Posts
4118
Following
733
Followers
1623
"I'm interested in all kinds of astronomy."
repeated
repeated
Edited 4 hours ago

Mastodon 4.6 released today. It lets me force 2FA on accounts.

Also, heads up, I am going to force 2FA on accounts.

Note: this is only applicable to: infosec.exchange
infosec.space
ioc.exchange
convo.casa

19
14
0
Yeah sex is cool but have you tried time-travel debugging?
0
1
4
repeated

⏱️ IDA 9.4 pre-release teasers start now.
First up: wider processor and platform support.

The upcoming release adds a Qualcomm Hexagon module, MCore and C-SKY V1, complete AArch64 SVE/SME, improved TriCore analysis with proper calling conventions, and expanded RISC-V coverage including Hazard3/RP2350 and new vendor extensions.

👉 https://hex-rays.com/blog/ida-9.4-wider-processor-and-platform-support

0
3
0
@freddy I'm disappoint, numbers used to mean things...

By this logic next time I pay the shop 7% less :P
0
0
0
I just received a pair of 18650 cells I ordered. They are 70mm tall (not "65").

Is this normal?!
1
0
0
repeated

load bearing hardcoded credentials for national security purposes

1
2
0
repeated
Edited 8 hours ago

Happy Birthday to M. C. Escher, born on June 17, 1898, in Leeuwarden, Friesland, the Netherlands.

Like other famous artists such as Michelangelo, Leonardo da Vinci, Raphael, Picasso, Toulouse-Lautrec and Rubens, Escher was left-handed. Escher was forced at school to become ‘double-handed’, which was beneficial for his artform.

More at https://escherinhetpaleis.nl/en/about-escher/escher-today/left-handedness?lang=en
https://www.dailyartmagazine.com/left-handed-artists/
1/n

2
7
0
repeated
repeated

An ecrime group has somehow gained access to 75k Fortinet firewall devices - dubbed Fortibleed

Blog https://www.infostealers.com/article/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosure/

Check if your domain is impacted: https://www.hudsonrock.com/fortinet

I’ve verified the data is real. They’ve been dumping the Fortinet config - not sure how yet - and then cracking the passwords it appears. Data is being resold online.

2
11
0
Claude 'Jia Tan' Code
1
5
11
repeated

Project Zero Bot

New Project Zero issue:

apple-zlib: uninitialized memory leak during decompression in inflate

https://project-zero.issues.chromium.org/issues/488250572

CVE-2026-28920
0
1
1
repeated

Project Zero Bot

New Project Zero issue:

Linux: recursively oopsing task can get preempted while TASK_DEAD, causing stack refcount overdecrement

https://project-zero.issues.chromium.org/issues/510793286

CVE-2026-46173
0
1
0
repeated

Project Zero Bot

New Project Zero issue:

vpu driver close instance ioctl races with itself causing UAF

https://project-zero.issues.chromium.org/issues/493643407

CVE-2026-0163
0
2
1
repeated

Project Zero Bot

New Project Zero issue:

libheif: Heap-based Buffer Overflow in Uncompressed Image Tiled Decoding

https://project-zero.issues.chromium.org/issues/507396184

CVE-2026-47178
0
1
0
repeated

joernchen :cute_dumpster_fire:

Edited 14 hours ago

So many calcs so little time.

3
4
1
repeated

Hoshino Lina (星乃リナ) 🩵 3D Yuri Wedding 2026!!!

Edited 20 days ago

OMG. Apparently tons of people have been generating secrets on an old server-side key generation website that had incredibly weak entropy. Like, 10 bits or something.

The website was allkeysgenerator[.]com. Here is a dump of 1000 keys generated on it. Searching for the URL finds hundreds of people recommending it for key generation.

Some of these snippets have hundreds of GitHub results.

The exact algorithm is unknown but (see below) It generates extremely predictable strings, you can visually see how the delta from character to character is almost constant. Thanks @dramforever for doing some analysis here. Their script here can generate the vast majority of sequences from this website.

Update: This script generates the entire list from a single seed, and large chunks of another.

I'm certain you can break into production websites using these keys for cookie signing etc.

5
9
0
@Viss This sounds like KaiOS with extra marketing
1
0
0
Show older