@mainframed767 but now they can build 41 of those computers an we are DOOOOMED

The draw is complete and now the schedule is out! You can check out the full schedule showing all four days of #Pwn2Own Ireland madness at https://www.zerodayinitiative.com/blog/2024/10/22/pwn2own-ireland-the-full-schedule #P2OIreland

Here is my recent DEF CON talk on Anom, the encrypted phone secretly ran by the FBI. All about the phone, the network, how Anom was structured, who used it, what this means for Signal, Telegram, more https://www.youtube.com/watch?v=uFyk5UOyNqI

New Project Zero issue:

Linux: temporarily dangling PFN mapping on remap_pfn_range() failure in usbdev_mmap() (and elsewhere?)

https://project-zero.issues.chromium.org/issues/366053091

CVE-2024-47674

The next blog post in the Active Directory hardening series just posted, focusing on SMB signing. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-6-enforcing-smb-signing/ba-p/4272168. You can do this yourself and it makes a difference.

We can finally run Doom in Quake! https://www.youtube.com/watch?v=tVOYmYUWkmE #doom

Now that the drawing is complete, @TheDustinChilds and Zed have a few thoughts about the upcoming #Pwn2Own Ireland contest. https://youtube.com/shorts/6l3BW94xH8E #P2OIrleand

Fortinet's last security blog included a section called "A Call to the Industry: Doing the Right Thing for the Security of our Society", which is good. It talks about "transparent disclosure of discovered vulnerabilities" and "radical transparency".

In other news, Fortigate are almost two weeks into knowing they have a zero day which is actively exploited in one of their products, haven't issued a CVE, haven't done a public writeup, and have patch notes that don't mention the vulns.

[RSS] Attacking the Samsung Galaxy A* Boot Chain

http://blog.quarkslab.com/attacking-the-samsung-galaxy-a-boot-chain.html

[RSS] Linux kernel instrumentation from Qemu and Gdb

http://blog.quarkslab.com/linux-kernel-instrumentation-from-qemu-and-gdb.html

[RSS] Evaluating tail call elimination in the face of return address protection, part 1

https://devblogs.microsoft.com/oldnewthing/20241017-00/?p=110380

[RSS] Finding and exploiting CVE-2024-28578 with fuzzing

https://www.mayhem.security/blog/cve-2024-28578-test-third-party-image-libraries-with-mayhem

[RSS] Hackaday Hacked!

https://hackaday.com/2024/10/19/hackaday-hacked/

By default, Kagi Image Search downranks images from websites with a high proportion of AI-generated content.

You can also use the AI images filter to completely exclude websites with AI-generated images from your image search results.

More info: https://help.kagi.com/kagi/features/exclude-ai-images.html

#Kagi #AdFree #Search #AI

Somehow, I don't think that 2024's richest man in the world, who also is an immigrant, would ever think of using his money to create something like this.
https://www.npr.org/2013/08/01/207272849/how-andrew-carnegie-turned-his-fortune-into-a-library-legacy

Currently trying to repair this device. Can you deduct or guess what it is? #NameThatWare

As always, hide your replies behind a CW to not spoil others.

@Viss now I *so* want to play some Red Alert!

Was that non-admin x-user exploit @gossithedog talked about[1] ever released?

https://digitalmarketreports.com/news/25091/microsoft-recall-feature-on-windows-11-not-removable-after-all/

[1] https://infosec.place/notice/AieooVB1w6sCv45MFE