AndrewMohawk

Feels so good to interact with the infosec community as a whole, I cant imagine why we have bad reputation as not being welcoming!

expel.com/blog/poisons... pretty interesting using cross device sign in ( www.passkeycentral.org/design-guide... ) to bypass fido2 hurdle, effectively turning the hardware token into QR code and asking the user to scan it

I made a submission!

A blonde tattooed person tattooing the forearm of a woman

My firstborn is trans 🏳️‍⚧️ nonbinary ⚧️ and a tattoo artist that now lives in California. They’re in Seattle for their brother’s graduation this week and brought their gear to give me a tattoo. There is a my other two tattoos are decorative but there is a meaningful story behind what I had them do. 1/

here's a framebuffer graphics demo (this has no practical purpose and I can't prove I'm not just like, playing a youtube video or something)

Finally one of the models is useful to me. I give you my stance on WebAuthN. cc @Yubico

(Everyone at orgs I work at has a 5C + 5C NFC for phone and your org should as well)

Whats the worst that could happen?

Its finders keepers for one of these f-18s right?

@kurtopsahl.bsky.social just said "The journey to stronger opsec begins with reducing the number of steps" and I fucking love it.

She thinks the Library of Congress is like a local public library because it's got "Library" in the name and I can't emphasize enough that our country is being run by the stupidest people alive on the planet today.

Friends, criminals, scoundrels, you rang?

One Hole per beverage A coke machine at a fast food place from befor the 2010s is shown next to a big green check mark Unholy drink cloaca A coke machine with a single dispenser and an screen for choice is shown

You wont know when I am absolutely destroying my docker swarm, but there will be signs.

I got Manus access and errr.. its struggling with a docker project, but the filenames are hilarious! Manus.. its just like us!

The life of crime is calling me!

Collection of stolen memes because this is incredible

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication Five critical flaws in Ingress NGINX Controller expose 6,500+ clusters; update now to prevent unauthorized remote code execution.

Another day, another 9.x critical vuln that bypasses authentication/authorization flow :(

thehackernews.com/2025/03/crit...

But dont worry it's just the kubes ingress-nginx and not the nginx ingress controller often used for kubes. Stay safe out there 🙃

Meme stolen from @yaelwrites.com

The Trump Administration Accidentally Texted Me Its War Plans U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.

In 25 years of covering national security, I’ve never seen a story like this: Senior Trump officials discussed planning for the U.S. attack on Yemen in a Signal group--and inadvertently added the editor-in-chief of The Atlantic. www.theatlantic.com/politics/arc...

And some skinnnnn

Just needs this and then microcontroller and camera, I'm using a pretty wide camera cause it's just what I had lying around

Even has a web interface to see what the fsck its up to

Found a cool animatronic eye 3D print and spent the weekend making it follow me around

Common vulnerabilities and Exposures (CVE)

I really hate that this is the release details we get for a *9.1 critical vuln* in a common js stack: www.cve.org/CVERecord?id...

I will be blocking all requests with the header `x-middleware-subrequest` rather than risk deploying a > 5pm release for something without any real details.

Tornado Cash Delisting WASHINGTON — Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring within evolving technolo...

Tornado cash is back.

home.treasury.gov/news/press-r...

Vibe coding my own rust ui for the rayhunter ( github.com/EFForg/rayhu... )

A short story in 4: