[RSS] Finding a Heap Buffer Overflow in the ASAM MDF Library Used in ADAS Systems with AFL++

https://g0ku704.github.io/2024/08/13/mdf4_parser_vuln_CVE-2024-41445.html

CVE-2024-41445 #fuzzing

I’m glad we wrote that paper. However LLMs “still lack basic reasoning skills” makes me cringe.

Information theory tells me that because an LLM is a finite set that is not able to grow itself, once it is trained has a finite capability. And that capability is driven by statistics and numbers.

intuitively (to me at least) if you present an LLM with a prompt that’s weird enough it will “hallucinate” answers because it has no critical thinking, it’s just a big probability machine that tries to find the most likely answer to your question. As a result, present an LLM with a chess problem brain teaser unique setup, chances is the LLM will make up rules because what it trained against isn’t chess rules but “in general chess problems end with a checkmate” and it will interpolate the movements from where you are to a checkmate.
https://mastodon.social/@appleinsider/113295305642702643

@fortyseven @realhackhistory Exactly, this is how Art looks like.

@tmr232 Sun and Oracle are also HW companies, but it's probably just Tinfoil Hat Me talking...

@tmr232 The JetBrains Experience Of The Day for me was to find out that I have to configure a "Facet". Every time I encounter this term things turn to shit, and today was no exception.

@tmr232 Would it be unreasonable to think that this is actually the point?

@tmr232 It obviously polluted parts of your system you'd never think of

@realhackhistory I'm sure they'll connect to the modern stream consumers with that syntactically incorrect DOS shell prompt!

Oh yes we have our new “you wouldn’t download a car”

Apparently if you want to get your data out of an Apple thingy the preferred way to go is to transfer all the data halfway around the world then back to your other device that is literally 10cm apart from your Apple thingy.

The other option is to download 160 3.5" floppy disks worth of software (about 2x the size of the recommended disk space of Windows 95) because somehow getting data out of the Apple thingy over conductive wires requires this much software magic.

#Apple

@molly0xfff Have you considered using an LLM? /s

More seriously: this is (or at least should be) the open web, algorithms won't downvote you for irregularity, but readers will appreciate quality content.

Blue Monday on Vintage Casio Instruments

https://www.youtube.com/watch?v=h9mm0YlMa9I

@neurovagrant Please write a novel!

@catsalad
"- Why do you put six sugars in your coffee?
- Because the cafeteria doesn't offer little packets of methamphetamine"

The whole of my book on Building a Debugger is now available on Early Access!

It teaches you how to write a native code debugger from scratch.

There's lots of cats.

https://nostarch.com/building-a-debugger

@buherator

• “Check the domain” doesn’t help if you have no information about what domains are “normal”

Damn right. I rememberd doing some phishing training from Google, and they asked if some email sample is legit, and demonstrated its legitimacy by pointing out that it uses legit DropBox domains.
That’s where I thought “but no one here (DropBox isn’t accessible in China) uses DropBox at all! How are they going to learn if this is legit?!” 🫠

@singe I'd love to see some official, vendor-agnostic detection guidance instead of "buy our cloud offering"...

"There is always a way, but we do not provide one." lol

#ghidra

https://github.com/NationalSecurityAgency/ghidra/discussions/5362#discussioncomment-5968992

Lets Encrypt will disable OCSP about 6 months after Microsoft Root program allows it to (the browsers have already okayed it).

This all could be over in a year, year and a half. If you need OCSP for your business, you need to investigate alternatives NOW - which are all proprietary.

Apache ACME will handle this change just fine. Stapling will of course no longer be provided to clients.

https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls/