A mathematician uses first person plural in proofs to suggest to the reader that they are on a journey together. This is not dissimilar to Virgil guiding Dante through the Inferno.

[oss-security] CVE-2024-47191: Local root exploit in the PAM module pam_oath.so

https://www.openwall.com/lists/oss-security/2024/10/04/2

mitmproxy 11 is out! We now fully support HTTP/3, including transparent mode. 🥳

Gaurav - my Google Summer of Code student - has all the details: https://mitmproxy.org/posts/releases/mitmproxy-11/. Awesome to have such a fantastic mitmproxy community. ☺️

@Refurbished @catsalad @cR0w I'm listening!

@Refurbished @catsalad @cR0w Do you have names??

Security Explorations - SIM / USIM cards

https://security-explorations.com/sim-usim-cards.html

"On this web page, we are to share some information based on the experiences gained in the SIM / USIM card security space, all in a hope this leads to the increase of public awareness on the topic, change perspective on the SIM / USIM card industry and potentially trigger some positive changes (such as introduce transparency in vulnerability handling processes in particular)."

@zilahu I have a feeling that "then we can show them more ads" is somehow also a possible endgame of their AI strategy...

But fair point!

Many congratulations to ESET researcher Marc-Etienne M.Léveillé (@marcetienne), winner of the 2024 Péter Szőr Award for Technical Security Research for his research "Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain"! #vb2024 https://www.virusbulletin.com/conference/peter-szor-award/

Somebody should tell C-levels in tech that there are ways other than advertising to make money

I like Mozilla, or rather I liked what Mozilla once was. Over the years I've volunteered time on various Mozilla projects - both online and in-person. I've advocated for Firefox for two decades.....

Time after time, especially in recent years, I've given Mozilla the benefit of the doubt - because I both believed they were honestly doing things for the right reasons.

I no longer believe that.

Just a few more days left to sign up for our Online GMT Novice to Ninja training! Join us on our path through disassembly, lifting, and decompilation to learn how small patterns can add up to a larger understanding: https://shop.binary.ninja/products/n2n-oct-2024

"Mozilla is going to be more active in digital advertising."

"we do this fully acknowledging our expanded focus on online advertising won’t be embraced by everyone in our community" - https://blog.mozilla.org/en/mozilla/improving-online-advertising/

I appreciate Mozilla laying their intent out explicitly with no room for interpretation or guesswork.

Personally, I think this is not just a huge misstep, but a deathknell.

Mozilla's CEO doubles down on them being an advertising company now.

tl;dr: "LOL get fucked"

They've decided who their customers are, and it's not you, it's people who build and invest in surveillance advertising networks. But in a "respectful" way....
https://jwz.org/b/ykaO

Mozilla bought the excellent Android email app K-9 (which didn’t include any trackers) and integrated trackers as part of #Mozilla‘s rebranding under the #Thunderbird name.

They even made it opt-out instead of opt-in. Their defense for breaking the law: ”we wouldn’t have enough data if we obeyed the law.“

It doesn’t matter whether you ”anonymized“ the data or not: If you want to extract data from someone’s device to yours, you may do so only if they knowingly consented.
https://social.tchncs.de/@kuketzblog/113244035577912640

New vulnerability report from Talos:

Veertu Anka Build registry archive files directory traversal vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2059

CVE-2024-41163

New vulnerability report from Talos:

Veertu Anka Build node agent update privilege escalation vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2060

CVE-2024-39755

New vulnerability report from Talos:

Veertu Anka Build registry log files directory traversal vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2061

CVE-2024-41922

New vulnerability report from Talos:

GNOME Project G Structured File Library (libgsf) Compound Document Binary File Directory integer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068

CVE-2024-36474

New vulnerability report from Talos:

GNOME Project G Structured File Library (libgsf) Compound Document Binary File Sector Allocation Table integer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069

CVE-2024-42415

[RSS] Pwning LLaMA.cpp RPC Server with CVE-2024-42478 and CVE-2024-42479

https://pwner.gg/2024/10/03/llama-cpp-cves/