UF InfoSec

WERE SO BACK

SwampCTF is in 25 hours!!!! Here is a👀sneak peak👀! Get your emulators ready for some old school fun! #SwampCTF #CTF

As of today, UFSIT is a part of @EFF's EFA! We're happy to endorse their values:

CONGRATULATIONS to our FINAL 15 TEAMS! Please monitor your emails over the next few days to find out information and key deadlines for finals preparations! To team who competed in our Regionals we are honored that you have chosen to compete with us! Next Stop: FINALS 🚊 🛩 🎉

And the winners are.... 1st place: A Team with a Dream - @UCF 2nd place: Cyber Eagles - @tennesseetech 3rd place: Darth Gator - @UF Congratulations to all!!!

CISE Dept Chair and FICS faculty member @DrJuanGilbert was recently honored with the National Medal of Technology by President Joe Biden. The National Medal of Technology and Innovation is the nation’s highest honor for technological achievement. news.ufl.edu/2023/10/juan-g…

BugBounter gets together with @UFSIT of University of Florida (@UF) to talk about bug bounty as a method to develop as a cybersecurity specialist & make money! 📅 October 25th, 2023, Wed. ⏰ 4:45 PM EST / 11:45 PM GMT+3 #bugbounter

Here are our winners from our first round of Regionals! To all of the competitors, we want to Congratulate each of you on a job well done! Thank you to our regional hosts at Tennessee Tech University, Augusta University, and Baldwin Wallace University!

Our Red Team is officially in Augusta for @globalcptc! Everyone wish them luck! 🟥🟥🟥🟥🟥🟥🟥

People still qrt like this to get hits?

@UK_Daniel_Card I fell for it tbh

Peole still tweet like this to get hits? ;)

make sure to attend and represent ufsit!

@KevinNaughtonJr I will code for cat and gator pictures xx

coding for money is evil

@DebugPrivilege (shoutout to nushell for trying to bring this to linux) github.com/nushell/nushell

@DebugPrivilege Anything shell that is intuitive is 10/10 for me The predictable naming schema and the way that everything is an object instead of just text makes things so nice

@trashh_dev @NetflixEng me when I see that Netflix doesn't have a cybersecurity internship out yet

summer interns 2024 @NetflixEng get it while it’s hot jobs.netflix.com/jobs/298350570

chat is this real

@0xTib3rius I personally like to adjust my CVSS based on ✨vibes ✨ Too high bc of exploitability? The vibes say otherwise

The curl / libcurl CVE being High severity but only affecting a specific (and likely rare) use-case needs some discussion. There are multiple things to consider here: CVSS scores are usually just base metrics, cover the worst case scenario, and don't take exploitability into consideration. That doesn't make CVSS entirely useless, but context is always needed. Incidentally, the original H1 report (hackerone.com/reports/2187833) had this marked as a Critical. A developer may not be fully aware of the prevalence of certain configurations of their product. It is likely more responsible to err on the side of caution in these cases. However, perhaps in this situation, and going forward, it might be a good idea for developers to add some context to their initial pre-patch announcements. I saw this described as the "worst curl security flaw in a long time", which is true, if we're talking about severity (possible outcomes) alone. The issue is, severity isn't the only important thing here. It would have been nice to know an estimation of exploitability too. The counterpoint to that I suppose is that perhaps those who do need to urgently patch their systems would have been less aware. It's a tricky situation. What are your thoughts?

@c0nrad_jr us when we got to 1337 members on our discord

The most important YouTube creator milestone