Together, for a Europe united against hatred.

Today, a revised Code of conduct on countering illegal hate speech online is being integrated into the framework of the Digital Services Act.

The new Code will strengthen how online platforms deal with content that EU and national laws define as illegal hate speech.

It will also facilitate compliance with and the effective enforcement of the DSA regarding risks of disseminating illegal content on their services.

ℹ️ https://europa.eu/!cmmGdj

#DSA

@haraldgeyer @chrysn @th thanks for the warning, I was asking exactly bc I'm always comfortable with hacking on firmware, but not with chemistry...

Newsletter: No, Trump didn’t make $50 billion from his memecoin.

https://www.citationneeded.news/trump-memecoin-valuation/

#crypto #cryptocurrency #DonaldTrump #USpolitics #USpol

Wishing all my American friends strength today & for the future. Please hang in there!

@haraldgeyer @chrysn @th sounds fair, I guess extensive docs and good sw for a commercial model can be just as useful as some fully open design for most. What is still bothering me is the ink: is it possible to produce that from off-the-shelf components for yourself independently from a vendor?

@buherator My guess on this is that many tech savvy people try to get rid of printers for everyday tasks, leaving only a small community of print enthusiasts, and that is further fractured into the wide range of possible shapes (@th is doing plotter scale stuff with what may even be open hardware; @haraldgeyer is more on the producing-a-book end of things, and there's a huge space in between even without getting started on colour).

Published a new article: Malicious extensions circumvent Google’s remote code ban

https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/

Looking at 60 malicious extensions belonging to three groups here, still running remote code despite Google banning it in Manifest V3. “Fun” fact: some of these extensions have been featured on my blog in 2023, others on McAfee’s in 2022.

Recurring pattern: downloading rules and adding them to declarativeNetRequest API. The abuse potential here is enormous, including injecting malicious scripts into websites.

Only one extension went for essentially a custom programming language, others settled with simpler approaches. Luckily for me because the latter allows better guesses about what this functionality is meant for. Spoiler: ads and affiliate fraud. Also: affiliate fraud and ads.

Curious about Rust, fuzzing, and type systems? Interested in GSoC? Then LibAFL may have a project for you.

We are currently looking to implement a generic/associated-type bounds over-specification linter as a GSoC project this year. We have opened an RFC for developing such a project, and are looking for feedback from academics or professionals specialising in Rust tooling and type systems, so do please chime in if you're interested!

Would you buy my memecoin?

@sassdawe Some windows are more equal than others...

WTF #Microsoft?!

Alt+F4 is not closing #MicrosoftEdge I am stuck on the welcome screen.

There is no ❌ to click either, and right click close on the taskbar is ignored too.

This is fine.

Serious question: Is there an open-source 2D printer (the type with paper and ink)?

If not, why not? Is there some serious production bottleneck that only HP&co can meet?

periodic reminder for infosec folks: stop deciding things are done badly or "insecure" outside of the context of a threat model

it's disingenuous and irresponsibly ignores that security and cryptography are fundamentally about balancing risk tolerance and risk abatement

pwndbg 2025.01.20 Release

https://github.com/pwndbg/pwndbg/releases/tag/2025.01.20

"This release features LLDB support, improved performance, bug fixes and better embedded systems experience. Pwndbg can now run on macOS (both Intel & Apple Silicon) and allows for debugging Mach-O binaries."

Session Round 2

Earlier this week, I wrote a blog post succinctly titled, Don't Use Session. Two interesting things have happened since I published that blog: A few people expressed uncertainty about what I wrote about using Pollard's rho to attack Session's design (for which, I offered to write a proof of concept and report back with results), and Session wrote a blog claiming to rebut the claims made in that blog post.

http://soatok.blog/2025/01/20/session-round-2/

If you’ve recently installed Homebrew you may have installed a Trojan Horse if you used Google to find it
https://alecmuffett.com/article/110957
#HomographAttack #hacking #homebrew

Seems like we have a solution: https://bird.makeup/users/filip_dragovic/statuses/1881091708039131441

Seems that new windows update bring some changes in NTFS as its no longer possible to delete folders with ::$INDEX_ALLOCATION allocation trick with DeleteFile api.

"Technology giants must do more to co-operate with law enforcement on encryption or they risk threatening European democracy, according to the head of Europol". She considered end-to-end encryption incompatible with democracy? https://www.ft.com/content/1e6a600d-8620-4ed6-a4cd-5c454d6247ba

New assessment for topic: CVE-2024-49112

Topic description: "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability ..."

"CVE-2024-49112 is a critical vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) service ..."

Link: https://attackerkb.com/assessments/07d80193-ab91-4495-ad6c-eeeb6ffbb112