Tim Smith

@[email protected]
255 Followers
369 Following
1.3K Posts

Sys Admin, turned Operations Engineer, turned Software Developer, turned Product Manager. Working to someday pivot to pizza parlor owner. Currently Product @ Mondoo.com.

Ex Chef.io, Cozy.co, Limelight Networks, Webtrends, US Antarctica Program.

I'm interested in OSS, web operations, and security.

LocationPortland, OR
Twitterhttps://twitter.com/tas50
GitHubhttps://github.com/tas50
Tim SmithDec 30
fox /dev/randomDec 30
#meme
Tim SmithDec 29
Show threadKevin BeaumontDec 29

A Christmas lesson:

Cyber people probably shouldn't post full chain exploits which automate stealing secrets on Christmas Day for new vulns in direct competitor products.

I mean, people can post whatever they want.. it would just be nice to have a holiday with family and all, rather than arming teenagers.

Tim SmithDec 27
daniel:// stenberg://Dec 27

Welcome to #curl 8.18.0-rc3, the third and final release candidate for the pending release:

https://curl.se/mail/lib-2025-12/0035.html

curl: Release candidate 3: curl 8.18.0-rc3

Tim SmithDec 27
Paco HopeDec 27

I never knew it was called the “Moylan arrow.” But now that I know, I will call it that. It’s such a super simple, yet super valuable innovation.

https://www.jalopnik.com/2061179/inventor-little-arrow-what-side-fuel-filler-is-on-dies/

The Inventor Of The Little Arrow That Tells You What Side The Fuel Filler Is On Has Died

The idea came to Moylan on a rainy day in April 1986 when he hopped in one of Ford's employee fleet cars to drive to a meeting at another building.

Jalopnik
Tim SmithDec 27
Natasha  🇪🇺Dec 27
2025 but pictured in gingerbread
Tim SmithDec 27
Kevin BeaumontDec 26

Merry Christmas to everybody, except that dude who works for Elastic, who decided to drop an unauthenticated exploit for MongoDB on Christmas Day, that leaks memory and automates harvesting secrets (e.g. database passwords)

CVE-2025-14847 aka MongoBleed

Exp: https://github.com/joe-desimone/mongobleed/blob/main/mongobleed.py

This one is incredibly widely internet facing and will very likely see mass exploitation and impactful incidents

Impacts every MongoDB version going back a decade.

Shodan dork: product:"MongoDB"

Tim SmithDec 26
Niki TonskyDec 25
Pic. 1. Human Interface Guidelines, Apple, 1992
Pic. 2. macOS Tahoe, Apple, 2025
Tim SmithDec 26
Robert ReichDec 24
Tim SmithDec 24
Erin FoggDec 12
BREAKING: Elf on the Shelf acquired by Palantir 
Tim SmithDec 11
MondooDec 5
November has already flown by, and it’s time to take a look at all the enhancements we accomplished. This month we added new Mondoo Security Advisories designed to keep you ahead of emerging threats. We also expanded our vulnerability detection to include more applications and operating systems, as well as guided remediation steps to help you patch quickly. We beefed up our NPM package detection to bolster supply chain security, and added new network security capabilities. Dig in to find out more!
https://mondoo.com/docs/releases/2025-11-mondoo-release-highlights/
Mondoo Release Highlights November 2025 | Mondoo Docs

November has already flown by, and it’s time to take a look at all the enhancements we accomplished. This month we added new Mondoo Security Advisories designed to keep you ahead of emerging threats. We also expanded our vulnerability detection to include more applications and operating systems, as well as guided remediation steps to help you patch quickly. We beefed up our NPM package detection to bolster supply chain security, and added new network security capabilities. Dig in to find out more!