yohanes

Hey @duolingo my 10yo just found the most wholesome zero-day ever 💀 Step 1: Revoke microphone permission on iPad Step 2: Start a voice lesson Step 3: Reject mic access again when prompted Result: Duolingo gives him credit anyway and extends the streak for doing absolutely nothing 😭 What’s the bug bounty for a 5th grader? 🦉💻

Last year, I found a bug in the Intel ITT API (used by OpenCV) while pentesting a banking app. It allows arbitrary shared library loading on Android, affecting OpenCV ≤ 4.10. Intel just lifted the embargo, so the details are now public. Write-up+POC: tinyhack.com/2025/11/09/cve…

Selamat Jalan Bu Inge blog.compactbyte.com/2025/08/30/sel…

WhatsApp has a neat page for scammer so that they can do Phishing attack similar to: krebsonsecurity.com/2024/09/this-w… They have a "Copy" button, in an official WhatsApp page, and you can fill in any text whatsapp.com/otp/code?code=… @WhatsApp doesn't consider this as a bug "Your report appears to describe a social engineering or spam attack against Facebook users and infrastructure. Although we appreciate the report, such issues do not qualify under our bug bounty program."

@jurnal_ekuitas Wah baru tau ada perubahan sejak Maret kemarin

@yohanes Kontrak back-to-back seperti di Pluang dan banyak aplikasi lainnya. Singkatnya kepemilikan secara tidak langsung. Pembuatan kontraknya ada biaya tambahan yang akan ditanggung investor/user aplikasi. Kalau minta dicetak sahamnya tidak bisa. Ujungnya penambahan beban.

Simpulan aplikasi trading "saham" asing - Pluang (CFD) - Gotrade Indonesia (CFD) - Reku (CFD) - Nanovest (CFD) - Ajaib (CFD) - Triv (CFD) - eToro (CFD) - Gotrade International (Saham) - Tiger Brokers (CFD & Saham) - Moomoo (CFD & Saham) - Schwab (Saham) - IBKR (CFD & Saham)

Uff! 😰 This stuff is good to know: “When You Deleted /lib On Linux While Still Connected Via SSH” [2022], Yohanes Nugroho (tinyhack.com/2022/09/16/whe…). Via HN: news.ycombinator.com/item?id=434441… On Lobsters: lobste.rs/s/zmgtvx/when_… #Linux #Debian #Unix #BusyBox #Rescue #SSH

GPU-powered Akira ransomware decryptor released on GitHub - @billtoulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

I recently helped a company recover their data from the Akira ransomware without paying the ransom. I’m sharing how I did it, along with the full source code. tinyhack.com/2025/03/13/dec…

@davepl1968 cc -s -nostdlib -static -Wl,--build-id=none -z max-page-size=0x04 filename.s 440 bytes (AMD64)

I'm surprised I can't it under 8K on Linux. Help me, Linux nerds! Teach me linker tricks!

@lynxluna wah, udah lupa pernah posting ini 😀. Baru inget lagi baku hantamnya. Memorinya bener-bener terhapus kebahagian menyambut anak pertama dulu.

Lah malah gara2 searching malah nemu #bakuhantam lawas di blognya mz @yohanes persoalan “OS HIBRIDA” Ah tahun 2010 emang banyak “jampi-jampi”, alhamdulillah 2020-an keknya genZ lebih melek daripada jampi2 ini 😮‍💨 blog.compactbyte.com/2010/11/03/os-…

I am actually thinking to create content by comparing specs of iPhone and BlackBerry at that time ☝️ and then showing the “tech stack” of each in 2009. Between BlackBerry Bold 9700 their flagship at a time with iPhone 3GS, the last iPhone without Apple chip.

@IntelSupport Which email is wrong? Did you read my first tweet?. I already sent ton secure@intel.com and got auto-reply, which mention the second email secure-opensource@01.org

@yohanes Please note that the email ID that you have used is incorrect. Please visit: intel.ly/3YCmCva and scroll down to "report a vulnerability" and click on the email ID provided there. Intel Customer Support

I tried reporting something to @intel , in the category of "Security issues with Intel managed open source projects" via secure@intel.com, got an autoreply that it is autoforwared to secure-opensource@01.org. I didn't hear anything for a week, I tried emailing directly, but there is a problem with the mail server. What to do now?

That is exactly what I did. Please re-read my tweet. I already emailed with the correct template. Got auto reply (per screenshot), and no more reply after one week and as the auto reply said, the ema for intel open souce project is secure-opensourxe@01.org, and that is not even working. I can't send email to that address via google.

@yohanes Hi! We recommend that you follow the guidelines provided here intel.ly/3BVX03z to report vulnerability issues. Our team will reach out to you if they need any more information. DM us for further discussion. Intel Customer Support

@bilipad sudah saya DM

@yohanes apakah boleh membagikan channel komunikasi dengan bapak untuk kami hubungi secara formal melalui DM? terima kasih sebelumnya

Form registrasi: docs.google.com/forms/d/e/1FAI…

@rubi1945 Bukan, asal Sukoharjo

Gajah Mada nggak pernah makan nasi tiwul (nasi singkong), atau sarapan tempe kedelai sambil minum teh panas. Referensi: blog.compactbyte.com/2024/08/13/gaj…

@INSNadi Iya, kasian ya

@yohanes Beliau ga makan sambal cabe juga brarti

Jika berurusan dengan file virtual machine, kita perlu paham tentang sparse file. Jika tidak paham, disk space dan waktu transfer akan berkali lipat. Catatan: walau agak telat, informasi ini sudah sampai ke pihak yang mengurus restore data PDN. blog.compactbyte.com/2024/08/03/spa…