curl/libcurl HIGH CVE-2023-38545 seemed to have a patch diff out early?
gitlab.com/redhat/centos-…
This is the vulnerability that had curl maintainers cut an early release, slated for October 11.
github.com/curl/curl/disc…

Want to know what a YouTube channel with half a million subscribers looks like behind the scenes?

As we're cruising into 2023 and the new year, I'd like to peel back the curtain.

I want to be as transparent as possible here, in the hopes that this might help other creators. 🧵 This year in 2022, I uploaded ~170 videos, with most being released in the latter half of the year.

Trying with a certain of amount of grace and dignity, I did lean into the "cringy" thumbnails with the exaggerated expressions or more modern titles.

"Would you like to earn millions of dollars $$$ ?"

Today I got a notification on my phone that YouTube had sent me a copyright report, claiming one of my videos violated copyright and my channel was going to receive a strike.

Except, my video didn't violate copyright. And YouTube didn't really send me a copyright report. Turns out, pikkunovuriij[@]gmail[.]com sent me this fake copyright claim PDF. It was easily recognizable as bogus (especially since that video is me just recording my screen showing how to install a free Linux distribution in a virtual machine), but, thanks for the fun.

Since ms-msdt: is now readily detected and the conversation has changed to search-ms: and some more staggered social engineering tricks, here is a useless thread on a silly thing tricksters might be able to pull off with some of the new fun things we have learned: 🧵 1. Stage an HTML webpage with the dumbo "IMPORTANT SECURITY UPDATE" pretense, with the cheesy Microsoft logos and arrows and all the nonsense that fools your grandparents
1a. Use JavaScript in the HTML page to force a drive-by-download/http-smuggler-whatever you want to call it.