DANN MACHT HALT KEIN l,I 0 UND O IN EURE PASSWÖRTER!

Happy Valentine's Day!

I've got a little something for you all right here https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh

💕 Patch your Gits 💕

IDK but all those AI prompt injections like

https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/

seem to rely on in-band signalling which could have been avoided at design time by having separate channels for configuration and user input. But instead the 70s are calling and want their cereal whistles back

#caturday

Sometimes you just need to look at the right spot and have a good guts feeling to find vulns.

https://about.gitlab.com/blog/2023/01/24/git-security-audit/

Patch you Gits!

End of last year I had the big pleasure to work with @marver and @mumblegrepper in a code review of Git.

Here's what we got for you:

https://www.openwall.com/lists/oss-security/2023/01/17/4

https://x41-dsec.de/security/research/job/news/2023/01/17/git-security-audit-ostif/

Raise your hand if you don’t take proper notes but only rely on the shell history file. 🙋

Christmas Eve RCE ☑️

Let’s see how the reporting goes. :D

My pics of 2022 https://pixelfed.de/c/512299667272592240

Zehkurity made in Germany

For the non german speaking people:
A German solar startup will pair your solar panels in their app solely based on your phone number.