Session Round 2

Earlier this week, I wrote a blog post succinctly titled, Don't Use Session. Two interesting things have happened since I published that blog: A few people expressed uncertainty about what I wrote about using Pollard's rho to attack Session's design (for which, I offered to write a proof of concept and report back with results), and Session wrote a blog claiming to rebut the claims made in that blog post.

http://soatok.blog/2025/01/20/session-round-2/

If you’ve recently installed Homebrew you may have installed a Trojan Horse if you used Google to find it
https://alecmuffett.com/article/110957
#HomographAttack #hacking #homebrew

Seems like we have a solution: https://bird.makeup/users/filip_dragovic/statuses/1881091708039131441

Seems that new windows update bring some changes in NTFS as its no longer possible to delete folders with ::$INDEX_ALLOCATION allocation trick with DeleteFile api.

"Technology giants must do more to co-operate with law enforcement on encryption or they risk threatening European democracy, according to the head of Europol". She considered end-to-end encryption incompatible with democracy? https://www.ft.com/content/1e6a600d-8620-4ed6-a4cd-5c454d6247ba

New assessment for topic: CVE-2024-49112

Topic description: "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability ..."

"CVE-2024-49112 is a critical vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) service ..."

Link: https://attackerkb.com/assessments/07d80193-ab91-4495-ad6c-eeeb6ffbb112

[RSS] Microwatt goes multiprocessor

https://www.talospace.com/2025/01/microwatt-goes-multiprocessor.html

"Microwatt, the OpenPOWER VHDL softcore. Microwatt now runs on multiple FPGA boards or can be run (slowly) in simulation, and is capable of booting Linux"

Note to progressive politicians: If you don’t offer real solutions to problems, voters will follow people who offer fake solutions.

@david_chisnall to *real* problems!

Austrian-born American actress and inventor Hedy Lamarr died #OTD in 2000.

At the beginning of World War II, along with George Antheil, Lamarr co-invented a radio guidance system for Allied torpedoes that used spread spectrum & frequency hopping technology to defeat the threat of radio jamming by the Axis powers. However, the technology was not used in operational systems until after World War II, & then independently of their patent.

https://en.wikipedia.org/wiki/Hedy_Lamarr

#science #technology #womeninStem

This is an interesting question re: the Windows file delete privesc vector published by ZDI:

Does FolderContentsDeleteToFolderDelete.exe Still Work on Windows 11 24H2? #8 - https://github.com/thezdi/PoC/issues/8

https://www.thezdi.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks

[RSS] Linux Kernel TLS Part 1

https://u1f383.github.io/linux/2025/01/20/linux-kernel-tls-part-1.html

Finally! https://sethmlarson.dev/how-to-disable-copilot-in-github

Thank you @harrysintonen for making me aware #github #copilot

@fj You mean the Rule of Law?

https://en.wikipedia.org/wiki/Rule_of_law

It's so weird to see people (esp. in the US) acting as if humanity didn't have hundreds or even thousands of years of experience about how governance should (not) work.

In ~1h, we’ll explore the awesome and clever DOOM.PDF!
https://www.youtube.com/live/t17joAiWBkE?si=clV3nvyFZ5DjKQ5e

@algernon Glad you found it useful! Please post updates about how things are going!

[RSS] The case of the crash when trying to erase an element from a std::set

https://devblogs.microsoft.com/oldnewthing/20250117-00/?p=110777

Rust made me see cases like this in a much different light!

@cfgbot Woah!

Project: microsoft/TypeScript https://github.com/microsoft/TypeScript
File: src/compiler/utilities.ts:3549 https://github.com/microsoft/TypeScript/blob/cbac1ddfc73ca3b9d8741c1b51b74663a0f24695/src/compiler/utilities.ts#L3549

function isExpressionNode(node: Node): boolean

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FTypeScript%2Fblob%2Fcbac1ddfc73ca3b9d8741c1b51b74663a0f24695%2Fsrc%2Fcompiler%2Futilities.ts%23L3549&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FTypeScript%2Fblob%2Fcbac1ddfc73ca3b9d8741c1b51b74663a0f24695%2Fsrc%2Fcompiler%2Futilities.ts%23L3549&colors=light