Notices by Matt Palmer (womble@infosec.exchange)

@dalias the naive intern who is the favourite child of your biggest, nastiest, least trustworthy competitor.

@haakon @lesley @RegGuy @hacks4pancakes

@GossiTheDog

@GossiTheDog that seems like a very difficult claim to prove - CVEs don't usually come with sufficient information to be able to detect exploitation at a distance.

In any event, the vast majority of CVEs don't have this degree of impact and ease of exploitation. The moment that this kind of vuln - pre-auth information disclosure - is known to exist, it's basically inevitable that many actors, for a variety of reasons, will seek to develop an exploit for it.

@GossiTheDog I feel like there's enough data on what happens as soon as a patch drops, from what has happened every previous time, that the consequences of Mongo dropping a patch on the 23rd were pretty easy to predict.

@fesshole as a former train driver myself, I feel that "boring" is what a driver should be aiming for. Excitement is not what you want when you've got 1,000 people and 300 tons of heavy machinery behind you.

@0xabad1dea I have, more than once, looked in the top corner of the book I was reading in order to determine the current time.

@azninsect two possibilities come to mind:

1. Yes they absolutely are that dumb, and/or believe that the meds are all big pharma cash grab placebos;
2. They know what they're doing, and do not give even the slightest fuck about the consequences to others.

@BeAware if you truly believe that Facebook automatically deleting posts that link to a competitor was a totally accidental bug, I've got an NFT of a bridge to sell you.

@benroyce

@skinnylatte several decades of being told by the media that people just arrive in a country and get everything handed to them meets cold, hard reality.

@mmasnick what's the effect of playing the "take investment from a cryptocurrency grifter" card?

@ryanc I don't like this dystopian cyberpunk take on being a citizen of the world...

@patrickcmiller @dave_aitel "our billing practices are just like gyms!" is not the mic drop argument cable operators seem to think it is.

@phiofx @carnage4life oooh, you're *so* close! Ask yourself why housing *doesn't* depreciate like cars...

@phiofx @carnage4life I don't understand why home ownership requires housing to be an investment. Car ownership seems to get along just fine without being a capital gains printing machine.

@Natanox there aren't enough security experts in the world to audit even a small portion of the security sensitive code being written - not to mention that experts are human too, and can make mistakes. The focus needs to be on more secure *methods* of writing code, and tools that can detect or (preferably) prevent insecure code, including formal methods that can prove that code is secure.

@patrickcmiller nah, they're already making record profits. This is about keeping people scared, to put a stop to the fledgling activism and unionism in tech.

@patrickcmiller The layoffs will continue until loyalty improves.

@raggi yes, the degree of exposure is an important element in the risk analysis.

@raggi that blog post is rather conspicuously missing a section entitled "how in the name of flying fudge pickles did this happen?!?"

@feld it's better than trying to design and implement their own equivalent scheme.