Ville Turpeinen

@vinski@infosec.exchange
18 Followers
99 Following
2.6K Posts
Threadshttps://www.threads.net/@vinski
Blueskyhttps://bsky.app/profile/vinski.social
Twitterhttps://twittodon.com/share.php?t=vinski_&m=vinski@infosec.exchange
LocationHelsinki, Finland
Ville Turpeinen16h ago
Best of MLTSHP20h ago
https://mltshp.com/p/1R5QU “Preach.”
Ville Turpeinen1d ago
AnnaAnthro1d ago

The U.S. Will Incinerate 500 Tons of Emergency Food Aid - The Atlantic

“Nearly 500 metric tons of emergency food—enough to feed about 1.5 million children for a week—are set to expire tomorrow, acc to current and former government employees with direct knowledge of the rations.

Within weeks, two of those sources told me, the food, meant for children in Afghanistan and Pakistan, will be ash.”

https://www.theatlantic.com/health/archive/2025/07/usaid-emergency-food-incinerate-trump/683532/

The U.S. Will Incinerate 500 Tons of Emergency Food Aid

Federal workers warned for months that the high-energy biscuits would go to waste.

The Atlantic
Ville Turpeinen1d ago
Randahl Fink1d ago

To any Austrailians being misinforned by Sky News, please know that Europe is just fine.

The fact that Sky News has found some social media clips of a few criminals committing crimes in Spain and France does obviously not mean that a continent of 744 million people “has fallen”. All it means is, Australia needs better media.

Ville Turpeinen1d ago
Neil Brown2d ago

The UK Environment Agency has some tips for the public to help conserve water, including

> Deleting old emails to reduce pressure on data centre servers

I kid you not.

https://www.gov.uk/government/news/england-faces-5-billion-litre-public-water-shortage-by-2055-without-urgent-action

England faces 5 billion litre public water shortage by 2055 without urgent action

England faces 5 billion litre a day shortfall for public water supplies by 2055 – and a further 1 billion litre a day deficit for wider economy.

GOV.UK
Ville Turpeinen2d ago
Adam Kent2d ago
Fun* thing I just noticed, the bulleted list markers in the Qantas "you got breached" email? 717kB PNG file.
Ville Turpeinen2d ago
Adam ♿2d ago
Before you advocate #Linux as an alternative for #Windows, it has to be fit for purpose first. This requires understanding and empathy for your (potential) users, which I am not sure a large chunk of the community is capable of.
Ville Turpeinen3d ago
time of monsters ... 😷🇵🇸6d ago
“If you're baffled as to why
they're murdering health
workers in Gaza, it’s because
they are the people who will
testify in court as to what has
been done. They are killing the
witnesses.”
Liam Cunningham
Ville Turpeinen3d ago
Ukraine War Bulletins and News3d ago
⛔️🇰🇵North Korea supplied Russia with 12 million rounds of 152mm shells, South Korean intelligence estimates (more) https://kyivindependent.com/north-korea-supplied-russia-with-12-million-rounds-of-152mm-shells-south-korean-intel-estimates/ #Ukraine #Brussels #NukesForUkraine #Germany #France #Italy #OSCE #PACE #CoE #SouthKorea #Press #News #Taiwan #Media #Japan #USA #US #UK #EU #NATO #UnitedStates #UnitedKingdom
#EuropeanUnion #russiaUkraineWar
#11yrInvasionofUkraine #RussiaIsATerroristState #TrumpIsARussianAsset
North Korea supplied Russia with 12 million rounds of 152mm shells, South Korean intelligence estimates

The report estimated that North Korea could have provided Russia with around 28,000 containers containing weapons and artillery shells to date.

The Kyiv Independent
Ville Turpeinen4d ago
A.R. Moxon4d ago
If you want to know how a country gets to the point where people from a targeted minority are forced to wear some sort of visual signifier of their identity on their clothing, it really seems like this is the progression.

RE: https://bsky.app/profile/did:plc:2vtbmhmrwzbqcfv4we4uxzzt/post/3ltqejx5tgs2g
Ville Turpeinen4d ago
JayeLTee4d ago

I received an email earlier this week from EA asking if I wanted to be added to a public acknowledgement page they were creating for individuals who responsibly disclosed vulnerabilities to them.

For all the shit people give EA, of the 100+ companies I contacted in the last two years, they were the only company I would say had a decent incident response.

They fixed the issue within 12 hours after validating it as critical, and proactively provided me multiple updates over time.

When the IR was done on their side, they reached out again with some more information about the potential impact if the issue hadn't been solved quickly, and also offered me a reward.

I did not have to keep chasing anyone for updates, I wasn't asked for non-disclosure, or offered money in exchange for it, and people replied instead of ignoring me.

I wasn't blamed for their mistake, either, or reported to the authorities.

Unfortunately, at least one or multiple of the things mentioned above are present in most of my other incidents reported; it's a real shit show out there.

#cybersecurity #infosec #responsibledisclosure #vulnerability #ea #electronicarts

×
Adam Kent2d ago
Fun* thing I just noticed, the bulleted list markers in the Qantas "you got breached" email? 717kB PNG file.
Show threadtjhowse2d ago
@akent Fuckin' rofl.
Show threadGeorge Haritonidis2d ago
@akent yep, it’s a big-ass PNG, that’s for sure. https://ecm.loyalty.qantas.com/imgproxy/img/3004766859/bull.png
Show threadRet2d ago
@georgeharito @akent also some amusing URL enumeration fun to be had with those URLs... The image name doesn't matter, just the ID.
Show threadNegative12DollarBill2d ago
@ret @georgeharito @akent
We need to check out all the other image URLs between 0000000001 and 3004766859 to see what they are.
Show threadRet2d ago

@negative12dollarbill @georgeharito @akent if somebody engaged in that it would be entirely embarked upon under their own volition. My indication of the potential for URL enumeration is not a suggestion to exploit such a vulnerability should it exist.

uwu.

Forced browsing | OWASP Foundation

Forced browsing on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

Show threadcamwilson2d ago
@akent lmaoo
Show threadThe Sizzle by Cam Wilson2d ago
@akent I put several of these in each edition
Show threadJames Morris2d ago
@akent They are good at computer.
Show threadeggs2d ago
@akent Equal parts lmao and witaf
Show threadMike Lynch 2d ago
@akent bull dot png, emphasis on the bull
Show threadstibbons2d ago
@akent
Tired: ul
Wired: table
Show threadsen2d ago
@akent @lyndaljane I’ve just imagined explaining to my three decades younger self that we’ll regularly not care about sending an email that link to files that we would only be able to fit two of on a floppy, and they’re just the list element dingbats.
Show threadStephen Collins2d ago
@akent @daedalus clearly basic HTML is beyond their ken.
Show threadibk2d ago
@akent I did wonder how they got them to look so smooth.
Show threadDeborah Pickett2d ago
@akent You discovered the black hole that is sucking up all the entropy of the universe. Nice find! Don't get too close to the event horizon.
Show threadRobin Frousheger2d ago
@akent remember when tracking elements used to be a 1x1px gif?
Show threadLapo Luchini2d ago
@akent How did they manage to fail to compress an image that looks so easily compress-able? 🤣
Show thread HyperSoop 2d ago
@akent That's 717 kB wasted. Literally a single unicode character would have sufficed here
Show threadJos Geluk2d ago
@akent what information is in there, did you look? (Beside the 144 pixels)
Show threadAdam Kent2d ago

@josgeluk It's 1024x1024 8 bit RGBA so more than 144 pixels... but good question -- there is also a bunch of metadata that looks like signing keys or something: https://pastebin.com/raw/WUgadPyf

Check the png here direct if you like: https://ecm.loyalty.qantas.com/imgproxy/img/3004766859/bull.png

I smell some "vibe" coding.

Show threadDuale "Wale" Siad2d ago
@akent @josgeluk The fact that they (may) have used ChatGPT to generate a bullet point is nothing short of crazy.
Show threadOzzelot2d ago
@wale @akent @josgeluk It has made me groan loudly.
Show threadarmselig2d ago
@akent The image has been optimised for future Retina displays and Safari.
Show threadJustin Scholz2d ago
@akent @bert_hubert things that would have never 🥁 🥁 flown 🥁 🥁 20 years ago due to internet bandwidth constraints :)
Show threadJP2d ago
@akent and it appears to have OpenAI/GPT-4o fingerprint info in the metadata. As well as TruePic Lens things. Bizarre.
Show threadAdam Kent2d ago
@daedalus I also just found this too. I smell some vibe coding.
Show threadCarsten Raddatz2d ago
Of course! Why waste an opportunity to track mail openings when reaching out to your audience could go unmeasured instead?
But yeah, this is absurd, given less than one hundred bytes of SVG would to, if going fancy, or a simple or something.
Show threadBart-Jan Vrielink2d ago
@akent they saved 2 bytes by shortening the name to bull.png.
Show threadJordan Biserkov2d ago
@bartjan @akent 4 bytes, if you know what I mean ;-)
Show threadsotolf2d ago
@akent That's two times pokémon red, for a dot..
Show threadJulian Foad2d ago
@akent There must be a name for this stupid kind of data bloat. Using pictures as a substitute for text. Using HTML in email. Reminiscent of how MS Word stretches a hundred word "text" document to a megabyte of file size by attaching unwanted repetetive metadata like "spacing-adjustment=-0.0; colour-scheme=microsoft" to every actual word of text (paraphrased; have blissfully avoided touching Microsoft stuff for years and hate it when people occasionally inveigle me to do so).
Show threadsvenk2d ago

@julian @akent "there must be a name" -> https://en.wikipedia.org/wiki/Software_bloat#Types_of_bloat -> "This section needs expansion with: more on the topic: these are not the only forms of bloat. You can help by adding to it. (July 2024)"

We should come up with a name 😂. Because of citogenesis https://xkcd.com/978/

Software bloat - Wikipedia

Show threadSimon Hewison2d ago
@akent Is there some silly steganography going on with almost but not quite shades of black in there?
You have to try really hard to create a png that badly compressed.
Show threadWill Richardson2d ago
@akent chuck loading=lazy on those bad boys and you've got scroll tracking
Show threadGrumble 🇺🇸 🇺🇦2d ago
@akent This is a company who takes "control your supply chain" seriously.
Show threadChristof Damian 💙💛2d ago
@akent
That would nearly fill an Amiga floppy disk!
Show threadVelvet (P R O U T)2d ago
@akent How. Why. What. The fuck?!
Show threadabadidea2d ago
@akent @GossiTheDog did they go out of their way to reduce the png compression to the lowest possible setting
Show threadstib2d ago
@akent
But they'll charge you $15 if your carry-on is 500g over. The cheek of it.
Show threadEd2d ago
@akent please say its a different PNG for each item as well?
Show threadSnuffleupadon2d ago

@akent while the png is oversized this is a fairly relevant way to code emails (although I agree with other commenters I would have used • myself.) Email clients are very inconsistent in rendering and lists are one of the things that has historically been a pain to get right across clients. The mantra in the email world has long been, "code it like it's 1999." It's been very slowly getting better as older clients roll off but I don't think it's ever going to be on-par with the state of the art Web HTML.

I just wanted to dispel some of the commentary here in the replies because it's clear most people here haven't coded many emails and are making assumptions about it.