@screaminggoat @hrbrmstr @todb I think while obviously incomplete, @attackerkb is great, and it includes info about active exploitation too. Also cvedetails, yes.

Gmail account appears to be fine, but the Amazon account has definitely been hijacked. Looks like the attacker texted a link that the neighbor clicked on this morning, and that completed some sort of account ownership transfer. Neighbor assures me they just clicked the link and didn't enter anything. They just landed on an Amazon page that said their account had been successfully transferred to someone else (they have a screenshot of the hijacker's email address).

They've been on the phone with Amazon trying to get it resolved, but if the description is correct it sure seems like there's a vulnerability on Amazon's end here.

At exactly the same time the SMS was sent the neighbor's Gmail account got hit with a firehose of thousands of spam messages persisting for several hours, which is why they thought the Gmail account was hacked (and also why they clicked the Amazon phishing link from the SMS).

Does this sort of thing sound familiar to anyone?

Video for my #P99CONF talk on DTrace at 21 is now up, though you will miss me in the chat explaining which of the slides are throwing shade at eBPF https://www.youtube.com/watch?v=KjQnB9yB9kQ

are there any ex- #Sun engineers on fedi who'd be willing to help us with a thing? We're creating a #Solaris 10 #SPARC modernisation kit thing with a bunch of modern tools, and honestly having someone give it a look over who worked with Solaris 10 and stuff really colsely would be super helpful

@nina_kali_nina All Terrain - Armored Transport

@f4grx @recursive @nina_kali_nina Fair point, but FTR I'm actually logged in to YT, have seen that vid before, and I get 0 Tesla crap while using uBO.

@nina_kali_nina @f4grx @recursive Take a look at how to get out the rear seat of a Tesla, it's fucking horrifying: https://www.youtube.com/watch?v=6PbRBbIGnv4

CVE-2024-26926 Binder n-day analysis.
It is labeled EoP in Android Security Bulletin (Is it really exploitable?)

https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf

A quick newsletter post on the dehumanization behind Satya Nadella's remarks about copyright law

https://buttondown.com/maiht3k/archive/virtual-employees-and-remixing-machines-devalue/

[RSS] Bluetooth Low Energy GATT Fuzzing

http://blog.quarkslab.com/bluetooth-low-energy-gatt-fuzzing.html

That's a wrap for #Pwn2Own Ireland 2024! Over last 4 days, we awarded $1,066,625 for over 70 0-day bugs. That makes 4 contests in a row that exceeded the million-dollar mark. Congratulations to the Viettel Cyber Security team for winning Master of Pwn with 33 points and $205,000.

Oracle VM VirtualBox 7.0.10 r158379 Escape

https://zeroclick.sh/blog/cve-2023-22098/

Memory Management - Part 1: Virtual memory and Paging concepts

https://blog.reodus.com/posts/memory-management-part1/

Seasonal Spells for #ToddlerDnD

Toddler's Vicious Snot: This spell initially impacts the member of the party with the lowest HP. It lasts for 2 days. After that it affects all other members of the party, is immune to Healing, and you need a 20+ Con saving throw to recover from it.

Fall Back: This spell interrupts the target's Long Rest one hour too soon. Every time. For about two weeks.

Toddler's Disappearing Accessories: This spell affects hats, gloves, scarves, and boots.

#parenting #DnD

@djchateau Good thread also with more info (like that some lengthier policy will apparently be posted): https://lore.kernel.org/lkml/e7d548a7fc835f9f3c9cb2e5ed97dfdfa164813f.camel@HansenPartnership.com/ Parent poster's mail is at minimum misleading/disingenuous because they already were aware their employer was on the sanction list...

CVE-2024-9050: NetworkManager-libreswan IPSec VPN plugin local code execution

https://www.openwall.com/lists/oss-security/2024/10/25/1

The thing where companies make websites for their own executives, who never visit them, instead of their customers, who are forced to.

SEC Consult SA-20241024-0 :: Unauthenticated Path Traversal Vulnerability in Lawo AG - vsm LTC Time Sync (vTimeSync) (CVE-2024-6049)

https://seclists.org/fulldisclosure/2024/Oct/7

[RSS] Bench Press: Leaking Text Nodes with CSS

https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/

@artemis I think the LLM part is only the symptom of general degradation of human writing skills: people find LLM's useful because they are struggling with writing in the first place and "AI checkers" are tuned based on the inputs of these very people.