@Viss

I may be wrong but assuming users don't know what files are helped me resolve a number of family techsupport situations.

@krypt3ia @decryption @jpm @da_667 @sassdawe

@schrotthaufen

SmartScreen windows got increasingly hard to unblock over time "and for a while, it was good". Then I went to a client where the sysadmin unblocked the freshly downloaded executable from the properties window so fast I had to ask him to show me once more what he just did because I couldn't follow.

Life finds a way.

@decryption @jpm @da_667 @sassdawe @Viss

#Xiaomi advisories by Taszk

https://labs.taszk.io/blog/post/114_mi_heap_bof/
https://labs.taszk.io/blog/post/113_mi_rng_predict/
https://labs.taszk.io/blog/post/112_mi_hshake_bypass/

It seems there is some exceptionally dump vendor policy in the works so #NoCVE

@Viss As I see with the rise of smart phones companies successfully convinced users that files and directories are low level magic they are not supposed to know or care about. From this point doing stuff with files in a file manager is sorcery indistinguishable from copying 5 pages of sorcery into the sorcery manager. Confirmation windows never stopped any attacks because users click Yes faster than the blink of an eye.

In essence users are expected to make critical decisions about a system that is hidden from them in every other aspect of working with computers.

@sassdawe @da_667 @jpm @decryption

https://www.youtube.com/watch?v=MhJoJRqJ0Wc

Fresh scan: "The UNIX System - a Sun Microsystems Technical Report" (1985)

https://drive.google.com/file/d/1dW6l6cFAiqTKj3bmTulynKQuOHeHMx0u/view?usp=sharing

I reported a bug in RenderDoc and it got fixed within 45 minutes (!!!)

TotalRecall - Reloaded.

Invested some time again into Windows Recall. Microsoft redesigned the entire architecture with VBS enclaves after the original TotalRecall. Took a closer look at the new defenses. This time going through MSRC.

The dream of a fast and reliable binary analysis framework is now a reality.

Today, we’re open sourcing http://VulHunt.RE 🎉
code: https://github.com/vulhunt-re/vulhunt
docs: https://vulhunt.re/docs

A huge kudos to the entire REsearch team!
https://bird.makeup/users/matrosov/statuses/2025997688437874893

> If you understand neither your program, nor your computer, you will succumb to every bug

~ Sun Tzu*

*not really

@bluedevil I seriously don't get why we can't have proper error messages in 2026...

Meanwhile #IDA Pro: "Oops! internal error 1783 occurred."

#idapro #reverseengineering #hexrays #gdbserver #qemu

RE//verse 2026 videos are online

https://www.youtube.com/watch?v=o0boA1N6JV0&list=PLBKkldXXZQhD1hzCkhhMQXjEQ_qWnFtQn

[RSS] [video] RE//verse 2026: Hacking the Xbox One

https://www.youtube.com/watch?v=FTFn4UZsA5U

@jwz What I'm taking away from this right now is that for the extremely narrow case of a problem that humans have documented well and written strong tests for, a robot can be competitive with a human expert. And then also today I got an LLM slop bug report that entirely misrepresented the code in question and had entirely fake conclusions. I'm still solidly team human.

Major breach in Sweden, where a hacker claims to have stolen PII data and electronic signage documents from Sweden's e-government portal

They leaked the portal's source code to prove the breach

The IT contractor confirmed a breach too

https://www.svt.se/nyheter/inrikes/uppgift-statlig-it-information-har-lagts-ut-pa-darknet

[RSS] Fantastic unwind information and where to find them

https://klezvirus.github.io/posts/Byoud/

@mwichary Is that darker gray frames (on the plastic models) for the wrists??

#BOFH excuse #386:

The Internet is being scanned for viruses.