Reminder: Tomorrow, @lavados, @lunkw1ll and I will give a talk at #38c3 about #Rowhammer at 12:00. If you want to check whether your computers are vulnerable to #Rowhammer, visit https://flippyr.am. Everything is open source! You can build our ISO and flash it onto your USB stick. If you're feeling lazy and trust us, come to Hall 3 by the palm tree and get a free USB stick with the ISO already flashed.

@gsuberland @mcc 🫡

@gsuberland @mcc OMG I *know* what we will do on NYE!

Can We Find Beauty in Tax Fraud? #38c3

https://streaming.media.ccc.de/38c3/relive/402

This looks fun!

'International Obfuscated C Code Contest' Will Relaunch, Celebrating 40th Anniversary https://developers.slashdot.org/story/24/12/29/1730224/international-obfuscated-c-code-contest-will-relaunch-celebrating-40th-anniversary?utm_source=rss1.0mainlinkanon

I have this PCB where circular solder points are perfect, while square ones ("negative legs") seem to have solder repellent fields around them.

Is this a known thing or my skill/material issue? If the former, how should I solder these things?

#soldering

Volkswagen's bad streak: They know where your car is, Chaos Computer Club says – and they don't know how to secure it properly. https://reynardsec.com/en/volkswagens-bad-streak-we-know-where-your-car-is/

In 10 mins: Dialing into the Past: RCE via the Fax Machine – Because Why Not?

https://events.ccc.de/congress/2024/hub/event/dialing-into-the-past-rce-via-the-fax-machine-because-why-not/

#38c3

I found the GitHub repo "A Compiler Writing Journey" and was glad to see the compiler building from the ground up - documented with each step in detail.

For any compiler enthusiast, these steps provide valuable insights worth sharing.

I'm making a memory-safe implementation of C/C++. It's called Fil-C. Currently working on making it fanatically compatible with C and C++ so that lots of programs can be made memory-safe with zero or minimal changes.

Learn more here: https://github.com/pizlonator/llvm-project-deluge/blob/deluge/Manifesto.md

Only 10 days left to submit your papers to #MADWeb and secure a spot to present your work in the sunny San Diego!

📅 Deadline: January 9, 2025 (AoE)
📜 Submit here: https://madweb25.hotcrp.com/
🔗 Website: https://madweb.work/

#CfP #websec #websecurity

i just discovered some really good software: SENinja https://github.com/borzacchiello/seninja

it lifts Binary Ninja's intermediate representation to a symbolic form and lifts it to an SMT2 representation, then feeds it to Z3

the user interface is like a debugger, except you get things like symbolic expression, or you can ask for which inputs will result in reaching a specific branch

this is so so so cool

https://doi.org/10.1016/j.softx.2022.101219

Part of our global dumbing down is the assumption no one wants to read anything anymore. This leads to ever briefer articles. Which sucks, since the world is too complicated to be understood through soundbites alone. However, if you invest time in decent writing & do the measurements, you find that tens of thousands of people DO read 3200 word posts straight through to the end:

First, solve the problem. Then, write the code.

— John Johnson

Mend It Mark recently got famous because a shithead sued him, but I think he's at Bob Ross level of quality entertainment anyway:

https://www.youtube.com/watch?v=ocpDG2O3H6o

Neat, someone used JRuby to add Ruby scripting support to Ghidra.
https://github.com/goatshriek/ruby-dragon#readme

#ghidra #jruby #ruby

@hanno You are right. It is not GPS spoofing. Someone is sending Wifi SSIDs, e.g. using a cheap ESP32, from a different location and as most modern smartphones use WiFi to improve the location accuracy, they fall into this trap. You can confirm this yourself. Disable WiFi on your device and it will get the correct location. :) @tobiasgies

What would be interesting in a book about file formats ? Or streaming myself exploring file formats ?
Just come tell me - I have stickers #38C3.

Hello #38C3, it seems as if there might be some GPS spoofing going on in the building. This might change the clocks of your phones. If you use your phones as alarm clocks or medication timers, that might be a problem.

If you read this and experiment with spoofing broadcasts of this kind: Please consider if you're cool with people potentially missing important medications due to these experiments, and whether you think that's "excellent to each other".

The hardest part about refuting Y2K disinfo is how many problems were fixed quietly, in part to mitigate risk of ligitation (negligence, etc.). People have stories they can't tell.

At this point, I think enough years have passed that a formal amnesty - to encourage companies to disclose just how bad some of the problems were - would be in our historical best interest.