October 14, 2024
October 14, 2024
I have been laughing at this entirely too long... pic.twitter.com/Xmv8Y2G28x
— Mark C. (@LargeCardinal) October 12, 2024
Zendesk finally responded. Well, if you count a shady-looking GitHub account dropping a blog link as a response: https://t.co/ox96xQisEk
— daniel (@hackermondev) October 12, 2024
They've doubled down, reaffirming their decision not to award a bounty, claiming I broke ethical guidelines by sharing the bug. https://t.co/cbP4srW6ZI pic.twitter.com/Dfvw9Se8Y5
Some comments on the zendesk blog post.
- This is not a supply chain or supply chain like attack
- If the bug was rejected as out of scope the obligation to the bug bounty program ends
- Even if the bug bounty claimant did report the bug individually to other companies, those reports were through their bug bounty programs
- There is no ethical violation in submitting rejected bugs to other bug bounty programs
- Even if there is such a violation, it still looks worse for Zendesk to go on active defense. They screwed up when they rejected the bug.
Email user verification bug bounty report retrospective – Zendesk help
This summer, Zendesk identified a vulnerability through our bug bounty program which we worked with a researcher to address. We have no evidence that this vulnerability was exploited by a bad actor...
The future is on X pic.twitter.com/fwa5lL6aLK
— Ryan Marino, MD (@RyanMarino) October 13, 2024
If you’re sending prompts to an LLM and it’s failing to solve your problem, and you conclude the solution is “agents” … well, good luck with that =)
— Sean Heelan (@seanhn) October 13, 2024
I would love a talk from Sean about how to be pessimistic in this space :)
— Dave Aitel (@daveaitel) October 13, 2024
Perhaps confusingly I’m pretty optimistic about LLMs as a technology. What im pessimistic about is the average LLM commentator ;)
— Sean Heelan (@seanhn) October 13, 2024
OCR toolkit pic.twitter.com/ui7ScfoEFD
— Tom Dörr (@tom_doerr) October 13, 2024
GitHub - VikParuchuri/surya: OCR, layout analysis, reading order, table recognition in 90+ languages
OCR, layout analysis, reading order, table recognition in 90+ languages - VikParuchuri/surya
There are a lot of scanned PDFs with important information that are finally becoming available thanks to AI OCR and I think it’s great!
Baseband firmware reverse engineering (MediaTek 5G)
— 0xor0ne (@0xor0ne) October 13, 2024
Blog post: https://t.co/ppG34ld1WM
nanoMIPS Ghidra module: https://t.co/aZxVzQKFW5
Mediatek firmware tools: https://t.co/32cpJMmZH6#baseband #cybersecurity pic.twitter.com/oZrJbqW4p8
Android side of security is somehow remains an underexplored area and still have a lot of bugs to explore, in my last 2 weeks of bug-hunting session I have uncovered over 20 bugs across various Android applications from multiple organizations - https://t.co/xY6EyNgJS6
— Abdillah (@abdilahrf) October 12, 2024
Everything about this article is a blinking 🚨 of hype and nonsense but it’s Sunday and I don’t have the energy to care. https://t.co/947guRLo1b
— Matthew Green (@matthew_d_green) October 13, 2024