October 14, 2024

                            October 14, 2024

                October 14, 2024

                        October 14, 2024

I have been laughing at this entirely too long... pic.twitter.com/Xmv8Y2G28x
— Mark C. (@LargeCardinal) October 12, 2024

Zendesk finally responded. Well, if you count a shady-looking GitHub account dropping a blog link as a response: https://t.co/ox96xQisEk

They've doubled down, reaffirming their decision not to award a bounty, claiming I broke ethical guidelines by sharing the bug. https://t.co/cbP4srW6ZI pic.twitter.com/Dfvw9Se8Y5
— daniel (@hackermondev) October 12, 2024

Some comments on the zendesk blog post.

This is not a supply chain or supply chain like attack
If the bug was rejected as out of scope the obligation to the bug bounty program ends 
Even if the bug bounty claimant did report the bug individually to other companies, those reports were through their bug bounty programs
There is no ethical violation in submitting rejected bugs to other bug bounty programs 
Even if there is such a violation, it still looks worse for Zendesk to go on active defense. They screwed up when they rejected the bug.

  Email user verification bug bounty report retrospective – Zendesk help
This summer, Zendesk identified a vulnerability through our bug bounty program which we worked with a researcher to address. We have no evidence that this vulnerability was exploited by a bad actor...

The future is on X pic.twitter.com/fwa5lL6aLK
— Ryan Marino, MD (@RyanMarino) October 13, 2024

If you’re sending prompts to an LLM and it’s failing to solve your problem, and you conclude the solution is “agents” … well, good luck with that =)
— Sean Heelan (@seanhn) October 13, 2024

I would love a talk from Sean about how to be pessimistic in this space :)
— Dave Aitel (@daveaitel) October 13, 2024

Perhaps confusingly I’m pretty optimistic about LLMs as a technology. What im pessimistic about is the average LLM commentator ;)
— Sean Heelan (@seanhn) October 13, 2024

OCR toolkit pic.twitter.com/ui7ScfoEFD
— Tom Dörr (@tom_doerr) October 13, 2024

  GitHub - VikParuchuri/surya: OCR, layout analysis, reading order, table recognition in 90+ languages
OCR, layout analysis, reading order, table recognition in 90+ languages - VikParuchuri/surya

There are a lot of scanned PDFs with important information that are finally becoming available thanks to AI OCR and I think it’s great!

Baseband firmware reverse engineering (MediaTek 5G)

Blog post: https://t.co/ppG34ld1WM

nanoMIPS Ghidra module: https://t.co/aZxVzQKFW5

Mediatek firmware tools: https://t.co/32cpJMmZH6#baseband #cybersecurity pic.twitter.com/oZrJbqW4p8
— 0xor0ne (@0xor0ne) October 13, 2024

Android side of security is somehow remains an underexplored area and still have a lot of bugs to explore, in my last 2 weeks of bug-hunting session I have uncovered over 20 bugs across various Android applications from multiple organizations - https://t.co/xY6EyNgJS6
— Abdillah (@abdilahrf) October 12, 2024

Everything about this article is a blinking 🚨 of hype and nonsense but it’s Sunday and I don’t have the energy to care. https://t.co/947guRLo1b
— Matthew Green (@matthew_d_green) October 13, 2024

                            Don't miss what's next. Subscribe to the grugq's newsletter: