Unauthorised maths.
Tim (Wadhwa-)Brown 
- 1.4K Followers
- 2K Following
- 7K Posts
push(@fediverse, "Adversarial Engineer"); # i hack in Perl
cR0w
"We're all doomed. GlassWing can read source code and find vulnerabilities."
If the adversary has access to the source code, then they already somewhat could. They will still have to sort the wheat from the chaff no matter if they're using grep or some new super intelligence because not every bug ends up being exploitable. Also, how many controls have they subverted to get there...
"One of the things that upsets me about AI is that it doesn't think. It just keeps pushing existing ideas."
Yeh, no shit sherlock.
Given that BlueSky 302's <username>.bsky.social to the user's profile with content that they control, I wonder what they do to filter usernames against reserved DNS subdomains...
I might rewrite the logic at some point, kinda feels like the data model has changed sufficiently that my parsing logic might need some love.
Running threat-crank to update https://github.com/timb-machine/attack-ti with v19 data.
This is with respect to "traceroute 2.1.2 - MPLS Extension Out-of-Bounds Read". Feels sloppily written...
Today in CVSS questions:
CVSS v3.1 Score: 5.9 (Medium) — AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector: Network (on-path / rogue router)
Do you mean AV:A?