Use @deno_land's `deno run` instead with appropriate sandboxing flags.
Example: https://github.com/okTurtles/chel/pull/58/files
#nodejs #npx #infosec #security
Hey infosec.exchange! We’re the CHERI Alliance — excited to join the community!
We’re all about CHERI (Capability Hardware Enhanced RISC Instructions) — a powerful hardware-based approach to making memory safety and software security actually enforceable, by design.
CHERI helps stop things like buffer overflows and use-after-free bugs before they cause trouble — with hardware-enforced protections built right into the architecture.
We’re here to:
- Share news about the CHERI community in general
- Talk about what our members are building with CHERI
- Connect with folks who care about deep, meaningful security improvements
Check us out cherialliance.org
Give us a follow if this sounds like your kind of thing!
My previous intro post was a few years old, so behold, new intro post:
Mike. Live in the Seattle area having grown up in the UK as a full blown British. Have a wife (incredible), child (boy), and three dogs (golden retriver/cream retriver/fuck knows).
I work in information security, something I have done for about 20 years. By day I run corporate security, enterprise IT and various other bits and pieces for an EV charging startup. I am big into EV's and currently drive one that is not a Tesla. I want an electric motorbike, so if anyone has a spare one please send it.
I also have a company of my own, Secure Being (https://securebeing.com), which does pen testing and digital forensic work - it's my way of staying super hands on while still doing the management bits on the career path.
I have written books about information security things. Five of them. Two are non-fiction textbooks, and three are fiction based on real world #infosec things. Check out https://infosecdiaries.com and your local bookstore to find them, just search for my name. I have been trying to write more stuff, but always seem to find myself distracted by other things, such as work. linktr.ee/secureowl has some mini stories I've written.
I love radio and everything RF. I have lots of antennas and various scanners and radios on my desk. I love intercepting and decoding things, like digital radio protocols.
I am a big aviation nerd. I always wanted to be a commercial pilot. I gained my private pilots license in the UK at 17, all self funded by my employment at the local Safeway/Morrisons store. I did the sim test and commercial assessments, but for some reason, at 18, I was unable to find the £100k needed to complete the commercial training, so I did computers. But do not worry, because those computers and love of aviation and radio/RF combined, and I run a project called ACARS Drama. https://acarsdrama.com has all the details.
I play guitar and am a big guitar/audio nerd as well. I record music under the moniker Operation: Anxiety, https://operationanxiety.com - the music is on all the normal places.
Finally, I am a massive fan of motorsport. I believe I have watched every F1 race for the last 30 years, maybe 25. I also follow F2, FE, Indycar and MotoGP closely. I average around 18 hours of Le Mans 24 hour racing watching per year.
So there you have it. If you are looking for a thought leader on the topics mentioned above, you've come to the wrong place - because this is where I shitpost, and shitposting is cheap therapy.
Just posted my new article on another client-side remote code execution bug I found in Google Web Designer back in February, tracked as CVE-2025-4613, fixed in an April release. Enjoy the write-up!
Fresh new instance, fresh new #introduction time.
I'm Erin, yet another autistic transgender anarchist from so-called Portland, Oregon. I used to have fancy tech jobs with titles like "Lead Full-Stack Software Engineer" until I burnt out, got laid off, and discovered that the tech industry was done with me. Nowadays I survive on a very part-time gig as a general technologist and some freelance tech work when I can find it. My part-time gig is unionized through the IWW, of which I am a proud member. I've been on fedi under various names and handles since GNU Social was the cool new thing.
My special interests include Cybersecurity, Casio watches, Dungeons & Dragons, Final Fantasy XIV, the Indieweb, Linux, old ThinkPads, XMPP, Yuri Anime and Manga, and stuffed sharks.
formerly @kvuzet
Here's a big list of tags:
#ActuallyAutistic #Anarchism #Blahaj #CyberSecurity #DnD #FFXIV #F91W #Frontend #Indieweb #InfoSec #IWW #Linux #Queer #RSS #SDF #ThinkPad #Tech #Trans #Vegan #WebDev #XMPP #Yuri
Guten Morgen,
Werbung ist nicht nur nervig. Sie verbraucht auch eine Menge Daten und verlangsamt damit Webseiten und Apps. Werbeplätze werden in automatischen Auktionen an die Meistbietenden verkauft. Dazu werden verschiedenste Daten über dich gesammelt und verkauft. Außerdem gibt es immer wieder Fälle, in denen Werbung für eine Anwendung gar nicht vom Anbieter stammt sondern von Angreifer*innen, die dich zu Seiten mit Trojanern locken. Oder es wird sogar in der Werbung selbst Schadcode auf seriösen Seiten ausgeliefert.
Es gibt daher gute Gründe, warum du einen Werbeblocker nutzen solltest. Besonders gut ist zum Beispiel uBlock Origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ Neben Werbung unterbindet uBlock Origin auch Tracker, die deine Daten sammeln, oder bekannte Seiten mit Schadcode.
Webseiten werden schneller geladen und sind ohne die ganze Werbung viel besser zu lesen. Ich bekomme jedes mal einen kleinen Schock, wenn ich Webseiten mal ohne Werbeblocker sehe.
Da Google in Chrome die Schnittstelle für Erweiterungen so geändert hat, das Werbeblocker nicht mehr richtig arbeiten, solltest du Firefox eine Chance geben. Hier funktionieren die Erweiterungen wie sie sollen.
Sowohl Firefox als auch uBlock Origin sind OpenSource. Du kannst sie also kostenlos nutzen und bei Problemen auf eine breite Community zurückgreifen.
Wenn du einer Webseite Geld zukommen lassen möchtest, weil du jetzt keine Werbung mehr siehst und damit deren Einnahmequelle wegfällt, gibt es meistens auch andere Wege. Z.B. Abos, Spenden, Mitgliedschaften oder Dienste wie Patreon. Gerade in Zeiten von Fakenews und KI, die alles frisst was erreichbar ist, ist eine unabhängige Finanzierung guter Angebote von Qualität notwendig.
Nimm den heutigen Tag als Anlass und probiere Firefox mit uBlock Origin.
Habt einen guten Tag!
This is what #DarrenBeattie — & #MikeBenz —have long called for. Many of the names & keywords he included in his request reflect #ConspiracyTheories & #grievances promoted by Revolver News—which Beattie founded after being fired from his job as a speechwriter during the first #Trump admin when CNN reported that he had spoken at a conference with #WhiteNationalists.
#disinformation #law #privacy #InfoSec #RevengePolitics #FirstAmendment #FreeSpeech #FreePress #democracy
https://www.cnn.com/2018/08/19/politics/darren-beattie-mencken-club/index.html
Several people familiar with the matter say that by early April, #DarrenBeattie had received many of the documents he’d requested, retrieved through eRecords, as well as a list of grantees. One source says the more sensitive list of subgrantees was not shared.
…5 weeks after Beattie made his requests for #information, the #State Dept shut down R/FIMI.
Another employee expressed concerns about the request for information on the agency’s subgrantees—who were often on the ground in repressive countries & whose #information was closely guarded & not shared digitally, unlike the public lists of contractors & grantees typically available on websites like Grants.gov or USAspending.gov. “Making it known that [they] took money from the #UnitedStates would put a target on them…We kept that information very secure….”
This felt, they say, like a powerful misuse of the public records system—or as Jankowicz, the #disinformation researcher & fmr DHS ofcl, put it, “weaponizing the access [Beattie] has to internal communications in order to upend people’s lives.”
“It stank to high heaven,” one staffer says. “This could be used for #retaliation. This could be used for any kind of improper purposes, & our #oversight committees should be informed of this.”
Employees worried about the sensitivity & impropriety of the broad scope of the information requested, particularly because records would be #unredacted, as well as about how the search would be conducted: through the eRecords file management system, which makes it easy for administrative staff to search through & retrieve #State Dept employees’ emails, typically in response to #FOIA requests.
It also asked for a search for 32 right-wing buzzwords related to #abortion, #immigration, #ElectionDenial, & #Jan6, suggesting a determined effort to find #State Dept staff who even just discussed such matters.
Multiple sources say State Dept employees raised alarms internally about the records requests.
#DarrenBeattie also requested a search for communications that mentioned #Trump & more than a dozen other prominent right-leaning figures. In addition to Jones, Greenwald, & “RFK Jr.,” the list includes “#DonJr,” #ElonMusk, #JoeRogan, #CharlieKirk, #MarineLePen, “#Bolsonaro” (which could cover either Jair Bolsonaro, the fmr Brazilian president, or his son Eduardo, who is seeking political asylum in the US), & Beattie himself.
In total, he sought communications about 16 organizations, including #Harvard’s Berkman Klein Center & DHS’s’s #Cybersecurity & Infrastructure #Security Agency (#CISA), as well as…about 39 individuals.
Notably, this includes several #journalists: In addition to #Bellingcat & #AnneApplebaum, the document also asks for communications w/ #NBCNews senior reporter #BrandyZadrozny.
#DarrenBeattie specifically asked for “all documents, emails, correspondence, or other records of communications amongst/between employees, contractors, subcontractors or consultants at the GEC or R/FIMI” since 2017 with all the named individuals, as well as communications that merely referenced them. He sought communications that referenced any of the listed organizations.
Most people on the list appear to have focused at some point on tracking or challenging #disinformation broadly, or on countering specific false claims, including those related to the #2020election. A few of the individuals appear primarily to be critics of #Trump, #DarrenBeattie or others in the #RightWing #media ecosystem. Many have been the subject of Trump’s public #grievances for years.
This idea has taken hold more broadly; the [#Republican controlled] #House Foreign Affairs Cmte held a hearing titled the “Censorship-Industrial Complex: The Need for First Amendment Safeguards at the State Department,” on April 1 focused on GEC.
#DarrenBeattie has also personally promoted these views. Before joining the #State Dept, he started Revolver News, a website that espouses #FarRight talking points that often gain traction in certain *conservative* circles. Among the ideas promoted in Revolver News is that GEC was part of a “censorship industrial complex” aimed at suppressing American #conservative voices, even though GEC’s mission was foreign #disinformation.
#DanielFried echoes this sentiment. “I spent 40 years in the #State Dept, & you didn’t collect names or demand email records…I’ve never heard of such a thing”—at least not in the American context, he clarifies. It did remind him of Eastern European “Communist Party minder[s] watching over the untrusted bureaucracy.”
He adds: “It also approaches the compilation of an #EnemiesList.”
When told of their inclusion in the records request, multiple people expressed alarm that such a list exists at all in an American institution. “When I was in government I’d never [have] done anything like that,” #BillKristol, a fmr chief of staff to VP Dan Quayle, says. “What would be the innocent reason for doing that?”