domain

yes, they let me reset the password

no, they didn’t have mfa

yes, they let me log in to the “deleted” accounts

yes, i saw order histories, names, dob’s, last four of credit cards

yes, i disclosed to the security contacts i could find at the companies

yes, one of them was the viagra place

Sebastian Schinzel Apr 18

Matthew Garrett Apr 18

Free software people: A major goal of free software is for individuals to be able to cause software to behave in the way they want it to
LLMs: (enable that)
Free software people: Oh no not like that

Sebastian Schinzel Apr 18

Stefan Eissing Apr 18

AIs have been finding bugs and vulnerabilities in #curl for some time.

Is it work to fix those? Yes.

Has someone paid for this? Partially (wolfSSL and @sovtechfund)

Are the AIs annoying? Yes, very.

Could humans find the same bugs? Yes, if they‘d somehow avoid being bored to death through it.

Was there something „heartbleed“ like? No.

Were there lots of C mistakes? No, logic bugs mostly.

Do AIs run out of steam? Yes. After a while a model stops finding things. Findings differ per model.

Sebastian Schinzel Apr 13

Horror Makes Us Happy Apr 13

Me	https://sebastian-schinzel.de/
FH Münster	https://www.fh-muenster.de/de/eti/ueber-uns/personen/schinzel/