Big organizations have all sorts of problems that we employees can't help.

One problem I *can* help? The feud between the sysadmins and the network team.

I wrote the first edition of "Networking for System Administrators" in the hope that we tech flunkies would come together, freeing us to plot against the C-levels.

I'd appreciate your support for the new edition.

https://www.tiltedwindmillpress.com/product/n4sa2e-sponsor/

The eleventh LangSec (often featuring input validation, program analysis, program verification, parser hacking, specification analysis, and all sorts of related fun things) would love your submissions for 2025. See https://langsec.org/spw25 for the CFP 💚

In the old days if you clicked a link you would just get a web page. It was great.

~Windows 2 article minor updates~

Windows/286 vs Windows/386 vs Windows 3.0 Real / Standard / Enhanced mode. Do you know which is which? I added a table to the Windows 2 article comparing those, so it'll be easier to find the system you want.

Additionally, I added a section explaining why Windows 2 looks so... Unusual. It's hidden under "Wait, why does it look so ugly?" section, and covers fonts, resolutions, and EGA 3-plane graphics.

The URL is the same - https://www.ninakalinina.com/notes/win2/

Think you’ve got what it takes to pop shells and snag your ticket to... @reverseconf and @offbyoneconf ? 😏
https://github.com/star-sg/challenges/blob/main/Jan%202025/README.md

@tychotithonus @dangoodin @mdfranz That's good to know, thank you!

This is actually a major push to kill my Google account: it's the key to a lot of places, but because of BS like this I can't secure it properly.

Project: python/cpython https://github.com/python/cpython
File: Python/Python-ast.c:10989 https://github.com/python/cpython/blob/2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd/Python/Python-ast.c#L10989

int obj2ast_stmt(struct ast_state *state, PyObject* obj, stmt_ty* out, PyArena* arena)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FPython%2FPython-ast.c%23L10989&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FPython%2FPython-ast.c%23L10989&colors=light

@dangoodin @tychotithonus Not even there :(

@mdfranz @dangoodin @tychotithonus I have no intention to do so, I only want to setup simple-ass WebAuthn.

@dangoodin @tychotithonus Thanks, I tried that, but problem is I'm on Linux that is apparently not compatible with passkeys, so I can't even add a security key.

@mumblegrepper you should use K&R or similar as mouse pad for best energy

U.S. Treasury: Treasury Sanctions Technology Company for Support to Malicious Cyber Group
Treasury bites back at China: the Office of Foreign Assets Control (OFAC) sanctioned Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its role in multiple computer intrusion incidents against U.S. victims. These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. critical infrastructure sectors.

Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure.

See the joint FBI, CNMF and NSA advisory People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations (PDF) from 18 September 2024. cc: @nattothoughts

#integritytech #ofac #treasury #sanctions #china #flaxtyphoon #cyberespionage #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI

@tychotithonus How do I get to the point to register? Where do I click on the web interface?

(This is fucking ridiculous btw.)

Some people have asked that 404 Media moves from a magic link system (to login you are emailed a link to click) to a user/password system. We're four journalists trying to spend as much time as possible doing journalism. We don't want your password https://www.404media.co/we-dont-want-your-password-3/

Why do vendors claim reliable and secure and then have vulns like this?? Let me guess, ping again?? https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo

⚠️ If you use iTerm with the SSH integration functionality: some debug code accidentally shipped to production and it may be logging the entire session to /tmp... on the REMOTE server. If you SSH to shared hosts with iTerm, you'll probably want to look into deleting that as quickly as possible https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog

Does anyone know how to add a new security device to a Google account? It seems the UI only supports passkeys now, but I don't want passkeys.

ghidra-r2web is a project to expose the functionality of #Ghidra to #radare2. After some compatibility fixes I refactored the original Ghidra script into a plugin for better integration and maintainability:

https://github.com/radareorg/ghidra-r2web/tree/master/GhidraR2Web

As I don't have much experience with r2 I can only rely on feature requests to add functionality that makes sense, so please use the issue tracker liberally!

IMO this is also a great opportunity to discuss possible improvements of the r2web protocol to support more integrations.

/cc @pancake

Please Boost: To all Hacker Spaces in Berlin. I have a decommissioned server to give away. So far, I have been unable to find a beneficiary.

**Who wants this server?**
HP ProLiant DL360 Gen9 - 2 CPU E5-2697 v3 @ 2.60GHz, 128 GB DDR4, 2x 900GB SAS.

Pick-up in Berlin Kreuzberg.

Somebody fooled Google AI to believe that EU mandated RS-232 usage in 1997 :)
#retrocomputing #rs232 #fakehistory