Recently, you might have read about how ChatGPT started talking about goblins, gremlins and pigeons more and more in its user responses. For instance, instead of saying something like “there’s a bug in the code”, it would say “there’s a program goblin present”. OpenAI’s response to this was somewhat indicative of how difficult it is to control LLM’s in what they can potentially say to a user, and that was by adding a line to the codex-rs/models-manager/models.json personality, basically telling the model to: ...
Microsoft Teams goes ultrasonic
There are a few reports online of people hearing piercingly high beeps when using Microsoft Teams. Some believe it’s related to people joining and leaving the call. I use a Focusrite audio interface and was very surprised to see high-energy sound showing in the VU meter LEDs during a period of silence in a call recently. So I captured the audio and this is what I discovered. The beeps were in the 19479Hz range, give or take a few Hz. Not exactly 20Khz for some reason. And for some people with good hearing, it really Hertz! 🙄 ...
Testing TLS Clients with OpenSSL
There are many tools available to test TLS servers, but sometimes you may need to test a TLS client, just to see what ciphers and algorithms it supports. This article explains how to use OpenSSL to create a TLS server that you can modify and have clients connect to. Create some certificates If you don’t already have a server key and certificate bundle then you can follow these steps to create a CA, a CSR and a server certificate bundle for your OpenSSL server to use. ...
Creating incremental sized fuzz payloads in OWASP ZAP
During a recent security review I was working on a very simple web application. I needed to determine the size of a payload that would result in a “payload too large” message from the server. The idea being to start with a single character (A) and then (AA) and then (AAA) etc. until the response message changed. I could have done this with Python but as I already had a copy of ZAP open I decided to use it instead. My initial assumption was that this would be easy and straight forward. I was however surprised to find it was not. Thankfully I discovered a solution in the form of the ZAP regular expression payload generator. ...
Vscode Telemetry
What it’s sending and how to block it. I tried out Visual Studio Code the other day after hearing a colleague refer to it, and I think I also saw it being used in a video and I liked the look of it. So I went off and grabbed a copy and started playing. The first point of interest for me was the ability to add add-ons, one in particular being remote SSH browsing. I thought this was a great idea so grabbed that too. Here’s where the security fun starts. ...
Retrieving your public IP address on the command line in Linux
URL #1 $ curl http://ipecho.net/plain; echo URL #2 $ curl ifconfig.me
Improving your code quality in one simple step!
Want to improve your coding quality? Here’s how. Add the following line into your /etc/hosts file (Linux) or %WINDIR%\System32\drivers\etc\hosts file (Windows): 0.0.0.0 stackexchange.com
Welcome
Welcome to my site I will be uploading lots of interesting technical and security related material here soon.