@reyna Wow, that unlocked a memory I didn‘t know I had. I played this game! I think I only had the shareware version though…

@ascherbaum cyber-vbulletin.social - soviel Zeit muß sein.

Nothing says „computer security has not advanced in the past 20 years“ like a 10.0 vuln in vBulletin. At least we‘re prefixing everything „cyber“ now.

https://www.heise.de/news/Operation-Endgame-2-0-20-Haftbefehle-Hunderte-Server-ausser-Gefecht-gesetzt-10394215.html

@publictorsten Jor, tut. Bringt einen headless Chrome mit und hat OpenAI-Anbindung (um AI Slop in die Bookmarks zu rühren, nehme ich an). Und einen MCP Service, damit der AI Slop Deine Bookmarks umrühren kann. https://github.com/karakeep-app/karakeep/blob/main/docker/docker-compose.yml
Ich habe selber kein Pocket-Konto, daher kann ich den Pocket-Import nicht testen - die Funktionalität ist aber da. Wenn Du damit rumspielen willst, slide mal in meine DMs, dann sage ich dir den Link zu meinem Testbed.

@publictorsten Karakeep. Ich baue gleich mal einen Testcontainer.

Yeah, that tends to happen to people who work professionally in PKI...

@verbrecher I'm almost certain this is a scam site. If your husband has a Hausratversicherung, check its terms and conditions. Some of them reimburse you for Internet fraud.

@verbrecher Certificate first logged at 2025-03-12 🚩, Cloudflare 🚩, no (legally required) imprint 🚩, contact mail address is some rando gmail 🚩, shipping costs 15,99 🚩, supposedly paypal only 🚩.
That being said, finding a decent shop for appliance replacement parts is hard, especially for older appliances. Maybe ask a local repair café or makerspace for a referral.

@thezdi Good luck to all contestants!

Sina "SinSinology" Kheirkhah during his attempt on Sharepoint on #pwn2own #p2oberlin
So far 2 failed attempt, one left.

@danslerush As bad as this is, it follows "due process". Khan has been assigned a "Specially Designated Individual" by US OFAC (by order of the 🟠) and as a US corporation, MSFT was legally required to sever any and all contractual connections with him. The guy probably doesn't even have a Netflix account now.

This is the same legal process that is used for, say, ransomware dudes or russian presidents.

If the chief prosecutor of the ICC can be arbitrarily put on the SDN, everyone can.

Boom! Mohand Acherir & Patrick Ventuzelo (@pat_ventuzelo) of FuzzingLabs (@fuzzinglabs) kick off Day Two in style by demonstrating their exploit of #NVIDIA Triton. They're off to the disclosure room to see if their exploit is unique. #Pwn2Own #P2OBerlin

@djlink Skoda is selling 3D printed accessories like cup holders for their cars. Pretty neat idea for small-scale production of specialized items, if you ask me.
I remember that about 10 years ago, Mrs. Claas (owner of the tractor manufacturing company) said they were already producing 3D printed replacement parts for their vehicle portfolio.

Off to #pwn2own Berlin, looking forward to seeing some nice pwnage and talk to ppl involved. See you there!

@circl I know, I also took a long, hard look at vulnerability lookup. I'm planning to check out the "dirty dockerized version" (your words, not mine 😛) soonish.

OK, das hier ist echt gut gemacht: https://www.youtube.com/watch?v=6Hcs78NTqpE #cybergangster #paradise #reimtsich

@cgudrian Ja, das war auch mein Ansatz. Allein: Das geht mit curl, aber leider nicht per XHR (also Browser-Bookmarklet) wegen CORS fuckery (ich kriege einen 403 für den mandatory OPTIONS request vor dem GET). Müsste ich irgendwie proxyen.

Quellenschutz 101: Entferne Metadaten aus geleakten Dokumenten, bevor Du sie veröffentlichst. https://23.social/@linuzifer/114511229216592483

With our first confirmation, our results blog is now live. We'll be updating this blog throughout the day with the latest results. https://www.zerodayinitiative.com/blog/2025/5/15/pwn2own-berlin-2025-day-one-results