Although the Minuteman guidance system is interesting technologically, one has to keep in mind its purpose was to unleash nuclear devastation On the other hand, Minuteman has been successful as a peacekeeping deterrent (so far). In any case, it is morally ambiguous compared to, say, the Apollo Guidance Computer. There are currently 400 Minuteman missiles active, down from a peak of 1000. 21/N

A launch normally requires launch orders from two separate Launch Control Centers. But a single surviving Launch Control Center could launch the missiles, unless vetoed before a timeout. A complicated state machine managed the launch process. 20/N

The Minuteman III missile (1970) is America's land-based nuclear deterrent, with 400 missiles ready to launch. The missile used a complex guidance system with over 17,000 electronic and mechanical parts that cost $4.5 million in current dollars. Let's take a look at the guidance system and computer. 1/N

ProTip: the moment you'd put the first debug print in your supposedly long-running Python program is the right time to import logging instead.

thanks to @gsuberland's excellent work, we now have an in-depth dive into the technical details of the #GlasgowInterfaceExplorer hardware published on the website!

you can read them at https://glasgow-embedded.org/latest/revisions/revC3.html

Recently, a Dutch hacker found a vulnerability allowing him to shut down 4 million solar power installations. A handful of mostly non-European places manage perhaps 100 GW of solar power in the EU. Any mishap there, or heaven forbid, a compromise, could easily shut down so much power that the European electricity grid would collapse. Shockingly, we regulate these massive control panels as if they are online birthday calendars. And that must change. https://berthub.eu/articles/posts/the-gigantic-unregulated-power-plants-in-the-cloud/

Shameless plug: my other, very similar bot is at @attackerkb scraping data from Rapid7

Although Talos was an *automaton*, it's a PITA to fetch vulnerability reports from @TalosSecurity automatically so I created a Fediverse bot:

@talosvulns

You can follow it or subscribe to its Atom feed of course.

(Currently parsing data from 2016, so will be a bit noisy for a little while)

@wdormann @neurovagrant FTR, some fine Talos advisories:

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1861
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888

@neurovagrant
Their products are vulnerability free, so clearly there's nothing to see here.

r2 script to symbolicate #ios kernels using the json files generated by the IPSW tool from @blacktop https://github.com/radareorg/radare2/blob/master/scripts/ipsw-kernel-symbolicate.r2.js

Palo Alto Networks Cortex XSOAR Critical Vulnerability (CERT-EU Security Advisory 2024-083)

On August 15, 2024, Palo Alto Networks released a security advisory for a critical command injection vulnerability, CVE-2024-5914, in Cortex XSOAR. This flaw allows unauthenticated attackers to execute arbitrary commands within the context of an integration container, potentially compromising the system. The vulnerability affects the product's CommonScripts Pack and is rated as high severity with a CVSS score of 9.0.

https://www.cert.europa.eu/publications/security-advisories/2024-083/

@yassie_j At IBM early AS/400 development was guised as a punch card sorter (iirc) because mgmnt didn't want to finance another computer project (aside of mainframe) and "it is easier to apologise than to get permission"

I feel like if Google was in charge of Bell Labs, they would have cancelled the transistor project because it wouldn’t make as much money in six months as punch card machines

One of the simplest reverse engineering tricks I use daily is the fact that a lot of functions in a compile binary will be in the same (or reversed) order that they were in the original code.

If you find an encryption function, you usually don't need to keep reversing the code flow until you find the decryption function. The developer probably wrote them both at the same time, so they'll probably be adjacent in the code. If you know what a function does, there's a good chance the function directly above and below it are related, so will be easy to figure out.

This says that Windows still has low-level OS support for punch card readers.

https://kevinboone.me/cpm-c.html

Not documented here though: https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file

Could someone with Windows handy try `echo test > PUN` and see what happens?

@nflnfl Honestly I don't know the difference, seemed like a good translation...

I recently became aware of a true abomination: https://github.com/open-abap/open-abap-ssh

Someone seriously looked at a problem and went "I know, I'll implement an SSH client as a script running on my ERP system".

I don't know what problem they could have possibly had, and I hope to never find out.

@suzannealdrich @kaoudis Given the faculty I see very little chance of any such activity in the first place, but maybe things have changed since my time...

I do hope the arch-enemy economics uni will at least poetize some fun songs about the whole incident.