Qualys Security Advisory

CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client

CVE-2025-26466: DoS attack against OpenSSH's client and server

https://www.openwall.com/lists/oss-security/2025/02/18/1

[RSS] Debugging An Undebuggable App

https://bryce.co/undebuggable/

#iOS

The livestream on multi-hashcolls is up!
Awesome that David joined and commented on his own hashquines!
https://www.youtube.com/live/-asJnf-S2Nk?si=DCACWGTQyFVOmN1a

The next livestream will be on mitigating hash collisions: preventing them at format design, filtering them out or detecting them.
https://www.youtube.com/live/A7EBbGv1B3U?si=G0zp4eRd0agKSzxY

@ryanc Thanks for reminding me of my forgotten coffee!

@revng Awesome, thank you!

@SensorLock Plotly works great, thank you! Scatter Matrix looks _exactly_ like what I had in mind, but realized that since I have a time dimension a plain scatter plot actually captures the temporal aspect much better.

@pancake I'm not a psychologist but I'd say you spend too much time around computers :D

@Extelec That is awesome! How does Pico Cray's performance compare to the original Cray? :)

@falken @foone yes the Pico Cray https://www.extremeelectronics.co.uk/other-2/pico-cray-small-scale-distributed-computing/

@SensorLock Ahh "error bar" is a great keyword! Plotly looks nice too, I'll give it a shot, thanks!

Hackers rejoice!

We are releasing the Phrack 71 PDF for you today!

Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!

The CFP is still open, you can find it and the PDF link at https://phrack.org

I'd like to create plots similarly to scatter plots, but instead of points I'd like to show intervals (sections, corresponding to values of one axis). Is there a specific plot type for this or can I parameterize a scatter plot generator to work like this?

#datavisualization

It’s a shame to see Sci-Hub falling for web3 hype and adding a pumpfun memecoin ticker to their webpage. Blockchain-based DNS does not automatically mean “decentralized”, and 3DNS — the company behind .box — is based in the US and would be subject to US court orders.

Someone unaffiliated with Sci-Hub created the memecoin, claiming to be fundraising, but said only 20% of proceeds would go to Sci-Hub. Founder Alexandra Elbakyan herself condemned this.

Dragodis is a Python framework which allows for the creation of universal disassembler scripts.

https://github.com/dod-cyber-crime-center/Dragodis

#Ghidra #IDA #ReverseEngineering

What comes after world domination?

This is the abstract for my scheduled talk at foss-north 2025 in April. What do you think is next?

https://foss-north.se/2025/

New year, new skills, new exploits! 💻🎯

Corelan classes are coming your way! Learn Windows stack & heap exploitation from corelanc0d3r.

🔥 Hands-on labs, real-world scenarios & an elite alumni network. Spots fill up fast—register now! 👉 [https://www.corelan-training.com/index.php/training-schedules

As the next step in my quest to make it easier to poison AI crawlers, I present you: OCIocaine: a project where #DockerCompose meets #Caddy and #Iocaine, to poison AI crawlers for all your sites, automatically.

The idea here is to provide a docker compose file that starts up Caddy and Iocaine, configured so that Caddy will reverse proxy for any and all services on the same docker network, as long as they have a few labels that tell it to do so. In addition, a Caddyfile snippet will be available for all of these, which takes care of routing bad visitors to Iocaine.

And if that's not enough, the whole thing comes preconfigured with a wordlist (a list of English words), and traning data (the complete works of Shakespeare), and a list of known AI crawlers (courtesy of ai.robots.txt).

All you have to do is copy the sample configuration, create a network, start it up, and deploy labeled containers into the same network, and OCIocaine takes care of the rest.

@drwhax You should have an adjustable one: standing all the time is just as bad for your back as sitting. The trick is to change positions and move around as much as you can.