Intel launched the Pentium processor in 1993. Unfortunately, dividing sometimes gave a slightly wrong answer, the famous FDIV bug. Replacing the faulty chips cost Intel $475 million. I reverse-engineered the circuitry and can explain the bug. 1/9

Writing down (and searching through) every UUID · eieio.games
https://eieio.games/blog/writing-down-every-uuid/

/via @filippo

#frombsky

@h2onolan I'm pretty sure it's ownership. See also how Kaspy got banned while CrowdStrike not.

Breaking the most popular #Web Application Firewalls (#waf) in the market

https://nzt-48.org/breaking-the-most-popular-wafs

[RSS] Trying to Exploit My Old Android Device, take 2 (CVE-2020-0401, PackageManagerService)

https://pwner.gg/blog/Android%27s-CVE-2020-0401

"Good Red Team comes on slow. The first month is all waiting, then halfway through the second month you start cursing the service provider who burned you, because nothing is happening. And then... ZANG!" - Hunter CISO Thompson

I'll just leave this here for the real programmers.

Forward thinking was just the thing that made Multics what it is today.

— Erik Quanstrom

Santa brought new a blog post!

Handling Arbitrarily Nested Structures with #BurpSuite

https://blog.silentsignal.eu/2024/12/06/custom-decoder-for-burp/

The competition compromises your C2 infrastructure and operator workstations.

"a longstanding campaign orchestrated by the Russian-based threat actor known as 'Secret Blizzard' (also referred to as Turla). This group has successfully infiltrated 33 separate command-and-control (C2) nodes used by Pakistani-based actor, 'Storm-0156.'"

https://blog.lumen.com/snowblind-the-invisible-hand-of-secret-blizzard/

@bagder @swapgs I highly recommend clicking through the demo at https://www.hackerone.com/hai-your-hackerone-ai-copilot

It's really really bad, even for the low bar of AI slop. It recommends using `X-XSS-Protection` (which is not a thing anymore), claims that calling `dangerouslySetInnerHTML` breaks the principle of least privilege, and then in a report about an SQL dump being publicly available it explains said dump by describing how a CREATE TABLE works without even catching on the fact that it's an export of the database in SQL format.

If the demo they present this with is so hilariously bad, I can only imagine what the real product is like.

@pentagrid @garethheyes TOTP tag -> galaxy brain <3

[RSS] URL File NTLM Hash Disclosure Vulnerability (0day) - and Free Micropatches for it

https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html

Pentagrid published two #Hackvertor tags for #EAN13 (also Swiss AHV numbers) and #TOTP for #2FA. These tags are available via the Hackvertor Tag Store by @garethheyes. Our blog post explains what these tags do and how they can be used. https://www.pentagrid.ch/en/blog/hackervertor-ean13-and-totp-tags-for-web-application-penetration-testing-with-burp/ #pentest #OWASP

#VSCode support for writing #Ghidra plugins! And it includes debugging from VSCode!

I am SO EXCITED! Thank you Ghidra team! 💜💜💜

https://github.com/NationalSecurityAgency/ghidra/commit/478d3e6331803ee3c4adda98a9a97e0acab7e242

#ReverseEngineering #GhidraExtensions

The IBM Hyper Text Editing System console from 1969 https://commons.wikimedia.org/wiki/File:HES_IBM_2250_Console_grlloyd_Oct1969.png

Cyberpunk when?
(Now. Right now)

Mastodon isn't perfect.

But the fact a social network exists that is completely free to use,

has no venture capital investors,

has no shareholders to answer to,

has no growth targets,

with a web interface with zero cookies,

and mobile apps with zero trackers at all

with ten thousand server administrators who donate their time for user safety

is - in my opinion - mindbogglingly cool, given the state of the world we live in.

Not everything has to be shit. People make things better.

So, apparently targeted advertsing may be coming to #Bluesky...

https://techcrunch.com/2024/12/05/bluesky-ceo-jay-graber-is-reshaping-social-media-but-advertising-isnt-off-the-table/?guccounter=1

This is not a surprise at all, and has been predicted for a while. Despite the protestations from Bluesky enthusiasts saying that selling domain names was going to do it, the BS business plan never made any sense.

And now they are paying for server costs for 20+ million users and watching their $15M investment from Blockchain Capital et al. dwindle.

Reality bites, and it bites hard.

[RSS] Linux Kernel ICMPv6 & CVE-2023-6200

https://u1f383.github.io/linux/2024/12/04/linux-kernel-icmpv6-and-cve-2023-6200.html