@tychotithonus I think this dilemma is equivalent to the USGOV vs. Kaspersky case. After some point you have to trust your supply chain. If that's not reasonable, you cut ties.

(I know this is not an answer, but my gut tells me this isn't really a technical problem to solve)

@bascule Or at least buy a CO detector! I also lost a friend to that shit...

Gene Hackman’s Family Reveals What They Believe Caused His Death: Carbon Monoxide

Yet another reason to get rid of all the gas appliances in your home if you can: they’re dangerous!

https://www.thedailybeast.com/gene-hackmans-family-daughter-elizabeth-hackman-reveals-what-they-believe-caused-his-death/

@cR0w Also considering the recent activity around the Linux kernel...

I'm tired enough to read "CVE Nürnberg Authority" and think that vulnerability management took a quite radical turn

SEC Consult SA-20250226-0 :: Multiple vulnerabilities in Siemens A8000 CP-8050 & CP-8031 PLC

https://seclists.org/fulldisclosure/2025/Feb/19

- Firmware Downgrade (CVE-2024-39601)
- Firmware Update Decryption via Secure Element Oracle (CVE-2024-53832)

If a government can issue a secret order to push a 'special' version of a mobile app just to a specific person (or set of people), how can this be mitigated?

• How can app "rarity" be detected locally? (Antivirus and its descendants have a concept of a "well-known benign executable" vs one that has only been rarely seen.

• Can a local app, or an OS feature, be used to compare local apps with a list of expected versions?

• Can this be done independently of the OS (since the order could also subvert the rarity check)? (Even an independent app can be subverted if the only app store is the official one maintained by the same vendor.)

• To detect unusual app versions, reproducible builds are necessary but not sufficient, unless the project is also FOSS -- because even if everyone gets the same APK, the app might receive different instructions from its server depending on unique metadata.

Today in "#systemd ruins everything", Jan learns that systemd-resolve...

- runs a proxy DNS server on 127.0.0.53 (which is in /etc/resolv.conf)
- uses it's own /run/systemd/resolve/resolv.conf
- will read and cache /etc/hosts regardless of what /etc/nsswitch.conf says (`ReadEtcHosts` defaults to `yes` in /etc/systemd/resolved.conf)

Applications that follow traditional libc resolver logic now will continue to get /etc/hosts results even if /etc/nsswitch.conf excludes 'files'.

🤦‍♂️

[RSS] Taking the relaying capabilities of multicast poisoning to the next level: tricking Windows SMB clients into falling back to WebDav

https://www.synacktiv.com/en/publications/taking-the-relaying-capabilities-of-multicast-poisoning-to-the-next-level-tricking

[RSS] A Deep Dive into JS Trusted Types Violations

https://bughunters.google.com/blog/5850786553528320/a-deep-dive-into-js-trusted-types-violations

Hyperlight is a library for creating micro virtual machines — or sandboxes — specifically optimized for securely running untrusted code with minimal impact.

https://github.com/hyperlight-dev/hyperlight

It supports both Windows and Linux, utilizing Windows Hypervisor Platform on Windows, and either Microsoft Hypervisor (mshv) or KVM on Linux.

#hypervisor #virtualization

“HKEY_CURRENT_USER. You will never find a more wretched hive of scum and villainy.”

@joxean As I see there are several ...Demangler classes under the Features directory along with wrapper scripts too that demonstrate their use. If you need help translating this Java->Python lmk!

Anybody knows how to demangle a string, not a symbol, in #Ghidra using Python?

@joxean This seems useful: https://hwreblog.com/9.1/api/ghidra/app/util/demangler/DemanglerUtil.html#demangle(java.lang.String) ?

[RSS] How Does #Linux Direct Mapping Work?

https://u1f383.github.io/linux/2025/02/27/how-does-linux-direct-mapping-work.html

been reminded of this several times this week and not in a nice way

@mttaggart My point is that since Mozilla is not in adtech (yet) their TOS will necessarily differ from ones (everyone else?) that are.

[RSS] Sidekick in Action: Finding Vulnerabilities in dnsmasq

https://binary.ninja/2025/02/26/sidekick-in-action-finding-vulnerabilities-in-dnsmasq.html

@mttaggart do other browser have similar business models? I mean if you are in adtech you will use different terms because you do want to collect and use data.