Dr. Christopher Kunz

Security (web, infra, app) nerd, slightly disillusioned VR enthusiast, author @heise Security
PGP fingerprint: C882 8ED1 7DD1 9011 C088  EA50 5CFA 2EEB 397A CAC1

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-27

@reyna Wow, that unlocked a memory I didn‘t know I had. I played this game! I think I only had the shareware version though…

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-27

@ascherbaum cyber-vbulletin.social - soviel Zeit muß sein.

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-27

Nothing says „computer security has not advanced in the past 20 years“ like a 10.0 vuln in vBulletin. At least we‘re prefixing everything „cyber“ now.

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-23

@publictorsten Jor, tut. Bringt einen headless Chrome mit und hat OpenAI-Anbindung (um AI Slop in die Bookmarks zu rühren, nehme ich an). Und einen MCP Service, damit der AI Slop Deine Bookmarks umrühren kann. github.com/karakeep-app/karake
Ich habe selber kein Pocket-Konto, daher kann ich den Pocket-Import nicht testen - die Funktionalität ist aber da. Wenn Du damit rumspielen willst, slide mal in meine DMs, dann sage ich dir den Link zu meinem Testbed.

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-23

@publictorsten Karakeep. Ich baue gleich mal einen Testcontainer.

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-22

Yeah, that tends to happen to people who work professionally in PKI...

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-21

@verbrecher I'm almost certain this is a scam site. If your husband has a Hausratversicherung, check its terms and conditions. Some of them reimburse you for Internet fraud.

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-21

@verbrecher Certificate first logged at 2025-03-12 🚩, Cloudflare 🚩, no (legally required) imprint 🚩, contact mail address is some rando gmail 🚩, shipping costs 15,99 🚩, supposedly paypal only 🚩.
That being said, finding a decent shop for appliance replacement parts is hard, especially for older appliances. Maybe ask a local repair café or makerspace for a referral.

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-17

@thezdi Good luck to all contestants!

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-16

Sina "SinSinology" Kheirkhah during his attempt on Sharepoint on #pwn2own #p2oberlin
So far 2 failed attempt, one left.

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-16

@danslerush As bad as this is, it follows "due process". Khan has been assigned a "Specially Designated Individual" by US OFAC (by order of the 🟠) and as a US corporation, MSFT was legally required to sever any and all contractual connections with him. The guy probably doesn't even have a Netflix account now.

This is the same legal process that is used for, say, ransomware dudes or russian presidents.

If the chief prosecutor of the ICC can be arbitrarily put on the SDN, everyone can.

Dr. Christopher Kunz boosted:
Trend Zero Day Initiativethezdi@infosec.exchange
2025-05-16

Boom! Mohand Acherir & Patrick Ventuzelo (@pat_ventuzelo) of FuzzingLabs (@fuzzinglabs) kick off Day Two in style by demonstrating their exploit of #NVIDIA Triton. They're off to the disclosure room to see if their exploit is unique. #Pwn2Own #P2OBerlin

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-16

@djlink Skoda is selling 3D printed accessories like cup holders for their cars. Pretty neat idea for small-scale production of specialized items, if you ask me.
I remember that about 10 years ago, Mrs. Claas (owner of the tractor manufacturing company) said they were already producing 3D printed replacement parts for their vehicle portfolio.

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-16

Off to #pwn2own Berlin, looking forward to seeing some nice pwnage and talk to ppl involved. See you there!

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-16

@circl I know, I also took a long, hard look at vulnerability lookup. I'm planning to check out the "dirty dockerized version" (your words, not mine 😛) soonish.

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-15

@cgudrian Ja, das war auch mein Ansatz. Allein: Das geht mit curl, aber leider nicht per XHR (also Browser-Bookmarklet) wegen CORS fuckery (ich kriege einen 403 für den mandatory OPTIONS request vor dem GET). Müsste ich irgendwie proxyen.

Dr. Christopher Kunzchristopherkunz@chaos.social
2025-05-15

Quellenschutz 101: Entferne Metadaten aus geleakten Dokumenten, bevor Du sie veröffentlichst. 23.social/@linuzifer/114511229

Dr. Christopher Kunz boosted:
Trend Zero Day Initiativethezdi@infosec.exchange
2025-05-15

With our first confirmation, our results blog is now live. We'll be updating this blog throughout the day with the latest results. zerodayinitiative.com/blog/202

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst