Mozilla is looking for a Staff Software Engineer (remote US/EU/CA ✨) working on sandboxing, hardening, crash-reporting, performance and integration with native widgets **on Linux**. As a staff-level position this will require strong technical and people skills, experience in C++ on Linux or Android. The team is distributed and amazing. Ask me in DM if you have any questions about Mozilla (I am *not* the hiring manager). Please apply at https://grnh.se/2c3dc0111us

a fedi instance just for people's pets

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. Update your Firefox ASAP https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ #infosec #security

"You're one of 31,081,179 people pwned in the Internet Archive data breach"

Somehow I didn't feel the same sense of pride with LinkedIn :)

@joxean @tmr232 In this case this tool may be very useful for robust handling of Java types:

https://mypy-lang.org/

@joxean Do you plan to develop using a public repository? I'd love to contribute this (except Q4 is happening :P)

The Reverse Engineering community has spoken. #Diaphora will be ported to #Ghidra in the next months. I would love to have it working properly by the end of the year, but I cannot be sure. So, no ETA for now.

@tmr232 @joxean Nah with the dark bg it takes ages for my eyes to start bleeding.

See @tmr232? One less user to worry about!

@joxean

Wow, Specter bypassed XOM and broke the PS5 hypervisor. Awesome work.

"Byepervisor: How We Broke the PS5 Hypervisor".

#ps5 #xom #hypervisor #byepervisor

https://hardwear.io/netherlands-2024/speakers/specter.php

@tmr232

@thedarktangent SunOS was pseudo closed source, in that of an established customer could purchase a copy. Acquiring a copy was nice, one could trade for let's say a zero day or something. CALEA was one of the "benefits" of this type of trading.

I remember hackers breaking in to CALEA lawful intercept boxes to spy on each other over 20+ years ago..

IIRC They were default SunOS servers connected direct to internet, no patches or updates applied over the years. Once you mapped them you could wait for a known vulnerability and visit them again.

It’s always been terrible, and always been known. I want it to be taken seriously.

Edit: It may be closer to 30 years than 20, but “a long time ago”

Internet Archive hacked, data breach impacts 31 million users

https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/

As an IA user and donor I'm kind of glad this happened: passwords are properly hashed (bcrypt), there is a chance to improve security.

But anyone who decided they should hack IA of all things can (as we say around here) go and shit out a hedgehog.

Republicans,
Democrats,
Third party voters

People driven by totally incompatible political and religious ideologies,

Pineapple on pizza people,

People who hate pineapple on pizza and are incorrect,

🤜🏻🤛🏾 hating whomever hacked the Internet Archive

If people loosing access to their books when the vendor goes out of business was already bad, now the same thing is happening to cars: https://arstechnica.com/cars/2024/10/connected-car-failure-puts-kibosh-on-sale-of-3300-fisker-oceans/

I know, it is happening all over the place, merely with pieces of technology not quite as expensive. Maybe, just maybe, having basic functionality depend on external components isn’t such a great idea?

And since I don’t see “the market” ever discovering this, maybe some regulation is in order? Just so the next tech startup going out of business (or merely unwilling to support “outdated” hardware) isn’t an occasion to throw away tons of products in perfect working order.

How is this not illegal??? Cards Against Humanity is PAYING people who didn't vote in 2020 to apologize, make a voting plan

https://www.apologize.lol/

Also: "We formed a Super PAC and bought the personal voting records of every American citizen from a data broker we found on the internet. It’s pretty fucked up." WAT?!

Mozilla Firefox exploited zero-day: Security Advisory 2024-51 Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1
CVE-2024-9680 (critical severity) Use-after-free in Animation timeline

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.

See related @BleepingComputer reporting: Mozilla fixes Firefox zero-day actively exploited in attacks

#zeroday #vulnerability #firefox #mozilla #cve #CVE_2024_9680