[RSS] Breaking Down Multipart Parsers: File upload validation bypass

https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/

[RSS] Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail

https://www.sonarsource.com/blog/sanitize-client-side-why-server-side-html-sanitization-is-doomed-to-fail/

Today is World Digital Preservation Day - time for my annual reminder that digitisation is not digital preservation. Whether a digital photograph is born-digital or a digitised copy of a physical object, it requires continued care to be made accessible over time. Digitisation needs digital preservation #WDPD2024

> Euler’s work touched upon so many fields that he is often the earliest written reference on a given matter. In an effort to avoid naming everything after Euler, some discoveries and theorems are attributed to the first person to have proved them after Euler.

https://en.wikipedia.org/wiki/List_of_things_named_after_Leonhard_Euler

#euler #til

In 2009, 3 years before starting with #radare2 I wrote an article for the #Phrack messing around with r1, still fun to read and see how command syntax didnt changed much in 15 years https://phrack.org/issues/66/14.html

[RSS] Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX

https://blog.theori.io/finding-vulnerabilities-in-firmware-with-static-analysis-platform-queryx-ff9d02a3c349?source=rss-4b564abdafa3------2

New assessment for topic: CVE-2024-34102

Topic description: "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution ..."

"Note: This write up will focus on the impact that CVE-2024-34102 can have when combined with CVE-2024-2961 and how the two bugs can be used to achieve RCE ..."

Link: https://attackerkb.com/assessments/fd4b6425-8316-441d-bd58-b14f022873c9

Microsoft could have kept WordPad and extended its functionality, instead of increasing the complexity (and attack surface) of Notepad.

Notepad being braindead -- including having no recovery / history -- was a feature.

https://www.bleepingcomputer.com/news/microsoft/microsoft-notepad-to-get-ai-powered-rewriting-tool-on-windows-11/

@sassdawe @Viss I think we'd have a great time ;)

Remember America!

https://youtu.be/32iCWzpDpKs

@cR0w command injection so this is in fact an "Ultra-Reliable" RCE!

@cR0w Thank you!

@cR0w I'm sorry but ActivityPub is...could you just post that link in a reply?

@cR0w link plz!

@Viss the more time I spend in this profession (or on this planet?) the more I recognize how rare those moments are

it is always a pleasure talking with sharp people who know what they're doing

Possible Bird Strike? USN E-2C flies into a flock of seagulls while working the pattern at Pt. Mugu. Note the blowup it appears part of the wing starting to wrap around the prop #USN #mugu #ptmugu #e2c #avgeek #propeller #AWACS #aviation #nikon #photography #birdstrike #aviation #seagulls #flockofseagulls

@cR0w also irish coffee!

Did you vote in America yesterday? If so, you just got doxed

This site takes voter records that can be hard to source and puts them all into one place. Name, address, voter history, for free. It turns voting into a privacy and security risk https://www.404media.co/voted-in-america-this-site-doxed-you/

We just released our Q2 & Q3 updates to the Mozilla Firefox Bug Bounty Hall of Fame. You can now find all the brilliant security researchers that helped secure Firefox in the last couple of quarters. https://www.mozilla.org/en-US/security/bug-bounty/hall-of-fame/. Thank you!

(The Mozilla web sites & services hacker hall of fame is continuously updated and available at https://hackerone.com/mozilla/hacktivity)