Julian Horoszkiewicz

My second public acknowledgement for a kernel-mode vulnerability: https://t.co/x28JnirKbT 😉 This one is for a pool overflow in NVIDIA Install Helper Service (NVI2SystemService64.sys). Because at the time I had discovered and reported the issue the product had already reached EOL, the vendor will not assign a CVE number to it. In other words, this vulnerability did not make it to CVE because it stayed unreported for too long. This policy approach to EOL products is quite common among vendors and exemplifies one of numerous scenarios for which CVE as a tool for vulnerability and risk management is not sufficient. For anyone interested in such scenarios, I recommend reading my article dedicated to this subject: https://t.co/3G806o7mT4.

Do you want to be de-banked over digital ID rules? Vietnam is terminating bank accounts without a linked digital ID. We are not exaggerating when we say this is what could happen in the UK. It is already happening elsewhere. The people must remain in control, we must reject Digital ID.

OSCP is no job experience, it does not even teach actual pentesting and its passing criteria are based on collecting the flags, not on "how pretty the report is". Also, the part about no sleep and no food is BS. Seeing a trend of non-technical juniors without actual passion for infosec believing that OSCP makes one a "senior".

The UK is rolling out a national digital ID, the “Brit Card," despite 2.7M+ signatures against it. Tied to borders, benefits, and public services, it’s the spine of a new surveillance state. Combined with the Online Safety Act, identity verification is becoming mandatory to live, work, and speak.

As long as vendors can hide vulnerabilities by bullying researchers and their own clients with NDAs and SLAPP, it doesn't really matter what system we use to exchange information about issues. Also, there's many other scenarios in which this just doesn't work as it should: https://t.co/3G806o7mT4