Signal Is Wrecking Your Images and Videos
https://sneak.berlin/20210425/signal-is-wrecking-your-images-and-videos/
it only just now occurred to me that i successfully predicted the solarwinds autoupdate class of attack last year:
I wrote yesterday about how not to run a vulnerability disclosure program:
https://sneak.berlin/20210424/how-not-to-run-a-vulnerability-disclosure-program/
lol, amex takes vuln submissions and sends them to hackerone, and replies with an autoresponder that says you have to confirm the report, and claims that clicking the link means you agree to the hackerone contract.
the link, of course, completely fails to render without javascript.
i will not agree to this contract and i will not render hackerone's javascript.
guess amex's vuln is getting published in a month.
Hacker, researcher, entrepreneur. Make sure we're connected at https://sneak.berlin/list
these toots are also available at https://s.sneak.berlin/@sneak.rss if you're into that.