Posts
2575
Following
624
Followers
1379
"I'm interested in all kinds of astronomy."
This follow-up to CVE-2024-57882 by Solar Designer also worth reading:

https://seclists.org/oss-sec/2025/q2/3

"A reason CVE-2024-57882 may have stayed unpatched in a distro is it could have been wrongly believed to be a NULL pointer dereference only due to a specific crash reported by Syzbot."

"net.mptcp.enabled can be set from inside an unprivileged net namespace"
0
0
3
"bribing a senator with a 9-letter name will alter the last letter in their name on their subsequent appearances"

https://banyaszvonat.github.io/breaking-videogames/2025/03/30/off-by-one-or-is-it-two.html

#gamehacking #Disgaea
0
1
1
@GossiTheDog @cisakevtracker Thanks for the heads up! I'm quite skeptical though given the previous FUD reports, can't wait to see more info about any observed attacks!
1
0
2
repeated
@kajer @256 Good one! .HLP was also a vector for a long time, pretty sure there was some parser bug in the thumbnailer, *gestures wildly* Internet Explorer...
0
0
0
@kajer @256 I'm like 3 minutes in, and I remember at least 3 remotely exploitable vulnerabilities in the presented features, fun times!
1
0
2
repeated

Computer Chronicles - Windows 98
https://archive.org/details/Windows9_2

1
4
0
@cR0w @wdormann I mean it's the logical next step if you want to pretend you can solve an unsolvable problem.
0
0
2
@cR0w @wdormann Probably? Gmail definitely does that. Zero-click attack surface ftw!
2
0
3
Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol

https://seclists.org/oss-sec/2025/q2/0

"The analyze(sic!) of the patch (https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cbb26f7d8451fe56ccac802c6db48d16240feebd) reveals that the root cause of the bug has been partially fixed."
0
1
1
@Ange that's the spirit! 💪
0
0
0
repeated

turns out Qualcomm dropped the sources for talking to their Embedded USB Debug (EUD) peripheral, and it works on the OnePlus 6!

This means we get JTAG access directly via the USB port, yes seriously! There is also a UART peripheral which we can hook up (so far untested).

Basically you write 1 to a magic register (typically from the Linux driver but i have been testing from U-Boot) and all of a sudden a 7-port USB hub appears on your PC (in addition to whatever USB gadget you had set up) with a single device which is the EUD control interface.

Now that the code to talk to it is public (and functional with this openocd fork https://github.com/linux-msm/openocd) you can get JTAG access to the device for easier debugging of the kernel or U-Boot!

It seems like this works "by accident" on the OnePlus 6, likely the same debug policy misconfiguration that causes the device to go to crashdump instead of just rebooting (so it's unlikely to work on say, the PocoPhone F1, but maybe worth a try!).

There seem to be protections in place so you can't escalate to EL2 or EL3, when in EL2 all registers read as 0

1
4
0
repeated

Lorenzo Franceschi-Bicchierai

Edited 7 hours ago

Wanna earn up to $100,000 a month? Perhaps doing crime? For obscure reasons? This is your opportunity.

Don't miss out on this bizarre hacking campaign, which is currently looking for recruits on Twitter.

🤔 🤔 🤔

https://techcrunch.com/2025/04/01/someone-is-trying-to-recruit-security-researchers-in-bizarre-hacking-campaign/

2
4
1
repeated

Don't. Make. Me.

0
23
0
repeated

Jonathan ‘theJPster’ Pallant

Me: The 90's were great

Also me: *casually downloading a 6 GiB ISO at 30 MiB/sec in 3.5 minutes*

Some things are definitely better than they were, and download speeds is one of them

0
3
0
repeated

New tool! Meet the iFixit ESD-Safe Hammer.

We hear you: sometimes you need a little more oomph to finish your fix. So, we engineered the world’s first hammer designed for electronics repair. It's built with a non-conductive handle, ESD-safe head, and just enough heft to "persuade" stubborn components.

Perfect for:
🔋 Glued-in batteries
🪛 Stripped screws
🔌Soldered memory
💥 Stress relief

Now unavailable at iFixit.com.

15
14
0
Show older