@bh @404mediaco because your cpu vendor is not relevant when you happen to run malware.

Thanks to OSTIF!, in 2024, we assessed cURL's HTTP/3 components. We found two issues, enhanced fuzzing coverage, and provided testing and security recommendations.

https://github.com/trailofbits/publications/blob/master/reviews/2023-12-curl-http3-securityreview.pdf

cURL marked our 14th security assessment with OSTIF, with our first being in 2019. OSTIF's mission to secure critical open-source software has led to security improvements across projects on which we all depend.
Read their annual reports:
https://ostif.org/ostif-2024-annual-report/
https://ostif.org/2024-sovtech-audit-report/

@bh @404mediaco They could deploy the same code on a mainframe in Fort Knox, it would be the same bug (if my theory is correct). I dont have info abt usgov webapp deployment policy.

@bh @404mediaco yeah ik. It's a platform, the user provides implementation. You don't blame your cpu for executing malware.

@bh @404mediaco frankly I don't see why CF is relevant, this looks like an app-specific endpoint, but I may be missing some detail

Better late than never, I just published a blogpost about my experience at @blackhoodie training, hexacon 2024. Again, big thanks to the organizers for putting together this training, it was really good! 😊

https://p0pcycle.com/2025/02/14/blackhoodie-my-experience/

FBI files on Kevin Mitnick released thx to a FOIA request by hexadecim8.com

https://vault.fbi.gov/kevin-mitnick/kevin-mitnick-part-01-final/view

#frombsky

Super scummy for microsoft to auto upgrade (at the added cost of an extra £30 a year) people to a AI plan, and not offer a "actually I don't use any of that stuff" can I not pay that £30 a year?

And then only when you are at the cancel page, it's like "🥺 oh sorry do you want the old deal back? 🥺"

For anyone else, you don't even have to get that far into the cancel page for this. So it's easy to save £30 a year with this.

Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.

— Antoine de Saint Exupry

#complexity

Unrestrict the restricted mode for USB on iPhone. A first analysis @citizenlab #CVE-2025-24200 👉 https://blog.quarkslab.com/first-analysis-of-apples-usb-restricted-mode-bypass-cve-2025-24200.html

Happy #nakeddiefriday folks!

Today's specimen is p/n SC13890P23A by Motorola/Freescale. This came from an embedded cellular modem I tore out of [redacted]. The die is marked ATLAS-UL.

It is the most colourful die I have ever imaged.

SiPron page: https://siliconpr0n.org/archive/doku.php?id=infosecdj:motorola:sc13890p23a

Preparing a talk on #programming an #AnalogComputer - using the wonderful #THAT from anabrid and my #Vectrex that has been modified to provide an additional #oscilloscope mode.

Really cool blog post about permissions in browsers and how they work. https://albertofdr.github.io/web-security-class/browser/browser.permissions

Better than watching live coding on Twitch I guess?

[RSS] Bent // Broken 2025 Worldwide Virtual Circuit Bending Festival

https://blog.adafruit.com/2025/02/13/bent-broken-2025-worldwide-virtual-circuit-bending-festival/

Today's @kagihq changelog is honestly kind of a massive deal for privacy stuff:
- Human readable privacy policy page
- Privacy pass (an open source, cryptographic verifiable way of doing searches through Kagi without them being able to see who you are)
- Official tor service

https://kagi.com/changelog#6172 #kagi

[RSS] On the Original Punched Cards

https://hackaday.com/2025/02/12/on-the-original-punched-cards/

[RSS] [Vulnerability] Unauthenticated Remote Code Execution via Known View State Secret in FieldPie

https://code-white.com/public-vulnerability-list/#unauthenticated-remote-code-execution-via-known-view-state-secret-in-fieldpie

This may be one of those leaked secrets MS warned about? No details unfortunately...

[RSS] Patch-Gapping the Google Container-Optimized OS for $0

https://h0mbre.github.io/Patch_Gapping_Google_COS/

@algernon You weren't rude, I actually hesitated to ask about GitHub given your timeline :) Bitrise is good though, and founders are Hungarian!