Join us tomorrow, April 17th @ 4pm ET, for some live pwn! We'll be using Binary Ninja's shell coding compiler, patching binaries to make them easier to debug, analyzing data moving from globals to the stack to the heap, and finishing by popping shells live with pwntools: https://youtube.com/live/VcK4SoeYZiU

RE: https://hachyderm.io/@Mara/115373191721487331

Half a year later, I'm *very* excited to report that we got initial funding and have hired our first Rust maintainers!

RustNL's Rust Maintainers Team now has two full time maintainers, one intern, and five part-time maintainers, now stably employed to continue their invaluable maintenance work that is crucial for Rust’s long-term sustainability.

https://rustnl.org/maintainers/

Apparently we reached the state of #Thoughtcrime punishment, it's called #precrime and on virustotal. Microsoft and Sophos just "blocked" (aka content filter says it's porn... whuat?) a friend's website because the #AI was suspicious of his AI website probably because on #Virustotal PreCrime is flagging it as will-be-malicious-in-the-future.

I want my Internet back.

@david_chisnall @itgrrl @scottymace User story: I explicitly looked for and manually enabled the history on Android bc there were notifs that contained important info but I sometimes removed them from the screen by accident and I couldn't find them in the corresponding app (can't tell the exact app/feature).

Windows: You can execute stuff by double-clicking

Also Windows: PowerShell is the way to script me!

Still Windows: If you double-click a PS script, it'll open a text editor

@david_chisnall @itgrrl @scottymace "Is there some way of searching them?" I can only speak of Android: here definitely is a system-level option keep a browsable notification history.

Average number of hours between #curl security reports

Material for a pending presentation

AI Use Appears to Have a “Boiling Frog” Effect on Human Cognition, New Study Warns

"In a new study, researchers claim to provide the first causal evidence that leaning on AI to assist with “reasoning-intensive” cognitive labor — mental tasks ranging from writing to studying to coding to simply brainstorming new ideas — can rapidly impair users’ intellectual ability and willingness to persist despite difficulty."

https://futurism.com/artificial-intelligence/ai-boiling-frog-human-cognition-study

#tech #AI #ArtificialIntelligence #LLM #LLMs #FuckAI

@mcr314 @badkeys Source? I doubt someone who makes a mistake like this knows what ECDSA is.

@badkeys My educated guess is they couldn't fit larger keys into their DNS records...

I reported an insecure DKIM key to Deutsche Telekom / T-Systems. They first asked me to further explain things (not sure why 'Here's your DKIM private key' needs more explanation, but whatever...). Then they told me it's out of scope for their bugbounty.

I guess then there's really no reason not to tell you: They have a 384 bit RSA DKIM key configured at: dkim._domainkey.t-systems.nl

384 bit RSA is... how shall I put it? I think 512 bit is the lowest RSA key size that was ever really used. 384 bit RSA is crackable in a few hours on a modern PC (using cado-nfs). The private key is:
-----BEGIN RSA PRIVATE KEY-----
MIHxAgEAAjEAtTliQYV2Xvx1OGkDyOL799BTFEuobY2dn2AgtiKCQgrh78NVK1JK
j0yRXgNnPpGBAgMBAAECMF0t+TBZUCi8xATSMij7VLTxv5Xi5OIXesNiXOKtYIRP
LkpYfR5PggaMScfbmqSssQIZAMwOhm9d7Y7Qi7I2j1AlYbiqdtqO54T7FQIZAONa
9dJFkC6lM3EPXR+0SZ4dqwwpiM0nvQIYYgz8thi5JK264ohq9sTvnu9yKvUN9I09
AhgfgMYZKcxtujRjkSZtMzUUNLYzzDmJe90CGDKwqcBI0v9ChaR8WHht+/chMdxj
7ez94w==
-----END RSA PRIVATE KEY-----

@wdormann I'd agree with that, but I don't know what level of control apps have on mobile.

@Mer__edith

@wdormann As I understand they "knowing why" (as of now) doesn't imply this was *expected* behavior before.

I'd compare the persistent (not self-deleting) messages dilemma to secure deletion: below the next architectural boundary you can't really decide what's happening to your data ("were the bits of that file really deleted from the disk?"), but in special cases you take extra steps to prevent leaks ("let's overwrite a bunch of times, hopefully it helps").

@Mer__edith

I wrote up in the TLS mailing list why I think composite signatures (ML-DSA + ECDSA/RSA) are a net negative, will hurt the ecosystem, and should not be implemented.

Hybrid key exchange was simple and self-contained. Hybrid signatures would be a mountain of complexity in code responsible for half of sev:crit in crypto libraries since 2020.

https://mailarchive.ietf.org/arch/msg/tls/oh3jmmkHzHdp1hk4R4M9QjkmvBk/

watt-hours per password

Our C/C++ code review challenge closes April 17.

The new Testing Handbook chapter covers memory safety, integer errors, type confusion, kernel modules, Windows usermode, and seccomp sandbox escapes through manual code review.

Analyze the vulnerable programs, explain how to exploit them, and submit a writeup. First 10 correct entries win swag.

https://trailofbits.com/c-whats-wrong-challenge/

The Salt Typhoon hack ended the debate on safe lawful access. State-sponsored attackers didn't just breach networks; they explicitly targeted mandated wiretap systems. Backdoors don't just weaken security; they become the ultimate prize for advanced adversaries. 1/2

Thank you for being a valued Streaming Service+ subscriber. Your monthly plan is increasing from $9.99 to $24.99. This price adjustment reflects our continued investment in canceling your favourite shows after one season, removing titles from the library without warning, and building a worse user interface. Note: Your tier now includes ads. To remove them, upgrade to our new Ultra Premium Platinum plan ($39.99/mo). Btw your password can no longer be shared with the people you live with.

Thank you to the company that owns the drivers license embedded into my cybernetic companion animal for emailing me on an address I haven't used since she was born to remind me that access to her identity chip has been sold to an insurance company and any desperate attempts to recover her will now be accompanied by informative articles

CRITICAL: if you are running Mosaic 2.4 on a VAX/VMS system, please be aware of this RCE that GPT-5.4 just found and exploited!