As of today, Firefox Nightly ships with "HTTPS First". So, all new tabs, all links will try HTTPS🔒 regardless of the written URL scheme. When HTTPS fails, Firefox will fall back to using http.

This is thanks to the tireless work of our intern @mjurgens 👏👏👏.

Random objects: Intel Edison, or a look at the misadventures of x86 in the IoT space - https://lcamtuf.substack.com/p/random-objects-intel-edison

If you are still doing this to your customers, you're not understanding what has happened in the world of technology since 2004 and you are part of the problem.

Urvile, of Legion of Doom, discusses dumpster diving at the Bellsouth phone company on NBC Dateline in 1992.
#hacker #hacking #history

The wonderful world of #OpenSource and #Mastodon! https://tech.lgbt/@nina_kali_nina/112659983582469484 where Nina asks a question, I answer with a partial solution based on a little project by @vadim which is missing a specific feature. Vadim sits down, codes that missing feature, commits it, I pull his updates, build a new container and now we all have an even better way to turn Mastodon threads into copy/pasteable #Markdown.

https://mtr.wildeboer.net

That all happened in less than 5 hours!

I have rebased the #illumos / #solaris port of #Tailscale onto 1.68.1

https://github.com/nshalman/tailscale/releases/tag/v1.68.1-sunos

And here's my occasional Fedi outreach about my dream retrocomputer - does anyone have a Sun Ultra 45 they are willing to part with? I'm just a sad, pathetic person living in Arctic Sweden who has been trying for more than two decades (!!) to get his hands on one.

Boosts are definitely love.

#retrocomputing #unix #sun #solaris

Frankly, I'm appalled by the prospect of LLMs taking offensive security research jobs from honest, hard-working fuzzers

✍️ When Samsung Meets Mediatek - The story of a small bug chain by @max_r_b @pwissenlit Raphaël Neveu

https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Slides-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf

Robel Campbell of Blackpoint Cyber performed patch diffing and root cause analysis on the Microsoft Outlook Remote Code Execution Vulnerability CVE-2024-30103 (see parent toot for links) and stated the following:

• It requires valid credentials of the target user to exploit. This is important to know because there is a lot of posting calling this a 'zero-click' exploit and while it might be true to an extent, you still need to be able to create a Form in the target users Outlook client, which requires authorization.
• It's a bypass for a previously patched vulnerability (CVE-2024-21378)
• Indicators of exploitation may include a suspicious DLL loaded in the Outlook.exe process, suspicious outbound connections from Outlook.exe and spawned child processes.
• Exploitation is less likely at a large scale given that an attacker would need a user's credentials to set the attack up. Applying the latest patches is the best way to defend against this exploit.

View the original message at the bad site: https://twitter.com/RobelCampbell/status/1804171069558755624 cc: @GossiTheDog

#CVE_2024_30103 #CVE_2024_21378 #Outlook #vulnerability #CVE #Microsoft

so with the recent news i’ll ask again

does anybody have a uefi firmware image that includes kaspersky antivirus for uefi?

“For this you keep a lab notebook. Everything gets written down, formally, so that you know at all times where you are, where you've been, where you're going and where you want to get. In scientific work and electronics technology this is necessary because otherwise the problems get so complex you get lost in them and confused and forget what you know and what you don't know and have to give up.”

- Robert Pirsig, Zen and the Art of Motorcycle Maintenance

#engineering #space

NEW: The U.S. government has sanctioned 12 executives and senior leaders of Russian cybersecurity giant Kaspersky.

Notably, Eugene Kaspersky and company itself are not on the sanctions list.

These sanctions come a day after the U.S. government banned the sale of Kaspersky software in the United States.

https://techcrunch.com/2024/06/21/u-s-government-sanctions-kaspersky-executives/

+++ COMMERCIAL BREAK +++

🎶 "Sometimes you wanna go
Where everybody knows your name
And they're always glad you came
You wanna be where you can see (ah-ah)
Our troubles are all the same (ah-ah)
You wanna be where everybody knows your name ..." 🎶

RC-BOX BBS #rc2014bbs - the world's first and (currently) only #rc2014 based bulletin board system #bbs on this planet. Open 24/7!

Running CP/M 2.2 #cpm and #rcbbs (forked and highly customized #RBBS 4.1), connected to the modern world via a #WiFiModem and a 9600 #baud serial line.

RC-BOX BBS - we are looking forward to your visit!

Has reliance on SSO left orgs with a single point of exploitation? Our latest research by Francesco Lacerenza explores various IdP compromise scenarios as well as how to harden and detect attacks in Teleport installations.
#doyensec #teleport #security

https://blog.doyensec.com/2024/06/20/compromised-idp.html

"Low-Level Software Security for Compiler Developers"

https://llsoftsec.github.io/llsoftsecbook/

#infosec #compilers

I feel like the Internet Archive debate hits differently in countries like the US and UK, and countries like Hungary.

I do tons of academic research. The volumes needed to keep up with academia often run $100+ each. And unless I order them from overseas (delivery $30-50 each) there is no access to them. Several don't have a copy *on the entire continent* (few Hungarian libraries do international loan but it takes large amounts of money and months.)

I imagine many countries are even worse off.

Popular opinion seems to be that #GNOME and #KDE are "fighting/competing."

Sure we have our differences in philosophies and design, but it's way more akin to siblings having small spats. But in the end we are siblings in #FOSS family and I like GNOME folks a lot. And if anyone attacks my siblings, I'm there to defend them.

We can and we should work together as much as possible, not just GNOME or KDE but all other DE's too like #Budgie and #XFCE to be the best computing experience possible.

It's not perfect and it's never gonna be because perfection is unattainable, but perfect is also enemy of good.

Let's keep doing our best. Together.

#linux

Edit: happy pride! And trans rights are human rights.

NEW: U.S. government bans sale of Kaspersky software in the country — both consumers and businesses — due to security and privacy risks from Russian government.

“First of its kind” sales ban starts on July 20. After Sept. 29 Kaspersky can't send updates to U.S. customers.

“Russia has shown it has the capacity, and even more than that, the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans. And that’s why we are compelled to take the action that we’re taking today,” U.S. Commerce Secretary Gina Raimondo said in a call with reporters.

https://techcrunch.com/2024/06/20/us-bans-kaspersky-software-security-risk-russia/

Can LLMs find vulns? Here’s what Project Zero found

https://googleprojectzero.blogspot.com/2024/06/project-naptime.html