Colin Cassidy
@parttimesecguy.bsky.social
Frequently answers the question “What does this button do?” Breaker of assumptions, finder of bugs. Plays devil's advocate my opinions may not be my own.
https://www.parttimesecguy.com/
https://www.parttimesecguy.com/
after the AWS outage we all knew who their customer were, so a nice way to say "look who *our* customers are!"
October 29, 2025 at 10:47 PM
after the AWS outage we all knew who their customer were, so a nice way to say "look who *our* customers are!"
So I dug into the "invisible code" in glassworm
www.parttimesecguy.com/2025/10/glas...
www.parttimesecguy.com/2025/10/glas...
Glassworm - What is it actually doing?
So following on from https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace , I manag...
www.parttimesecguy.com
October 27, 2025 at 3:38 PM
So I dug into the "invisible code" in glassworm
www.parttimesecguy.com/2025/10/glas...
www.parttimesecguy.com/2025/10/glas...
I love how every company is like "our product now has AI, dump your data into it", but will have clauses that state that ^their^ data cannot be used in your AI...
October 24, 2025 at 9:28 AM
I love how every company is like "our product now has AI, dump your data into it", but will have clauses that state that ^their^ data cannot be used in your AI...
Same Government that wants to remove end-to-end encryption demands use of post-quantum encryption:
www.theguardian.com/technology/2...
www.theguardian.com/technology/2...
UK cybersecurity agency warns over risk of quantum hackers
Organisations including energy and transport firms told to guard systems against powerful new computers
www.theguardian.com
March 20, 2025 at 9:58 AM
Same Government that wants to remove end-to-end encryption demands use of post-quantum encryption:
www.theguardian.com/technology/2...
www.theguardian.com/technology/2...
Rocking hard-coded passwords like its the 1990's industrialcyber.co/vulnerabilit...
Moxa finds privilege escalation, OS command injection flaws in cellular routers, network security appliances
Moxa finds privilege escalation and OS command injection flaws in cellular routers, and network security appliances; provides mitigation.
industrialcyber.co
January 7, 2025 at 12:24 PM
Rocking hard-coded passwords like its the 1990's industrialcyber.co/vulnerabilit...
Abuse this feature as you see fit. Your milage may vary with gcc.
So fun fact, clang treats the Mongolian Vowel Separator as a space, even though it hasn’t been since version 6.3 of Unicode. Clang also treats the Zero Width Space as an identifier character, even though it is a whitespace, and not a legal identifier character (www.unicode.org/reports/tr39...)
UTS #39: Unicode Security Mechanisms
www.unicode.org
December 20, 2024 at 4:50 PM
Abuse this feature as you see fit. Your milage may vary with gcc.
So fun fact, clang treats the Mongolian Vowel Separator as a space, even though it hasn’t been since version 6.3 of Unicode. Clang also treats the Zero Width Space as an identifier character, even though it is a whitespace, and not a legal identifier character (www.unicode.org/reports/tr39...)
UTS #39: Unicode Security Mechanisms
www.unicode.org
December 20, 2024 at 4:49 PM
So fun fact, clang treats the Mongolian Vowel Separator as a space, even though it hasn’t been since version 6.3 of Unicode. Clang also treats the Zero Width Space as an identifier character, even though it is a whitespace, and not a legal identifier character (www.unicode.org/reports/tr39...)
I'll just leave this here
December 19, 2024 at 6:33 PM
I'll just leave this here
For anyone who didn't get to my Hack::soho talk, or you wanted a refresher on the monstrous Mongolian Vowel Separator (other weird characters are available) and how it can enable a subtle supply chain attack you can catch it here. www.youtube.com/watch?v=LcH5...
hack::soho | Lost in Translation: Challenges of Internationalisation | Colin Cassidy
YouTube video by IOActive, Inc.
www.youtube.com
December 11, 2024 at 2:21 PM
For anyone who didn't get to my Hack::soho talk, or you wanted a refresher on the monstrous Mongolian Vowel Separator (other weird characters are available) and how it can enable a subtle supply chain attack you can catch it here. www.youtube.com/watch?v=LcH5...
Adventures in interesting whitespace
www.parttimesecguy.com/2024/12/spac...
www.parttimesecguy.com/2024/12/spac...
December 8, 2024 at 2:03 PM
Adventures in interesting whitespace
www.parttimesecguy.com/2024/12/spac...
www.parttimesecguy.com/2024/12/spac...
Name a TV show you're positive no one remembers but you.
November 22, 2024 at 2:53 PM
Name a TV show you're positive no one remembers but you.