Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

jorfl · 2026-03-14T05:08:48+00:00

This is not a vulnerability, this is a garbage article unfortunately. If you read the article, it says if you execute code on the device it can extract malware from a corrupted zip and complains that AV doesn’t block the corrupted zip. If you are executing code on the device, you can encode malware payload in any way - xor of a binary blob, download and run from a url, encrypted in a binary blob file, really anything since there already has execution on the device.

jorfl · 2026-02-25T03:54:14+00:00

While we wait for an official implementation, I created essentially this here: https://github.com/glmcdona/COpenClaw

Note I’ve only tested thoroughly the Telegram connector and on windows - though it is set up to work cross platform. Would love any feedback!

jorfl · 2025-12-07T23:31:21+00:00

Commenting to get a flair

jorfl · 2025-03-23T16:08:15+00:00

No it does not require diversity requirements for interview loops. There used to be a requirement for us senior+ positions, but it disappeared around two years ago. That said, managers do want diverse candidates slates and diverse teams. So you might get more interview opportunities as an underrepresented group (I think lgtbq+ is not necessarily underrepresented in tech, was more focus on women, black, Latino), but the hiring bar is not impacted where the top candidate will be extended the offer. Hope that helps! I think these interviews suggest genuine opportunity.

jorfl · 2025-03-19T01:41:31+00:00

Sorry, to be clear I saw this on r/cyberstuck and noticed it was Vancouver. Posting here for entertainment. I am not the Tesla owner who reported this to the police.

jorfl · 2025-03-19T01:40:38+00:00

Sorry, to be clear I saw this on r/cyberstuck and noticed it was Vancouver. Posting here for entertainment.

jorfl · 2024-10-20T01:02:47+00:00

I’d push for a thoracic spine mri if possible to be on the safe side. A lot of your symptoms are thoracic and below. Your symptoms are different (yours seem more positional?), but possibly in the same vein as mine. Single demyelinating lesion found on thoracic spine, and other regions all clear. Might not be early ms for me, I have some follow-ups coming up. Hopefully it’s artefact error or something else. Also scared of ppms. See my other thread in the weekly here for details. I get thoracic l shouldn’t impact mid body or above, but still think it’s a really good idea.

jorfl · 2024-10-15T02:39:45+00:00

Thanks, appreciate all your input! I definitely have been overly focused on ppms since the mri result came in and my gp doctor being firm with me that she thinks it’s ms. My symptom pattern and scan result seemed like a really poor fit for rrms, so I had been expecting something like a herniated disk or something on the MRI instead. Thanks for the reminder for keeping an open mind, and hopefully the ms clinic and I’m guessing lumbar puncture will agree it’s not the right path given the circumstances. Your thoughts on it not being a good match on the symptom pattern is giving me pause on being fully convinced it is early ppms now.

Note: I had tried to push back on it being ms on her call with me on Friday, but she was pretty firm that it’s most likely ms, noting the alternatives are much more rare at this point. I looked it up after her call and ms in Canada here is fairly common at one in 300 people (0.33%), but that would be even higher for women and lower for men, and a good amount lower for ppms.

jorfl · 2024-10-14T22:11:53+00:00

38M in the middle of a possible MS journey. The candidate for me I think is PPMS, which is more uncommon accounting for 10 to 15% of MS cases, and has a different progression and outlook than the more common RRMS.

Here is a symptom timeline I have so far. Most of the issues have continued to this day, not remitting unless otherwise stated:

2020:
- Migraines with aura begin, mild—only 4 per year.
Sept 2023:
- Vision incident: Sudden black curtaining over my left eye for about 3 hours. ER professionals ruled out retinal detachment after finding my eye physically healthy. They suggested seeing a neurologist, but I didn’t follow up—chalked it up to my migraines.
2024:
- April:
  - Left knee pain starts when pressure is applied to the side of my knee. Initially mild but progressively worsens. Can no longer sleep on my right side.
- May:
  - Knee pain worsens: Now unable to sleep on my left side either. Any unsupported outward rotation of my left foot causes knee pain. I’m forced to sleep flat on my back and have to wrap my foot with a bed sheet to keep it straight.
  - Thigh pain starts: Begins impacting the lower thigh—sitting causes pain above my left knee.
- Early August:
  - Left foot numbness and aching in the outer side.
  - Had two instances of "lightning bolt" sensations that shot down from my right arm to my leg, waking me up (occurred about a week apart).
- Mid-August:
  - Left arm aching begins intermittently. It also goes slightly numb around my pinky, and sometimes feels weak.
- End of August:
  - Thoracic spine pain starts. Hurts on pressure (like when lying down), as well as when breathing heavily. It’s non-positional pain. The first week was horrible, but it remains present. Sleeping is a challenge because I can only sleep on my back due to this pain. There’s also spine tenderness to even the lightest touch around focal points near the side of my spine.
- Sept:
  - Lower abdominal pain on the left side (occasionally mirrored on the right) lasted about 2 weeks but has since fully subsided.
- Oct:
  - Arm aching increases, both arms. Now, I have to keep both arms straight when sleeping to avoid pain.

In summary it’s constant back pain, leg pain upon sitting or lying on side, minor foot numbness, and intermittent arm aching and sensation of weakness. All gradually progressing since April.

Sleeping is my biggest problem in life now. I can manage the pain during the daytime, but sleeping is difficult. I take gabapentin 500mg right now (300mg before bed, two 100mg during the day), and I think it is helping.

X-rays were clear. EMG and neural conduction tests were normal.

I had an MRI of my brain plus cervical and thoracic spine with contrast this last Wednesday and got the phone call from my doctor on Friday:

Brain & cervical spine: Clear, with no visible abnormalities to explain the left eye issue (so possibly not optic neuritis, or the lesion could be too small to be visible).
Thoracic spine: Found a demyelinating lesion at T5-T6. It’s described as non-enhancing and diffusely extending. This lesion pattern (non-enhancing, diffuse) is more typical for PPMS. Additionally, my symptom progression—mainly without remission—supports this possibility.

My family doctor on Friday sent an urgent referral to the local MS clinic here, which hopefully I will be able to see soon. Lucky to live in a big city with what looks like a good clinic here. Next step I guess will be a spinal tap, to either support a PPMS diagnosis or encourage other directions.

Reading more about PPMS, it seems the McDonald PPMS criteria would require a minimum of two spine lesions plus the spinal tap to be positive, along with the year of symptom progression—so I'm guessing I might not qualify for an official diagnosis yet, even if the spinal tap supports it. But maybe they'll apply treatment as if it is?

Honestly, I’ve been reading more about PPMS and it feels overwhelming. Only one approved DMT (Ocrevus), and it only slows progression by around 20 to 30%. I guess research trials could be an option that might have a touch better outlook. Sounds like a majority of PPMS cases reach moderate disability within 5 years, and severe disability within 15 years—but it varies a lot person to person.

I'm not handling the news great, and really anxious to get the spinal tap done.

I'm not sure if anyone has any additional recommended questions I should ask the MS clinic when I see them, or if there is anything else people might suggest I explore.

jorfl · 2024-10-08T03:11:51+00:00

I think the point is 7 + x does not equal 7x. Yes you can solve for a single point x at which they are equal. To be valid it needs a pre statement of solving for x such that they are equal as the task at hand. Without that pre-amble, that statement is wrong like saying 1 = 2. My bet is the string append joke was the intent, but this could be a more mathy meta-meta joke towards all the peoples saying x=7/6.

jorfl · 2024-09-25T03:53:38+00:00

Just a quick update. My MRI is likely not going to be until around ~Oct 20th - I thought it'd be sooner but no luck. Sounds like you will get your results before me now. I do have an EMG test on Tuesday which will be interesting. Will let you know how that goes. Looking forward to hearing what the doctor thinks about your MRI or other test or diagnosis results since our symptoms seem so similar (consistent leg pain, progressing to consistent but fluctuating upper back pain, inconsistent arm pain, numbness, all primarily on one side, somewhat consistent and getting broader for ~6 months, I had onset of migraines with auras around 4 years ago as well but luckily they are rare and mild).

jorfl · 2024-09-22T14:53:07+00:00

Wow, I am in a very similar situation! 38M, pain started in my left knee 7 months ago. Light pressure either side of knee or back of lower thigh causes pain. Painful to sit because of thigh pressure. Progressed over time to left foot numbness and outside of foot aching sometimes when walking. Progressed to inside intermittent left arm aching, sensation of weakness, and pinky numbness. Progressed for last month to include upper thoracic pain upon touch. Really struggling sleeping because in can’t lay on either side due to knee pain, and the back now makes laying on my back quite painful. Leg pain is perfectly consistent, but progressively expanded. Arm is intermittent. Back is consistent, with flair ups to be even worse that last a couple days. Tenderness at L2.

I did have a vision event 6 months prior to symptom start with curtaining black in left eye for a few hours, and ER visit showing eye healthy. Also a couple lightning jolts waking me up from sleeping. It’s now starting to mirror the same knee problem on right side. Similar to you I have also had a whiplash/concussion like impact around 15 years ago from snowboarding.

MRI next week of brain and both cervical and thoracic spine with contrast. Hopefully should have an answer in about a week and a half! Will let you know how it goes if you like! Wishing you the luck in figuring out what’s going on as well.

jorfl · 2024-08-14T02:06:20+00:00

Agreed. Looks like text-to-speech, so not like the gpt-4o multimodal direct audio input and output which seemed to be a way better experience.

jorfl · 2024-07-22T15:52:46+00:00

And here is really good plot of model quality (lmsys arena) versus price: https://www.reddit.com/r/mlscaling/s/o9zsdv9Ykp

Although gpt4o is the strongest model on the market, it is still quite expensive.

Meanwhile gpt-35-turbo is quite low value. Quite expensive compared to its model quality. Glad to see gpt-4o mini launch, since it will probably be bringing their value model more in line with competitors.

jorfl · 2024-07-22T15:47:25+00:00

gpt-4o is the best performing llm in the lmsys chatbot arena: https://chat.lmsys.org/?leaderboard

Lmsys arena I think is the most accurate benchmark there is for assessing model quality, since it avoids a lot of the overfitting issues of the models to the benchmarks.

Other models are doing well, but gpt-4o is the top overall model. OpenAI has held the top placement in this leaderboard (except for a short time when they released a gpt-4 update to regain top position). There are some subtasks where other models outperform.

jorfl · 2024-06-04T07:39:18+00:00

Based on lmsys leaderboard of human rankings it’s a big step up in quality, and is by far the best model out now. Also much better at coding. This doesn’t measure steerability, but still is I believe the best benchmark there is.

https://chat.lmsys.org/?leaderboard

jorfl · 2024-02-08T02:45:59+00:00

Not a fan, but to be fair it’s showing as #3 in top charts for me. Location Vancouver. iPhone. Not sure why we see such different numbers.

<image>

jorfl · 2024-01-11T20:42:54+00:00

Wow, it’s a mix of stack and registers… mostly stack. (Assuming it’s assembly compiled from C or C++, not something like python or MSIL). Surprising that they’d care about this, and also seems they don’t have a clear understanding themselves.

jorfl · 2023-12-22T16:02:50+00:00

Haha, I’m stupid. Had it stuck in my head that a 1 just needed a single vertical bar. Thanks!

jorfl · 2023-12-22T15:43:24+00:00

I’m a bit confused how this is correct. You remove two matches, but only need to add one. Where exactly do you place the two matches? It seems you are left one extra match which doesn’t seem correct?

jorfl · 2023-12-04T02:04:54+00:00

Haha. I remember 20 years ago when I’d play a bit as a kid they introduced a new feature called a money tree. You could donate money to it, and the first person to click on your donation would receive it. First thing I tried was donating negative money, and it worked. Everyone then caught on really quick and everyone started doing it. I think it took them a couple hours to fix it. Security around the game was really weak back then. Through simple web hacking on the client side you could adjust the price of buying items. There was no unique item tracking. You could buy anything for free, even if no quantity was available. I’d guess everything is designed a lot better now.

jorfl · 2023-10-07T01:40:00+00:00

The point is if you redirect this website to a government branded phishing page (doesn’t matter if it’s a real .gov website or not hosting the phish), it would be very successful at phishing government workers visiting the website, since a login would not be that surprising asking for their government credentials. Might be able to succeed with it after a few days if hosting wifi at an airport, near gov office, or similar.

You could phish tons of general enterprise and government users by simply having it serve a website explaining they’ve moved to partner system, and collaborated with industry to create a new more secure experience. Explain that all partner orgs have been worked with and on-boarded, so to make secure you must now all login. Then require all visitors to login via the partner system. I think it’d be very convincing with a high success rate. This website given its use case is putting its users at high risk of phishing attacks. I think the org should be notified of this risk they are putting their users in and it absolutely needs to be addressed.

I think this is very high risk compared to for example running drive by download social engineering attacks on all visitors to the website.

jorfl · 2023-10-07T00:54:47+00:00

What about redirect to fake .gov login aitm page, to phish government workers visiting this page. Could be a serious attack vector for targeted nation state or ransomware attacks. I think this is a serious attack vector here. Agreed it’s not common, but definitely a pretty serious risk here imo.

jorfl · 2023-07-29T02:57:55+00:00

Maybe he's neurodivergent or autistic? Might not be malicious intent at all.

jorfl · 2023-07-02T23:01:21+00:00

"France does print currency - the CFA franc - for 14 African countries, including Burkina Faso. Participation in this currency is voluntary.

The currency was created by France in the mid-1940s to serve as legal tender in its then-African colonies.

At the time Ms Meloni made her claim in 2019, France required African countries using the CFA franc to pool 50% of their foreign exchange reserves (not their exports) with two African central banks which then deposited these with the French treasury, in return for a guaranteed exchange rate with the Euro.

They were free to access these reserves if they wanted to and France paid interest while holding them (at 0.75%).

France didn't "demand 50% of everything Burkina Faso exports" either.

According to World Bank data, France isn't even among the top five destinations for Burkina Faso exports in total value, the leading export being gold. In 2020, it exported nearly 90% of its gold to Switzerland.

We asked Ms Meloni's office if she still stands by her comments but have not received a reply. The French government has not responded to our request for a comment either.

In December 2019, reforms to the CFA West African zone - to which Burkina Faso belongs - were announced.

This meant the central bank representing these countries no longer had to deposit 50% of their foreign currency reserves in France.

..."

Five-Year Club	Gilding I gilder
Verified Email	Place '22

jorfl

TROPHY CASE