(please RT for reach - thank you!)
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?

Write a 1-page article for the #6 issue of Paged Out! :)
https://pagedout.institute/?page=cfp.php

Soft deadline is Feb 1st.

Donating to the Wikimedia Foundation is great. Becoming a volunteer editor is even better.

https://youtu.be/bRRHR1NEOqE

#wikipedia

From over at the Bad Place:
https://gist.github.com/alfarom256/f1342f14dc6a742de7ea4004a1b6d7ed

IObit Malware Fighter has a driver device called IMFForceDelete123.
When you call the only exposed IOCTL to this device, 0x8016E000, along with a specified path, the Windows kernel will delete the specified file/directory. NTFS ACLs don't matter because we're the kernel.

Who is allowed to interact with this device? EVERYONE.

The more software you have on your system, the less secure it is.

New vulnerability report from Talos:

Progress WhatsUp Gold SnmpExtendedActiveMonitor path traversal vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2089

CVE-2024-12105

@slp This keyboard is tripping balls

The art of programming is the art of organizing complexity, of mastering multitude and avoiding its bastard chaos as effectively as possible.

— E. W. Dijkstra

#complexity

[RSS] Capturing the Flags of the Internet: Find 0-days in OSS and write scanners to detect them

https://bughunters.google.com/blog/6752136441233408/capturing-the-flags-of-the-internet-find-0-days-in-oss-and-write-scanners-to-detect-them

Backdooring Your Backdoors - Another $20 Domain, More Governments - watchTowr Labs https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/

This is it! Its on!

Save the date and polish your speaking or training skills-> call for papers, workshops, trainings, sponsors and volunteers open!

Submit: https://pretalx.com/bsidesluxembourg-2025/cfp

PS: sponsor package options available on info@bsides.lu!

#bsidesluxembourg

@atomicpoet @dansup Worse: it created friction for legit use-cases (that can't be undone!), creates ~0 friction for illegitimate ones *while* giving a false sense of security.

Limiting discovery is def in the top3 stupidest ideas I've seen during my long time on the Web.

Please support one of our own! If you ever have been to defcon, needed network security, used MFA, touched HAM radio, etc… dearest cjunkie made your life better one way or another - one of the most awesome human beings I know (and I know tons of them!) https://www.gofundme.com/f/support-marc-rogers-road-to-recovery

@Ange you know when some smart bureaucrat draws black rectangles over paragraphs then someone on the Internet does a Ctrl+A Ctrl+C Ctrl+V and publishes the whole text layer

@Ange considering impact: select to unredact :)

Confirmed. ChatGPT is actively indexing the Fediverse, even small servers like mine who have not explicitly consented to their indexing.

So while people on Mastodon got angry about Mastodon having built-in discovery features, ChatGPT just went ahead and slurped up all your posts.

High level diff of iOS 18.3 beta 1 vs. iOS 18.3 beta 2 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_3_22D5034e__vs_18_3_22D5040d/README.md

Google Chrome security advisory: Stable Channel Update for Desktop
New Google Chrome version 131.0.6778.264/.265 for Windows, Mac and 131.0.6778.264 for Linux includes 4 security fixes, including 1 externally reported: CVE-2025-0291 (high severity) Type Confusion in V8. No mention of exploitation

#google #chrome #vulnerability #cve #infosec #cybersecurity #CVE_2025_0291

Project: golang/go https://github.com/golang/go
File: src/cmd/cgo/ast.go:358 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/cgo/ast.go#L358

func (f *File) walk(x interface{}, context astContext, visit func(*File, interface{}, astContext))

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcgo%2Fast.go%23L358&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcgo%2Fast.go%23L358&colors=light

Project: golang/go https://github.com/golang/go
File: src/runtime/pprof/pprof_test.go:1553 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/runtime/pprof/pprof_test.go#L1553

func containsCountsLabels(prof *profile.Profile, countLabels map[int64]map[string]string) bool

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fruntime%2Fpprof%2Fpprof_test.go%23L1553&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fruntime%2Fpprof%2Fpprof_test.go%23L1553&colors=light

In the latest Doyensec research, our Nobert Szetei (@sine) takes a closer look at the SMB3 Kernel Server (ksmbd) component of the Linux kernel. Check it out today to learn what he found, which led to multiple CVEs!

#Doyensec #Appsec #Security #Linux

https://blog.doyensec.com/2025/01/07/ksmbd-1.html