Olivia
Online
LCFR
@lcfr_eth
;PpPpPPpPppPPpPPPpPPpPPp
[email protected]
Joined November 2021
2.5K Following
2.6K Followers
189 Posts
Pinned Tweet
Here's the slopsploits for CVE-2024-14027 that were produced in roughly 2-3x the amount of time a human would have done it.
As well as some thoughts/notes.
https://t.co/Seou9KK52o
Took like a day and much of the exploit strategy had to be spelled out (even if it's just swapping a different trigger into minipli's existing exploit), but I "hear" Claude was able to produce two working privesc exploits for it.
I asked nick about why the patch was not implemented for this bug a few years ago after it was found and a bounty paid.
seems like a nice backdoor now :>
@dumbnamenumbers @gabe_onchain there are unfixed bugs which allow the DAO to steal your name. But they were not fixed since the DAO is trustworthy ... or well was 2 years ago :)
https://t.co/GvAvablTgm
@Walodja1987 @LefterisJP @dumbnamenumbers @gabe_onchain was never patched. they paid 100k to someone for this bug even though the entire bug is that the DAO can do what ever they want.
sure does seem like this was kept in as a backdoor at this point. ive pointed it out and asked for years why this has not been resolved.
Who to follow
Majd
@majd_Ai_
Digital Product Owner | Solving real problems w/ AI tools | Riyadh.eth | Type 1 Visionary | Creating @luminae_btc
NameApes.eth | 192.eth
@ensbuy
NameApes Official Account. https://t.co/z032hAeTJV for bulk search and listing of ENS domains. 384 spells ETH on keypad. 999 Club Council member.
solooseason
@solooseason
no sense
yes and no. namespaces are only a security boundary in the absence of *numerous* unpatched kernel vulnerabilities. it's in the name.. "Linux kernels - user namespace".
the namespace "fs" is just another var in kernel memory.. a vulnerability with write access to kernel memory can simply set that to what ever they want.
what distro?
ah yeah figured it was the lack of daemon. :>
all containers share the host kernel, while vm's can run completely separate kernels and arch of the host. so root in the container is still root on the host regardless of daemon or not.
if you are running on linux as a host... ALOT of vulns are being exploited and dropped publicly at the moment before patches make it to distros by large amounts of time.. (sometimes 1+ month without distro patches).
if an attacker gets kernel privs after exploiting some vuln in the container they could just load an lkm into your host kernel from the guest that allows host access.. or set the current fs/namespace to the hosts namespace from the guest.
@BowTiedDevil @BowTiedCrocodil @DeathScytheH > I use Podman which minimizes the ability for a malicious process to gain root access to my host
why do you say this?
This will go live now: https://t.co/17n3cvryZT
Post your questions here: https://t.co/6sCufR3q3t
Every time anyone said this they would get banned / shunned by DAO/Labs.
It has been said for YEARS that nick could always pass/kill anything he wanted and the DAO/Labs/useful idiots would argue this wasn't the case..
nick.eth is the reason ENS has stagnated. Its mostly his ideals/vision/personal grievances/shitty staff picks which have pushed people & devs away from the project.
If he thinks being MORE in control will fix it.. he is wrong and his ego/hubris will destroy the entire project .
All this because revenue is down also. I cant lie that I find it hilarious that ENS was most profitable when @ensvision was in full force before killing our spirit/desire to be involved with ENS at all ..
No service provider / partnership has been as valuable/profitable as working with vision was and could have been and now revenue is down drastically and we are here .. amazing/hilarious work.
@LefterisJP @A_Leutenegger @ENS_DAO He always has been and they tried to argue that wasn't the case for years.
This is because etherscan only normalized (convert to lower etc) the name and didn't do the rest of the verification that address == holder of normalized name/token etc.
https://t.co/aeGSLGW7ly
It is an etherscan issue, not ens or metamask.
etherscan has a history of not verifying ens names against the metadata service.. years ago I got a bounty by registering an invalid ens name with xss in it which triggered on etherscan as well.
they likely just fixed their normalization checks as per ens docs.
Both Bouncy Castle and GnuPG have acknowledged and fixed the reported issues.
CVE-2026-12802 will be published with Bouncy Castle 1.85.
GnuPG fix: https://t.co/zdpOVNGXEQ
We sent Claude Mythos Preview spelunking through Squid’s guts, and it surfaced clutching a 29-year-old bug.
Meet Squidbleed: a Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration.
Full story: https://t.co/xQLKqaSmTn
a sloppy unreliable exploit for this nice cBPF uaf that doesn't require bpf (ebpf) privs (cap_bpf/unpriv bpf) tested on centos10.
4.5 -> 7.1
https://t.co/yvHDRoqWPZ
https://t.co/8FLDmpM8W7
How to format a ciphertext
https://t.co/oMD9b0SzPO
@Dynamic_Weeb why does young Kunishige look like young Yura
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers