Erlend Oftedal

@[email protected]
441 Followers
129 Following
28 Posts
Show threadErlend OftedalSep 9, 2025
@sawaba @GossiTheDog npm install scripts are definitely the most common way. But it makes sense to hide it in the actual code as well, especially if it is used in dev dependencies and thus runs frequently on developer machines. As an example the «debug» package has ~60k dependents.
Erlend OftedalSep 8, 2025
@GossiTheDog Now if only there was a song about that : https://suno.com/song/9f55903e-c974-40fa-a62c-64595f0576a8
Just One Package More

Listen and make your own on Suno.

Erlend OftedalSep 4, 2023
Patricia AasSep 4, 2023
✨Tickets for AdaCon✨ the FREE Oslo tech conference ( @adacon) are now available! The conference is for everyone regardless of background or identity 🙌
https://adacon.no/#tickets
AdaCon Norway 2024 in Oslo · A yearly tech-conference in Oslo, Norway

AdaCon Norway is a yearly tech-conference that aims promote and empower underrepresented people in tech from Norway by showcasing a full lineup of speakers from all backgrounds.

Erlend OftedalAug 1, 2023
aldroidiaJul 22, 2023
i have found the patron saint of remote code execution
Erlend OftedalJul 12, 2023
Listening to the latest Risky Business podcast episode makes me wonder if Microsoft has or should have something similar to Certificate Transparency logs, but for Windows drivers.
Could also include build provenance.
Show threadErlend OftedalJun 29, 2023
@anderseknert Thank you for speaking at our #owasp chapter!
Erlend OftedalJun 16, 2023
Anders EknertJun 16, 2023

Friends in #Norway! 🇳🇴 And I'm lucky to have many of those by now. June 29 I will be talking #OpenPolicyAgent and all things related at the local #OWASP meetup. Come join me, @webtonull and a whole bunch of other smart and fun people for what I'm sure will be a great event. Not many spots left, so make sure to RSVP right away.

https://www.meetup.com/owasp-oslo/events/294176472/

June meetup, Thu, Jun 29, 2023, 5:00 PM | Meetup

**Blank** is the sponsor of this meetup! Thank you! **Agenda:** * 17:00-17:30 : Food * 17:30-17:50 : How to get pwned by npm packages and weak settings in GitHub Actions

Meetup
Erlend OftedalJan 27, 2023
The good news is that we managed to get CVE-2022-23529 revoked. The bad news is we won’t get back the time devs and sec engineers around the world spent triaging and fixing this. Lets do better goin forward. CVEs should have a meaningful attack path.
Erlend OftedalJan 12, 2023
Møt ChatGPT's litt mindre intelligente onkel: ChatEDB
https://erlend.oftedal.no/chat-edb/
ChatEDB

Show threadErlend OftedalJan 11, 2023
@seolsson https://github.com/github/advisory-database/pull/1595
Pull request to pull the advisory
[GHSA-27h2-hvpr-p74q] jsonwebtoken has insecure input validation in jwt.verify function by MichaelErmer · Pull Request #1595 · github/advisory-database

Updates CVSS Severity Comments The CVE is a joke, it requires the „attacker“ to create an object in the application context, not just parsed JSON but an object with an executable function. This c...

GitHub