@wdormann @cy @cR0w Not sure this came up while I was sleeping, but regular ZIP archives don't encrypt metadata (file names) so "trying to send an executable in a pw protected archive" may be grounds for a block too.

This follow-up to CVE-2024-57882 by Solar Designer also worth reading:

https://seclists.org/oss-sec/2025/q2/3

"A reason CVE-2024-57882 may have stayed unpatched in a distro is it could have been wrongly believed to be a NULL pointer dereference only due to a specific crash reported by Syzbot."

"net.mptcp.enabled can be set from inside an unprivileged net namespace"

"bribing a senator with a 9-letter name will alter the last letter in their name on their subsequent appearances"

https://banyaszvonat.github.io/breaking-videogames/2025/03/30/off-by-one-or-is-it-two.html

#gamehacking #Disgaea

@GossiTheDog @cisakevtracker Thanks for the heads up! I'm quite skeptical though given the previous FUD reports, can't wait to see more info about any observed attacks!

who could have seen *this* coming

https://futurism.com/neoscope/23andme-selling-data

@kajer @256 This is also a good time to remember the USB Cart of Death: https://devblogs.microsoft.com/oldnewthing/20240521-00/?p=109786

@kajer @256 Good one! .HLP was also a vector for a long time, pretty sure there was some parser bug in the thumbnailer, *gestures wildly* Internet Explorer...

@kajer @256 I'm like 3 minutes in, and I remember at least 3 remotely exploitable vulnerabilities in the presented features, fun times!

Computer Chronicles - Windows 98
https://archive.org/details/Windows9_2

@cR0w @wdormann I mean it's the logical next step if you want to pretend you can solve an unsolvable problem.

@cR0w @wdormann Probably? Gmail definitely does that. Zero-click attack surface ftw!

Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol

https://seclists.org/oss-sec/2025/q2/0

"The analyze(sic!) of the patch (https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cbb26f7d8451fe56ccac802c6db48d16240feebd) reveals that the root cause of the bug has been partially fixed."

@wdormann @cR0w Reminds me of: https://project-zero.issues.chromium.org/issues/42452353#comment2

@Ange that's the spirit! 💪

[RSS] Plan 9 finally comes to the POWER9

https://www.talospace.com/2025/04/plan-9-finally-comes-to-power9.html

turns out Qualcomm dropped the sources for talking to their Embedded USB Debug (EUD) peripheral, and it works on the OnePlus 6!

This means we get JTAG access directly via the USB port, yes seriously! There is also a UART peripheral which we can hook up (so far untested).

Basically you write 1 to a magic register (typically from the Linux driver but i have been testing from U-Boot) and all of a sudden a 7-port USB hub appears on your PC (in addition to whatever USB gadget you had set up) with a single device which is the EUD control interface.

Now that the code to talk to it is public (and functional with this openocd fork https://github.com/linux-msm/openocd) you can get JTAG access to the device for easier debugging of the kernel or U-Boot!

It seems like this works "by accident" on the OnePlus 6, likely the same debug policy misconfiguration that causes the device to go to crashdump instead of just rebooting (so it's unlikely to work on say, the PocoPhone F1, but maybe worth a try!).

There seem to be protections in place so you can't escalate to EL2 or EL3, when in EL2 all registers read as 0

@Ange it's called revenge

Wanna earn up to $100,000 a month? Perhaps doing crime? For obscure reasons? This is your opportunity.

Don't miss out on this bizarre hacking campaign, which is currently looking for recruits on Twitter.

🤔 🤔 🤔

https://techcrunch.com/2025/04/01/someone-is-trying-to-recruit-security-researchers-in-bizarre-hacking-campaign/

Don't. Make. Me.

Me: The 90's were great

Also me: *casually downloading a 6 GiB ISO at 30 MiB/sec in 3.5 minutes*

Some things are definitely better than they were, and download speeds is one of them