Toots for amy@infosec.exchange account

Written by Amy on 2024-12-28 at 01:41

The only time you’ll catch me cross-posting from the cursed site — congratulations to all of our amazing Chrome VRP security researchers that made our leaderboard— and Chrome safer for all users — this year!

See the “official” announcement @ https://crbug.com/386306231

=> View attached media

=> More informations about this toot | View the thread

Written by Amy on 2024-11-28 at 19:08

Garmin v Oura, a short story:

Oura: sleep score: 84, you sweet baby angel, you did so well sleeping, but your RHR was a little elevated. Maybe consider a nap later if you feel tired.

Garmin: sleep score 67, you dumb piece of shit, do you even know how to sleep, do better ffs. Body battery: 41.

Oura: you surpassed your activity goal by 70%! 🎉🥳 Make sure you recover and take care of you.

Garmin: oh fine you did some strength training, but you got 17,350 steps yesterday why can’t you do 25,379 you lazy pos? Ugh.

Oh btw your fitness age just decreased by one year but whatever.

If you have been also bullied and peer pressured by Garmin, you may be entitled to compensation.

=> More informations about this toot | View the thread

Written by Amy on 2024-11-14 at 17:10

If you are a Chrome VRP reporter (or participant in another other Google VRP) you can donate your rewards to SAI as well, and like all donated rewards, we’ll double your reward for donation any time of the year.

=> More informations about this toot | View the thread

Written by Amy on 2024-11-14 at 17:08

Super inside-baseball follow up, but if you’re a googler you know it’s holiday giving campaign time. I want to make a plug for donating to the Spyware Accountability Initiative (https://stopspyware.fund).

They are directly funding labs like The Citizen Lab, Access Now, and Amnesty International Digitial Forensics lab (as well as many others) doing to hard work to stop track down and stop spyware to protect victims, such as human rights activists, political dissidents, and journalists.

You too can be part of the efforts to stop spyware with your funding.

=> More informations about this toot | View the thread

Written by Amy on 2024-11-14 at 16:47

And snapping back to reality of this terrible timeline:

https://www.wired.com/story/trump-administration-cybersecurity-policy-reversals/

=> More informations about this toot | View the thread

Written by Amy on 2024-11-14 at 14:41

This terrible timeline has a new branch, and it is hilarious — The Onion has purchased Infowars

https://www.nytimes.com/2024/11/14/business/media/alex-jones-infowars-the-onion.html?unlocked_article_code=1.Z04.Wiwi.UMUgUSO1vzUW&smid=url-share

=> More informations about this toot | View the thread

Written by Amy on 2024-11-14 at 01:51

I’m waiting for a script to finish running so I’m going to take this time to air my beef with women’s denim manufacturers.

1. Y’all need to stop the midrise gaslighting. Some of these jeans y’all are touting as midrise are definitely high rise.

Midrise is below the natural waist and should fall somewhere below the belly button and somewhere between it and the hips. Mid rise jeans should not be completely covering the belly button and encroaching the space above it.

I want to say that maybe I’m built different, but midrise jeans should not have six inches of zipper.

2. The same jeans in the same size but a different wash should not result in entirely different measurements. Why is a light wash jean a different rise and fit than the same jeans in a dark wash? Why is black denim always a completely different fit?

3. why are so many straight leg jeans cropped or “ankle length” (which is code for cropped if you have long legs). And why when they are, if they are called straight leg, do some also have a small kick flare?

There are many things I appreciate about online shopping, but shopping for jeans ain’t it. I prefer stores so I can try things on before I buy them. Instead I’m stuck with jeans I think I’ll like eventually (and rarely do) or having to get a lot better at returning things, thus also having to endure more frequent post office and UPS visits.

Because SF doesn’t also have a lot of clothing stores from which to choose. There is an Everlane but I don’t really love their denim.

So if you’re still reading this and have any good midrise denim recommendations, I would sincerely appreciate it. Regardless, thanks for letting me get that off my chest.

=> More informations about this toot | View the thread

Written by Amy on 2024-11-13 at 18:25

Today we’ve expanded the scope and rewards for the Chrome VRP V8 sandbox bypass rewards to include any demonstrated memory corruption outside the sandbox. (https://g.co/chrome/vrp#v8-sandbox-bypass-rewards)

The V8 sandbox is not yet considered a security boundary, but this expansion is one of many precursors to get there.

We do hope that if you’re doing browser or V8 research, you’ll start playing in our sandbox!

Also we have opened previous V8 sandbox submissions under the previous scope for early public disclosure in our bug tracker. This is a treasure trove of information for learning about know bypass techniques. (https://issues.chromium.org/hotlists/4802478)

=> More informations about this toot | View the thread

Written by Amy on 2024-08-28 at 17:31

Hi everyone — especially browser security researchers! Today we’ve announced some pretty significant changes to the Chrome VRP reward structure and amounts. This was all built with the purpose of incentivizing deeper and ever more impactful research of Chromium security issues.

I wrote a little blog about it here: https://bughunters.google.com/blog/5302044291629056/chrome-vrp-reward-updates-to-incentivize-deeper-research

We wanted to acknowledge the challenges faced and skills required to find the more complex and impactful issues in Chrome, especially when it comes to demonstrating the full exploitability and impact.

We hope these changes are helpful inspiring to browser security researchers and signal our continued investment in working with you to make Chrome more secure for all users.

=> More informations about this toot | View the thread

Written by Amy on 2024-08-08 at 17:55

Getting to attend Black Hat and defcon in a professional capacity and attend talks and talk to all the peoples is really great and a privilege .i try not to take it for granted. But honestly, I’m really not a Vegas person. Never have been and my tolerance for parties has really tanked.

I wish we had a security conference fest in the outdoors — like the mountains or the desert. Talks and hacking interspersed with hikes and bikes, climbing, or other outdoor activities. Instead of parties in clubs or bars, tea or coffee tastings. Networking over crafts and puzzles.

I know this wouldn’t be popular, but the folks that would be into it would be pretty into it I think. 🤔

=> More informations about this toot | View the thread

Written by Amy on 2024-07-24 at 01:50

I am giving a talk at a work event in Vegas during hacker summer camp and - i kid you not - this is the template we were given. So ofc I could not resist the feminine urge to use it appropriately.

And yes, it does bother me that I did not effectively center ‘brat’.

Sorry this is cropped within an inch of its life to ensure I did expose any actual work stuff.

=> View attached media | View attached media

=> More informations about this toot | View the thread

Written by Amy on 2024-05-04 at 19:13

I find myself at #bsidessf today. Please come say I if you see me or ping me if you’d like to chat. Excited to meet other folks doing security, vuln management, bug bounty, VDP, etc.

=> More informations about this toot | View the thread

Written by Amy on 2024-03-24 at 20:06

Having brunch in Portreo Hill this morning and confronted with some casual blatant sexism. Two dudes, dude1 talking about his company / startup:

D1: yeah, we just hired $female-presenting-name, and

D2: makes negative cringe noise, [mumble, unintelligible]

D1: no, it’s great but it’s because she’s just like a dude….

She’s fitting in so well, but it’s only because she’s just like one of the boys.

Like the other night she was in the office until 9 or so, even after $male-presenting-name.

D2: oh?

D1: But like the only reason she was there so late was that here boyfriend was busy.

I shouldn’t be surprised. I live in SF and tech is gonna tech. But I want to believe it’s going to get better for the next generation, but I have little to no faith in that. D1 was maybe 30. Other guy was maybe 32-33 at most. This mentality is still entrenched in tech and being perpetuated. They’re out here saying it will their full chest over eggs benny on a Sunday.

It’s just fucking depressing.

=> More informations about this toot | View the thread

Written by Amy on 2023-12-09 at 00:39

I’d like to call attention to a very special Chromium bug: crbug.com/1509898 😉

Today we announced the top Chrome VRP reporters of 2023! 🥳

Congratulations to everyone on the list and many thanks and much gratitude to our Chrome VRP security researcher community for all your hard work on 2023 and helping us make Chrome Browser and Chromium more secure for all users!

=> View attached media | View attached media

=> More informations about this toot | View the thread

Written by Amy on 2023-11-28 at 20:01

There are few things more annoying than leaving a sizable comment or response in Gerrit only to realize a full 24 hours and 45 minutes later you never hit Reply.

This is where a Clippy would be helpful. “Hey, it looks like you left a comment on this CL. Did you want to Reply?”

=> More informations about this toot | View the thread

=> This profile with reblog | Go to amy@infosec.exchange account