A quick newsletter post on the dehumanization behind Satya Nadella's remarks about copyright law

https://buttondown.com/maiht3k/archive/virtual-employees-and-remixing-machines-devalue/

[RSS] Bluetooth Low Energy GATT Fuzzing

http://blog.quarkslab.com/bluetooth-low-energy-gatt-fuzzing.html

That's a wrap for #Pwn2Own Ireland 2024! Over last 4 days, we awarded $1,066,625 for over 70 0-day bugs. That makes 4 contests in a row that exceeded the million-dollar mark. Congratulations to the Viettel Cyber Security team for winning Master of Pwn with 33 points and $205,000.

Oracle VM VirtualBox 7.0.10 r158379 Escape

https://zeroclick.sh/blog/cve-2023-22098/

Memory Management - Part 1: Virtual memory and Paging concepts

https://blog.reodus.com/posts/memory-management-part1/

Seasonal Spells for #ToddlerDnD

Toddler's Vicious Snot: This spell initially impacts the member of the party with the lowest HP. It lasts for 2 days. After that it affects all other members of the party, is immune to Healing, and you need a 20+ Con saving throw to recover from it.

Fall Back: This spell interrupts the target's Long Rest one hour too soon. Every time. For about two weeks.

Toddler's Disappearing Accessories: This spell affects hats, gloves, scarves, and boots.

#parenting #DnD

@djchateau Good thread also with more info (like that some lengthier policy will apparently be posted): https://lore.kernel.org/lkml/e7d548a7fc835f9f3c9cb2e5ed97dfdfa164813f.camel@HansenPartnership.com/ Parent poster's mail is at minimum misleading/disingenuous because they already were aware their employer was on the sanction list...

CVE-2024-9050: NetworkManager-libreswan IPSec VPN plugin local code execution

https://www.openwall.com/lists/oss-security/2024/10/25/1

The thing where companies make websites for their own executives, who never visit them, instead of their customers, who are forced to.

SEC Consult SA-20241024-0 :: Unauthenticated Path Traversal Vulnerability in Lawo AG - vsm LTC Time Sync (vTimeSync) (CVE-2024-6049)

https://seclists.org/fulldisclosure/2024/Oct/7

[RSS] Bench Press: Leaking Text Nodes with CSS

https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/

@artemis I think the LLM part is only the symptom of general degradation of human writing skills: people find LLM's useful because they are struggling with writing in the first place and "AI checkers" are tuned based on the inputs of these very people.

This makes me want to scream and pull out my hair.

"Reduce your vocabulary by 10-20% to prove you're a human."

The Apple Security Research blog now has an RSS feed, though it’s not properly advertised.

https://security.apple.com/blog/feed.rss

A vulnerability in the Common Log File System (CLFS) driver allows a local user to gain elevated privileges on Windows 11 https://ssd-disclosure.com/ssd-advisory-common-log-file-system-clfs-driver-pe/

@azonenberg It seems like an interesting problem to quantify to the extra frontend development cost (and UX problems) of other frameworks...

Has anyone attempted to calculate the overall environmental / energy consumption of Electron, vs if the most popular applications using it were rewritten in a more efficient native framework?

It has now been twelve years since the paper "The most dangerous code in the world: validating SSL certificates in non-browser software" was published.

My blog post about it from back then: https://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/

It'd be interesting to know how much HTTPS clients are still skipping cert verification in the wild. I bet it is still widespread.

@masakepic Be sure to also watch: https://media.ccc.de/v/29c3-5178-en-the_ultimate_galaksija_talk_h264

@buherator call me vain - but that there’s no reference to the original research behind the field work makes me sad. https://m.youtube.com/watch?v=3HFiv7NvWrM & https://github.com/sensepost/birp

@mainframed767 is involved though and is the OG progenitor of so much of it, who’s still working on it.