New: Online alcohol recovery startups Monument and Tempest have confirmed they were sharing the personal information and health data of their patients, without their consent, with advertising giants for *years*.

More: https://techcrunch.com/2023/04/04/monument-tempest-alcohol-data-breach/

The Reversing Shorts video you've been waiting for: How to actually reverse engineer shorts? 🩳🧵🪡

Follow along this sewing tutorial and get to know how to copy your favorite clothes! #reverseengineering #sewing @sewing

https://youtu.be/cZcAvohw2z4

DISCLAIMER: me and the ‘nso.group’ domain are not affiliated with NSO Group, and the domain is just a meme domain I owned for 5+ years

'Encouraging creative theft'.
Would this work in USAnian cities? Certainly in some neighborhoods.
Photo text excerpt from #BillMollison's autobiography, Travels In Dreams.
#UrbanPermaculture #fruit #UrbanFarming #Rewilding #GuerillaHorticulture

While the #CryptoWars continue, we would like to remind everyone of two very convincing facts for the pro #encryption side:

✅ 1. Encryption can't be outlawed

✅ 2. Backdoors for the good guys only are impossible

Read our position on the ongoing crypto wars: https://tutanota.com/crypto-wars/

#CSAM #OnlineSafetyBill #BackDoor

"it's not like we can put the genie back in the bottle! 🤷" – VC who stands to profit massively from the release of the genie, and who has worked tirelessly to release said genie

Lol looks like JFrog finally disclosed CVE-2022-0668 [1]. @matthias_kaiser and I found that around a year ago, along with CVE-2022-0573 [2]. Coupled together we could unauth RCE Artifactory 🔥

Funny how they marked the RCE as being as severe as a blind SQLi, a “High”🤪

In neither case were we told the issues were fixed… 🙈🙉🙊

1. https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass
2. https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Data

I wonder if Microsoft should meaningfully strengthen HTA files (not with SmartApps)… (yes, they definitely should) HT @campuscodi

Two vulnerabilities I disclosed to @msftsecresponse got patched today. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 and https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23416. Both are are RCE and given critical severity. The first is a pre-auth vuln in ICMP.

From the bulletin:

How could an attacker exploit this vulnerability?

An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.

#patchtuesday #vulndev #rce

Okay so everybody get ready to preemptively suspend the domain once we know what it is

> Meta is building a decentralized, text-based social network

https://www.platformer.news/p/meta-is-building-a-decentralized

> The app is codenamed P92

> The P92 app will support ActivityPub, MoneyControl reported

Major win for encryption.

European Data Protection Supervisor Wojciech Wiewiórowski said the indiscriminate scanning of private communications proposed by EU’s CSAM regulation “will always be illegal under the Charter of Fundamental Rights (and probably under several national constitutional laws as well),” https://www.euractiv.com/section/law-enforcement/news/eu-watchdog-online-child-abuse-draft-law-creates-illusion-of-legality/

lol, a way to bypass the Microsoft account requirement in Windows 11 - type username no@thankyou.com, any password, and it bumps you to local account creation.

BlackLotus Shows again: Revocation lists don't work, and Code Signing is not going to save you.