CALLING ALL #demoscene MUSICIANS!

Our jury for Best Soundtrack could urgently use one or two more jurors - are you able to help out?
We reactivated our application form just for you! Thank you humbly, everyone!

https://2025.meteoriks.org/taking_part/juror/

It looks like oil paintings on wikipedia are being infected by phone camera software that automatically "fixes" skin textures.

HPE has confirmed it's investigating a data breach after a well-known hacker claimed to have stolen sensitive information from the company https://techcrunch.com/2025/01/21/hpe-investigating-security-breach-after-hacker-claims-theft-of-sensitive-data/

Why on Earth would you choose Ctrl-Break as a hotkey for anything in 2025?!

@wdormann @brucelawson

"And the people bowed and prayed
To the neon god they made
And the sign flashed out its warning
In the words that it was forming
And the sign said “The words of the prophets
Are written on subway walls
And tenement halls
And whispered in the sounds of silence”"

JetBrains security advisory: TeamCity 2024.12.1 Bug Fix Is Now Available
It's time for security theater as JetBrains announces a TeamCity update but refuses to tell us what vulnerabilities actually got fixed. 🤡 There are no release notes for 2024.12.1 at the time of this toot.
There is no dropdown option for TeamCity 2024.12.1 in Fixed security issues page. A CVE of "TeamCity" doesn't show any new CVEs since December 2024. On average, they update their security bulletin with CVEs 4-30 days after announcing security updates.

#jetbrains #teamcity #cve #vulnerability #infosec #cybersecurity

Any #Wikipedia editors around who can help? We are trying to get the article on #CHERI added. It's so far been rejected three times:

First, it did not have enough independent citations. We added a lot to news articles about CHERI.

Second, it was insufficiently detailed and lacking context. We added a timeline of development, a load of cross references, and a simple introduction.

It was then rejected again because it lacks an explanation that a 15-year-old could understand. This is true of 90% of science-related articles on Wikipedia, so I'm not sure how we fix it. An explanation at that level is something I can write (I have done for the #CHERIoT book!) but it would then make the page 3-4 times as long and not suitable for an encyclopaedia (I've previously seen pages rejected because Wikipedia is not the right place for tutorials).

I don't understand the standards for Wikipedia and I really need some guidance for how to resolve and progress this.

In our new blog post we take a little journey from an IBM advisory to confirming a hardening in Windows 11 24H2:

Vulnerability Archeology: Stealing Passwords with IBM i Access Client Solutions

https://blog.silentsignal.eu/2025/01/21/ibm-acs-password-dump/

#redteam #windows #ibmi #ReverseEngineering

[RSS] Reverse Engineering Call Of Duty Anti-Cheat

https://ssno.cc/posts/reversing-tac-1-4-2025/

[RSS] Linux Kernel TLS Part 2

https://u1f383.github.io/linux/2025/01/21/linux-kernel-tls-part-2.html

@puck I guess printing bitmap data (a bitmap diagram embedded in a PDF) is problematic, right?

Gurk 0.6.1 is here: The Signal Messenger client for the terminal code in #Rust

We’re excited to announce the latest update to Gurk.

This version brings improved performance and bug fixes to make your terminal messaging experience even better.

Update now and stay connected from the terminal!

$ doas pkg_add gurk

Artwork by @Banshee

#SecBSD #OpenBSD #OpenSource #Privacy #Security #RunBSD #Signal

Together, for a Europe united against hatred.

Today, a revised Code of conduct on countering illegal hate speech online is being integrated into the framework of the Digital Services Act.

The new Code will strengthen how online platforms deal with content that EU and national laws define as illegal hate speech.

It will also facilitate compliance with and the effective enforcement of the DSA regarding risks of disseminating illegal content on their services.

ℹ️ https://europa.eu/!cmmGdj

#DSA

@haraldgeyer @chrysn @th thanks for the warning, I was asking exactly bc I'm always comfortable with hacking on firmware, but not with chemistry...

Newsletter: No, Trump didn’t make $50 billion from his memecoin.

https://www.citationneeded.news/trump-memecoin-valuation/

#crypto #cryptocurrency #DonaldTrump #USpolitics #USpol

Wishing all my American friends strength today & for the future. Please hang in there!

@haraldgeyer @chrysn @th sounds fair, I guess extensive docs and good sw for a commercial model can be just as useful as some fully open design for most. What is still bothering me is the ink: is it possible to produce that from off-the-shelf components for yourself independently from a vendor?

@buherator My guess on this is that many tech savvy people try to get rid of printers for everyday tasks, leaving only a small community of print enthusiasts, and that is further fractured into the wide range of possible shapes (@th is doing plotter scale stuff with what may even be open hardware; @haraldgeyer is more on the producing-a-book end of things, and there's a huge space in between even without getting started on colour).

Published a new article: Malicious extensions circumvent Google’s remote code ban

https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/

Looking at 60 malicious extensions belonging to three groups here, still running remote code despite Google banning it in Manifest V3. “Fun” fact: some of these extensions have been featured on my blog in 2023, others on McAfee’s in 2022.

Recurring pattern: downloading rules and adding them to declarativeNetRequest API. The abuse potential here is enormous, including injecting malicious scripts into websites.

Only one extension went for essentially a custom programming language, others settled with simpler approaches. Luckily for me because the latter allows better guesses about what this functionality is meant for. Spoiler: ads and affiliate fraud. Also: affiliate fraud and ads.