I have a question: In Signal, imagine that a new device gets added to your phone as a Linked Device. What sort of notification would you receive on your primary device (phone)? Are there photos of the current workflow here? This article https://www.npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability asserts that recently Signal added UI to prevent user getting phished and unknowingly adding a linked device. What did they add?

[RSS] Llama's Paradox - Delving deep into Llama.cpp and exploiting Llama.cpp's Heap Maze, from Heap-Overflow to Remote-Code Execution

https://retr0.blog/blog/llama-rpc-rce

[RSS] Blasting Past Webp

https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html

An analysis of the NSO BLASTPASS iMessage exploit

If it annoys you— as it somewhat does me— that the precise definition of the Rust programming languages is "vibes" and "three separate PDFs, none of them authoritative" and "well, whatever the reference compiler does is the language", this is pretty neat news. https://mastodon.social/@rustfoundation/114229759326166359

Protip: if someone posts a technical or legal analysis of something the administration is doing or proposing and your response is that legalities are irrelevant and a waste of time, the problem is YOU.

You know who wants you to think laws don’t matter anymore and that pushback is hopeless? Fascists.

Don’t act like a fascist.

Conservative folklore peeps in Hungary: "Folktales carry our Traditional Values and the Ancient Wisdom of Our Ancestors. They follow a strict set of Traditional Rules"

Literal Hungarian folktales I found in archives:

- Princess Rosalia Lemonfarts

- The Diamond Prince in a Rubber Suit

- The Magic Flying Penis

- Rapunzel, but it's a bloke who makes a rope from his body hair

- Saint Peter got drunk and puked the first 🌈

- The Princess who became a Prince

#folklore #folktales #storytelling

CodeQLEAKED – Public Secrets Exposure Leads to Potential Supply Chain Attack on GitHub CodeQL https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/

As you probably know loadlibrary by @taviso can load Windows DLL's - including Windows Defenders mpengine.dll - on Linux.

Since the loader needed some debugging I ended up figuring out how to load the Linux-native mpclient into #Ghidra's debugger and use it to debug the PE module too:

https://github.com/v-p-b/loadlibrary/blob/x64_waffle/GHIDRA.md

This can spare an IDA license and performing dark arts with awk and gas...which is actually pretty badass, so if you want to keep doing that without IDA here's a Ghidra script too:

https://gist.github.com/v-p-b/c7d934234297158047b678f655c7d99f

CVE-2025-30232 Exim use-after-free can potentially lead to privilege escalation

https://exim.org/static/doc/security/CVE-2025-30232.txt

(was ZDI-CAN-26250)

[RSS] Android VRP Announces AutoRepro - $1,000 bonus for eligible submissions!

https://bughunters.google.com/blog/6496960683835392/android-vrp-announces-autorepro-1-000-bonus-for-eligible-submissions

Day 421. Following up on the no longer available sustainability fact sheets of #Azure data centers from day 420, we have added those that we know of to the Internet Archive.

See https://pastebin.com/5f0dFRqZ

bisecting will continue until morale improves

while reverse engineering, the eternal question of

"am i misunderstanding what the code is doing or is whoever wrote this really fucking stupid"

The AI bots that desperately need OSS for code training, are now slowly killing OSS by overloading every site.

The curl website is now at 77TB/month, or 8GB every five minutes.

https://arstechnica.com/ai/2025/03/devs-say-ai-crawlers-dominate-traffic-forcing-blocks-on-entire-countries/

You can help #curl by testing this final release candidate, rc3, before the real release happens next week:

https://curl.se/rc/

an ominous I-am-under-NDA-coded warning to immediately uninstall atop has been posted by a reputable tech blogger. https://rachelbythebay.com/w/2025/03/25/atop/

[RSS] Inside Windows' Default Browser Protection

https://binary.ninja/2025/03/25/default-browser-upcd.html

[RSS] CimFS: Crashing in memory, Finding SYSTEM (Kernel Edition)

https://starlabs.sg/blog/2025/03-cimfs-crashing-in-memory-finding-system-kernel-edition/

"Is that free as in beer, or free as in freedom?"

"It's free as in use-after."