Koto
@kkotowicz.bsky.social
Security ninja wannabe / board game geek / photon catcher
Interesting. I wonder what's the motivation for projects to opt-in to this, and how many did already. Sounds like it would incur prohibitive costs on the company and the bug hunter (explaining technical security bugs to lawyers is orders of magnitude more involved than to security engineers).
January 23, 2025 at 10:36 AM
Interesting. I wonder what's the motivation for projects to opt-in to this, and how many did already. Sounds like it would incur prohibitive costs on the company and the bug hunter (explaining technical security bugs to lawyers is orders of magnitude more involved than to security engineers).
Reposted by Koto
Telegram: not an encrypted messaging app ;) blog.cryptographyengineering.com/2024/08/25/t...
Is Telegram really an encrypted messaging app?
This blog is reserved for more serious things, and ordinarily I wouldn’t spend time on questions like the above. But much as I’d like to spend my time writing about exciting topics, som…
blog.cryptographyengineering.com
January 7, 2025 at 5:41 PM
Telegram: not an encrypted messaging app ;) blog.cryptographyengineering.com/2024/08/25/t...
To this day I think my demise will be through some npm shenanigans. And it's fair, I deserve it. It should Javascript->RCE.
December 4, 2024 at 8:50 PM
To this day I think my demise will be through some npm shenanigans. And it's fair, I deserve it. It should Javascript->RCE.
Interesting choice! Most, myself included, prefer Blindsight. Both are really good though, still waiting for the grand finale that will likely never come :)
November 25, 2024 at 7:10 PM
Interesting choice! Most, myself included, prefer Blindsight. Both are really good though, still waiting for the grand finale that will likely never come :)
For posterity - nope, it does not :/
November 21, 2024 at 10:57 PM
For posterity - nope, it does not :/
You totally should rename it to Cevisshe :)
November 21, 2024 at 8:09 AM
You totally should rename it to Cevisshe :)
@webappsec.dev has go.bsky.app/Uf8dZhz, it's a good one.
November 21, 2024 at 6:25 AM
@webappsec.dev has go.bsky.app/Uf8dZhz, it's a good one.
Maybe, but that metric is not likely even correlated to 'most commonly exploited'.
November 18, 2024 at 1:44 PM
Maybe, but that metric is not likely even correlated to 'most commonly exploited'.