DO NOT USE eval()
DO NOT USE exec()

For the use case mentioned here ("you don't know what the variable name could be"/"you need to dynamically change the name) use getattr() instead.

DO NOT USE eval()
DO NOT USE exec()

If you use eval() and/or exec() in your code, you are literally begging your application to get hacked. You've taken out a billboard saying "please RCE my face"

If you're ever wondering "How the hell does my company find customers", remember that there's a place that says...

"Our company specializes in the design of a variety of equipment to thicken the ice on lakes and rivers for commercial and industrial purposes," Rossington noted. "We undertake contracts to build ice all across Canada."

If the ice thickeners found a market, you can, too.

Please compare: The "harassment" Molly White claims to have received (no screens tho 🤔)

And the real actual threats of physical violence I've received.

Cry me a fucking river, Molly.

I think it's awful that Eugene's piss-poor code potentially exposed the personal information of thousands.

It's entirely possible that the vulnerability I kept trying to tell Eugene about was used to pop gab but that's none of my business

maybe don't suspend security researchers, you'll receive more (and better) bug reports :/

Everyone wants to stand out, but please do not do something like this in place of a one-page resume.

Zero recruiters will be grilling your "resume chatbot" to get the information they need.

This is spectacular. "How will we convey to people x years from now to stay the fuck away from here?" in regards to buried nuclear waste was a big news story just a few months ago

And people are flocking to random markers in the middle of fuck off nowhere to see what's inside.

Subwindows now show context/timelines for statuses/actors respectively, they update cleanly the first time, and they correctly deduplicate.

and they make long threads incredibly easy to read

no. bad marketing team. i'm getting the spray bottle.

Hey, forgot who posted the cheap ARM boards, I got three of them.

They're a complete IoT "security" device, that they're trying to get *any* investment back on. The whole kit. Including instructions.

So you get a screen, power accessories, an SD card preloaded with the IoT s3curity OS, for $15. The product itself is still being sold for $100, supposedly.

Any friend/colleague who hands me their resume has been.... like really bad at resumes. I think everyone's just bad at resumes. Landscape (wtf?) layout, leaving half a page empty, using colors of any kind (outside of a design role), and using more than a single page early in a career.

For each person's resume I redid, all using my template, they got the callbacks that eventually became their jobs within two weeks.

Biggest single thing you can do: SHORTEN THAT SUCKER.

Outlook RCE bug is much more serious, but the bug you have to be on the same physical network to exploit got a name, so it's the one people (read: media and managers) think is serious.

US joins six countries in new call for backdoor encryption access.

And they will get it over my cold, dead, body. What did that senator say.... "Send bachelors and come heavily armed"?

If yall want my crypto, send bachelors and come heavily armed.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.