My colleague @nickmalcolm made a pretty cool vuln explainer video

https://youtu.be/ydg95R2QKwM

this is an absolutely fantastic license and i will certainly use it for some of my software https://github.com/meithecatte/bashfuck/blob/master/LICENSE

Part 2 of our new series on identifying and exploiting router vulnerabilities, including practical examples from real-world cases is now out:
https://medium.com/@odedvk/identify-and-exploit-vulnerabilities-in-routers-an-introductory-guide-technical-case-studies-d0f1a24d35ef

I do realize I'm screaming into a void, but writing this email was cathartic.

Top articles from this week: White hat hacker shines spotlight on vulnerability of solar panels installed in Europe http://dlvr.it/TBvXRM?utm_source=dlvr.it&utm_medium=mastodon

MIT gets rid of their Elsevier contracts:

“For MIT to continue to pay millions of dollars to corporations that lock up the scholarship that comes out of our own campus was just inconsistent with MIT’s history of supporting open education and research,” said Chris Bourg, Director of Libraries at MIT.

https://sparcopen.org/our-work/big-deal-knowledge-base/unbundling-profiles/mit-libraries/

@fafo presents: Gardena zu Rasterelektronmikroskop Adapter

OpenAI: Disrupting a covert Iranian influence operation
OpenAI announced Friday (16 August 2024) that they identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as Storm-2035. The operation used ChatGPT to generate content focused on a number of topics—including commentary on candidates on both sides in the U.S. presidential election – which it then shared via social media accounts and websites.

The operation generated content about several topics: mainly, the conflict in Gaza, Israel’s presence at the Olympic Games, and the U.S. presidential election—and to a lesser extent politics in Venezuela, the rights of Latinx communities in the U.S. (both in Spanish and English), and Scottish independence. They interspersed their political content with comments about fashion and beauty, possibly to appear more authentic or in an attempt to build a following.

IOC provided.

See related The Hacker News reporting: OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda

#threatintel #Iran #influenceoperations #openai #chatgpt #disinformation #propaganda #IOC

I just released pdbconv, a program to convert PDB files between the plain old MSF format and the new MSFZ format that MS hasn't officially released yet.

It's available on github: https://github.com/ynwarcs/pdbconv

I also made a blog post describing the new format and what lead me to write the converter: https://ynwarcs.github.io/pdbconv-pdb-compression

1 #million views! Today is a momentous day for the #WHY2025 #MCH2022 #SHA2017 Youtube account.

The video of a talk called "Non-Euclidean Doom: what happens to a game when pi is not 3.14159…" reached 1 million views on Youtube a few minutes ago.

The video is of course also on media.ccc.de and has reached almost a hundred thousand views there.

The recommended way to watch the video is https://media.ccc.de/v/mch2022-236-non-euclidean-doom-what-happens-to-a-game-when-pi-is-not-3-14159-, but if you want proof of the milestone, check out https://youtu.be/_ZSFRWJCUY4

CVE-2024-41660: A Critical Vulnerability in OpenBMC https://tetrelsec.com/posts/cve-2024-41660-slpd-lite/

MIFARE Classic: exposing the static encrypted nonce variant https://eprint.iacr.org/2024/1275.pdf

Wired was manipulated into spreading misinformation to market Palantir and iVerify by misrepresenting a vulnerability in a disabled demo app as being a serious problem which could be exploited in the real world. They should retract the article but won't.

https://wired.com/story/google-android-pixel-showcase-vulnerability/

GrapheneOS has gone through each of the carrier apps included on Pixel generation to determine their purpose and consequences of including or excluding them. Here it is being excluded from the new adevtool project for ProtonAOSP and GrapheneOS in 2021:

https://github.com/GrapheneOS/adevtool/commit/9c5ac945f#diff-95eb7b50f2781158146e721436d7c5d6f7421755906307a6b7a1f727bb20d53eR109

GrapheneOS has publicly posted about the carrier apps included on Pixels and their privileged permissions on numerous occasions. We talked about the ones which get enabled automatically based on using a SIM from a carrier rather than a disabled demo without an automatic trigger.

For #CircuitPythonDay2024 I'm porting Micropython to the SensorWatch SAML22J18 that fits in the classic Casio FT-91W. https://www.sensorwatch.net/

It's the Freya's day today so let's run another #nakeddiefriday why don't we.

Today I got a #French classic form 1983, one of the very first chip cards. The micromodule is a very characteristic shape of those designed by Bull.

On the die itself, the EEPROM array is in the very center, with the address counter to the right, drivers above and the data multiplexer below.

Note the designer initials, C.B. and Y.G.

Hi-res: https://siliconpr0n.org/archive/doku.php?id=infosecdj:bull:et1001

#reverseengineering #electronics #icre #microscopy

ClamAV Antivirus 1.4 ends 32-bit Linux support, introduces ARM64 packages for Windows, improves ALZ and LHA archive handling, and more.
https://linuxiac.com/clamav-antivirus-1-4-ends-32-bit-linux-support/

#clamav #antivirus #linux #opensource

Zabbix Server Critical Arbitrary Code Execution Vulnerability (CERT-EU Security Advisory 2024-082)

On August 13, 2024, a critical vulnerability, CVE-2024-22116, was disclosed in Zabbix Server, allowing attackers with restricted administrative permissions to execute arbitrary code. The flaw, identified in the Ping script execution within the Monitoring Hosts section, can compromise the entire infrastructure. The vulnerability carries a CVSS score of 9.9.

https://www.cert.europa.eu/publications/security-advisories/2024-082/