becojo
@becojo.com
securing the computers | gifs https://becojo.tumblr.com
Reposted by becojo
After 404 Media's months-long reporting and pressure from lawmakers, the data broker owned by the U.S.’s major airlines will now shut down a program in which it sold access to hundreds of millions of flight records to the government and let agencies track peoples’ movements without a warrant.
November 18, 2025 at 9:39 PM
After 404 Media's months-long reporting and pressure from lawmakers, the data broker owned by the U.S.’s major airlines will now shut down a program in which it sold access to hundreds of millions of flight records to the government and let agencies track peoples’ movements without a warrant.
Reposted by becojo
"an agent is simply an LLM call in a loop"
sure and a web server is just accept(2) in a loop
sure and a web server is just accept(2) in a loop
November 12, 2025 at 3:11 AM
"an agent is simply an LLM call in a loop"
sure and a web server is just accept(2) in a loop
sure and a web server is just accept(2) in a loop
Reposted by becojo
Identifying birds using the Merlin Bird ID is real life Pokémon.
June 22, 2025 at 10:58 PM
Identifying birds using the Merlin Bird ID is real life Pokémon.
Reposted by becojo
Reposted by becojo
If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the fixers and breakers) and the cybersecurity industry (profits above all else) are two very, very different things.
April 30, 2025 at 12:16 PM
If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the fixers and breakers) and the cybersecurity industry (profits above all else) are two very, very different things.
Reposted by becojo
👋 Hello Bsky! MontréHack is a bilingual, monthly cybersecurity workshop in Montreal where challenge designers present their CTF challenges and participants solve them.
March 10, 2025 at 10:18 PM
👋 Hello Bsky! MontréHack is a bilingual, monthly cybersecurity workshop in Montreal where challenge designers present their CTF challenges and participants solve them.
Reposted by becojo
Fellow cybersecurity folks: Make sure to follow @northsec.bsky.social if you came to bluesky from Twitter! Great conference in Montreal and probably the biggest on-site CTF in the world.
January 31, 2025 at 12:08 AM
Fellow cybersecurity folks: Make sure to follow @northsec.bsky.social if you came to bluesky from Twitter! Great conference in Montreal and probably the biggest on-site CTF in the world.
Reposted by becojo
New, w/ @lorenzofb.bsky.social: Data-loss prevention startup Cyberhaven was hacked to publish a malicious update to its Chrome extension, affecting potentially thousands of users. A security researcher says other big Chrome extensions were hacked in the same campaign.
techcrunch.com/2024/12/27/c...
techcrunch.com/2024/12/27/c...
Cyberhaven says it was hacked to publish a malicious update to its Chrome extension | TechCrunch
The data-loss startup says it was targeted as part of a "wider campaign to target Chrome extension developers."
techcrunch.com
December 27, 2024 at 6:55 PM
New, w/ @lorenzofb.bsky.social: Data-loss prevention startup Cyberhaven was hacked to publish a malicious update to its Chrome extension, affecting potentially thousands of users. A security researcher says other big Chrome extensions were hacked in the same campaign.
techcrunch.com/2024/12/27/c...
techcrunch.com/2024/12/27/c...
Design Space for Code Search Query ast-grep.github.io/blog/code-se...
Design Space for Code Search Query
A review of the design space for code search tools.
ast-grep.github.io
December 26, 2024 at 1:43 PM
Design Space for Code Search Query ast-grep.github.io/blog/code-se...
Reposted by becojo
Dying to win: Canadian provinces are expanding legal gambling despite ‘one death every nine days.’
Michener-funded investigation into gambling-related suicide data shows tracking of deaths lags, while governments ignore risks to chase industry profits.
ricochet.media/justice/dyin...
#cdnpoli
Michener-funded investigation into gambling-related suicide data shows tracking of deaths lags, while governments ignore risks to chase industry profits.
ricochet.media/justice/dyin...
#cdnpoli
Dying to win: Canadian provinces are expanding legal gambling despite one death every nine days
Investigation into gambling-related suicide data shows tracking of deaths lags while governments ignore risks to chase industry profits
ricochet.media
December 17, 2024 at 8:48 PM
Dying to win: Canadian provinces are expanding legal gambling despite ‘one death every nine days.’
Michener-funded investigation into gambling-related suicide data shows tracking of deaths lags, while governments ignore risks to chase industry profits.
ricochet.media/justice/dyin...
#cdnpoli
Michener-funded investigation into gambling-related suicide data shows tracking of deaths lags, while governments ignore risks to chase industry profits.
ricochet.media/justice/dyin...
#cdnpoli
Reposted by becojo
I wrote a thing with my colleague Ilyass El Hadi (0xc0ffee_) & Charles Prevost, about how we've been leveraging offensive webapp testing during Red Teams. 4 use cases of external breaches using webapps inside, enjoy! #appsec
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Bridging the Gap: Elevating Red Team Assessments with Application Security Testing | Google Cloud Blog
Red team and targeted external assessments should incorporate application security expertise to better simulate modern adversaries.
cloud.google.com
December 6, 2024 at 8:12 PM
I wrote a thing with my colleague Ilyass El Hadi (0xc0ffee_) & Charles Prevost, about how we've been leveraging offensive webapp testing during Red Teams. 4 use cases of external breaches using webapps inside, enjoy! #appsec
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Reposted by becojo
Reposted by becojo
Been having a ton of fun solving these, only 2/3 done and i'm quite humbled so far
challenge-xss.quiz.flatt.training
challenge-xss.quiz.flatt.training
Flatt Security XSS Challenge
Execute alert(origin) on each challenge origins.
challenge-xss.quiz.flatt.training
November 21, 2024 at 5:58 PM
Been having a ton of fun solving these, only 2/3 done and i'm quite humbled so far
challenge-xss.quiz.flatt.training
challenge-xss.quiz.flatt.training
add that to the reasons to stop using bash in production pipelines yossarian.net/til/post/som... #security #cicd #appsec
TIL: Some surprising code execution sources in bash
yossarian.net
November 21, 2024 at 5:16 PM
add that to the reasons to stop using bash in production pipelines yossarian.net/til/post/som... #security #cicd #appsec
Reposted by becojo
