Posts
2508
Following
574
Followers
1284
A drunken debugger

Heretek of Silent Signal
@lcamtuf "scale of J.K. Rowling to Stormfront" is there an SI equivalent of this?
0
0
0
repeated
Edited 7 days ago

Feel old yet? The winrar registration nag screen is Electron these days.

EDIT: Whoops, it seems I'm wrong: This is just an embedded webview, which on Win10 is apparently chromium-backed (probably because it's Edge)

7
5
0
repeated

researchers have discovered components of a German cipher machine, crucial to the Nazi wartime communications system, on Sobieszewska island near the city of Gdańsk. All in all, 8 rotors and various other parts were recovered. https://tvpworld.com/84053156/fragments-of-rare-german-enigma-machine-unearthed-in-poland

1
4
0
Teammate generated a song with LLM about a local charlatan, and I have to bow before the genius of the Machine:

"[Person] will be the wall
that guides us through the night!"
0
0
1
@malwarejake (Not so) funny story: banks around here test critical systems on prod because testing on test would risk being non-compliant if the regulator doesn't find the test system "similar enough" (whatever that means) to prod. Regulation also mandates that users on prod must be "real" because anti-laundering and whatever. In the end you either test with a real account on prod or you don't work for that client anymore.

As a company owner, I took one for the team and set up a personal bank account for testing. Surely enough, it resulted in me getting fucked *at another bank* (costing me considerable money).
0
1
19
#IBMi is vulnerable to an authenticated user gaining elevated privilege to a physical file [CVE-2024-47104]

https://www.ibm.com/support/pages/node/7179158

Emphasis mine:

"A user with authority to a *view* can alter the based-on *physical file* security attributes without having object management rights to the physical file."

I wonder what other discrepancies there may be between Db2 and other interfaces.
0
2
1
repeated

One of the fun parts of doing my security audits is coming across unexpected code that looks exploitable, and trying it out myself to see what possibilities exist.

In a recent audit, I found myself asking... What if you hashed null?

https://securinglaravel.com/security-tip-what-if-you-hashed-null/

0
3
0
repeated

That's not how you're supposed to put the ../ in the pentest report!

https://github.com/pwndoc/pwndoc/security/advisories/GHSA-2mqc-gg7h-76p6

3
4
0
repeated

Calling all Mystery AI Hype Theater 3000 fans! Have you found a piece of Fresh AI Hell but not known where to send it? Here's the spot:

https://thecon.ai/submit-fresh-ai-hell/

Help @alexhanna.bsky.social and me clean out the Fresh Hell by submitting it there!

3
5
0
repeated

Critical command injection in BeyondTrust Remote Support and Privileged Remote Access. Yikes.

Cloud customers patched as of yesterday but on-prem needs to patch.

https://www.beyondtrust.com/trust-center/security-advisories/bt24-10

https://nvd.nist.gov/vuln/detail/CVE-2024-12356

3
7
0
repeated

DevOps practices are all well and good, but beware of the configuration of the tools that access your production.

I've written a blog post sharing some dangerous ways Argo CD can be configured, detailing the security impact: https://ledger.com/argo-cd-security-misconfiguration-adventures

0
5
0
@wirepair I'm more terrified by the thoughts of this particular human...
0
0
3
@cR0w And this is a foot soldier, not the head of sales!
1
0
2
Edited 8 days ago
"I've learned today that you are sensitive to ensuring human readability."

And this comes from someone who's been writing #documentation professionally at #Microsoft! I'm at loss for words...

https://github.com/MicrosoftDocs/WSL/pull/2021#issuecomment-2548390973
2
2
5
Do you think it is reasonable to have UX/frontend specialists make decisions about the documentation of systems like WSL?

Serious question.
0% Yes
100% No
0% Maybe
1
0
1
repeated

Project Zero Bot

New Project Zero issue:

Linux: Panthor: racy panthor_vm_pool_get_vm() leads to UAF

https://project-zero.issues.chromium.org/issues/377500597

CVE-2024-53080
0
1
1
repeated

Project Zero Bot

New Project Zero issue:

Linux >=5.10: wrong order of operations on close_and_free_vma error path causes temporary dangling PTE

https://project-zero.issues.chromium.org/issues/374117290

CVE-2024-53096
0
1
0
repeated

Microsoft refuses pull request to put documentation in readable table form because LLMs are bad at parsing tables https://github.com/MicrosoftDocs/WSL/pull/2021

9
13
0
Show older