Outstanding. I am glad that more folks are picking on what I have been saying for quite some time. Confidential Computing is something we should continue pursuing and developing, but the tech, currently, is not there yet. Excellent work on formalizing a quite important (and hard) aspect of the discussion (remote attestation).

https://bird.makeup/@gabrielkerneis/1851664264895123736

mpg123 buffer overflow in versions before 1.32.8

https://seclists.org/oss-sec/2024/q4/45

#NoCVE yet - Edit: Got assigned CVE-2024-10573

@egypt "There is no scientific consensus that life is important" prof. Hubert Farnsworth

Our security researchers @cod_rse@twitter.com and @inode conducted a security assessment on #Keycloak, identifying significant vulnerabilities impacting this open-source #IAM solution.

Read the full article at https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system

@adamhotep @tychotithonus Oh you see this in an actual instance list? That's probably from the time when I hosted my own instance, but I'll check for any leftover processes/content that may advertise this domain! Thanks for the heads up!

@raptor wow nice! We've been discussing a Keycloak research idea for some time, really curious about what you found!

The Vanishing Culture report arrives today at a critical moment: While Internet Archive recovers from a cyberattack, it’s a reminder of how fragile our access to knowledge can be. Preserving culture & history requires resilience—and collective action.

🔗 https://blog.archive.org/2024/10/30/vanishing-culture-a-report-on-our-fragile-cultural-record/

Another Masto Instance going down. But not because moderation or something but because running bigger instances on Mastodon gets really expensive.

I think this is an issue that we need to put more work into: Not just finding better ways to sustainably fund the operation of instances but also the technical means to make running it on smaller hardware easier. This includes mechanisms to maybe push certain data into "archives" as to not have it in the live database/asset store.

(Original title: RIP botsin.space)

https://muffinlabs.com/posts/2024/10/29/10-29-rip-botsin-space/

@ulldma That makes sense!

Cosmo was right.

@zilahu But why always Keycloak's bugs?

When I place my mug right my ThinkPad keeps my coffee warm.

Take this, M1!

Annoyed Redditors tanking Google Search results illustrates perils of AI scrapers | Ars Technica
https://alecmuffett.com/article/110533
#ArtificialIntelligence #llm #regulation

Consider: James Bond movie but his gadgets constantly fail and show him ads and he gets caught because the company that made his laser nose-hair trimmer nunchuck gets hacked.

@ulldma Can't tell about the exact time, but it felt like all of our clients suddenly started to using it a few years back. Maybe the timing is more about some local environmental change, but it's still interesting that it's always Keycloak not some other implementation esp. for OIDC.

Is it me or Keycloak became the de facto OSS IdP practically overnight? If so, yhy is that?

I’m doing Movember this year with a focus on raising awareness about colon cancer, since it typically kills more men than prostate & testicular cancer & it took my Dad. I’d appreciate it if you shared my page, joined me, or donated for cancer research. https://ex.movember.com/mospace/15243648

@LukaszOlejnik I'm too lazy to compare the number of zeroes with this one: https://www.loweringthebar.net/2014/05/2-undecillion-dollar-demand.html

Russia issued a monetary fine on Google: 2 undecillion rubles ($2,500,000,000,000,000,000,000,000,000,000,000) after refusing to restore the accounts of pro-Kremlin and state-run media outlets. https://www.themoscowtimes.com/2024/10/29/russia-fines-google-25-decillion-over-youtube-bans-rbc-a86846

Congratulations to our @MaitaiThe for discovering a new kickoff method to resurrect a universal gadget chain for exploiting unsafe deserialization in #ruby!

You can find the details here: https://github.com/GitHubSecurityLab/ruby-unsafe-deserialization/commit/8c66d0e31d000bb07ac5a50c575cf0ffec510bba
#doyensec #appsec #security