[RSS] We emulated iOS 14 in QEMU. Here's how we did it.

https://eshard.com/posts/emulating-ios-14-with-qemu

This is CVE-2025-22871 and Go issue

https://go.dev/issue/71988.

net/http: request smuggling through invalid chunked data

@Newk @mrclark I think you should not attack the problem from the angle of who is being targeted: it's pretty easy to see it's everyone. IME you can get to an actual victim with one handshake, maybe two if you don't work in infosec.

It's more important to make people realize that they have shit to loose: enumerate critical assets, create estimations what damage can be done (which is what banks do as part of their compliance process). Many businesses (manufacturing is a typical example) don't realize how much they rely on IT these days.

@wdormann Yes, and this makes me think that bad guys had this exploit well before the patch:
1) APTx runs its dumbest fuzzer and writes an exploit
2) ???
3) Ivanti releases a patch
4) APTx notices their bug is burned
5) APTx goes for a aggressive campaign (or passes the exploit to low-end peers) to cash in on the patch gap.
6) Threat intel picks up ItW exploitation

With my previous comment I wanted to express my worry that we are probably in stage 2) with God knows how many Ivanti 0-days right this moment.

Hey #infosec,
what's your best answer to people telling you "But we're not a Bank!" whenever you plan to introduce any measure to lower a risk?

@mrclark @Newk This can be a reasonable risk assessment though: take a worst case scenario, if you can recover from that with acceptable loss, do nothing. I think the hard part is get people to do the math properly, e.g. what if you have to do recovery two weeks in a row, what is the likelihood of that happening...

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00926180

__multf3

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00926180.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00926180.json&colors=light

CVSSv3 10.0 (AV:N/PR:H/../../../../etc/passwd)

#directorytraversalmemes

@wdormann how many similar bugs must be in there if this one took this long to surface??

One Bug to Rule Them All: Stably Exploiting a Preauth RCE Vulnerability on Windows Server 2025
https://i.blackhat.com/Asia-25/Asia-25-Peng-One-Bug-to-Rule-Them-All.pdf

@edwardzpeng @ver0759

And per the excellent folks at watchTowr, we can see what the vulnerability is:
A stack buffer overflow in X-Forwarded-For

No need to find a specific endpoint or do something clever. Simply make a web request to anywhere on an ICS system with a large X-Forwarded-For HTTP header and you'll get a stack buffer overflow on the system. 🤦‍♂️

And due to the fact that the Ivanti web server does a fork() without a corresponding exec(), we get the same memory layout every single time.

Now, about Ivanti's use of remediated... The function where the overflow happens just happens to have been rewritten in a way that avoids the overflow.

Did Ivanti recognize the possibility of a stack buffer overflow and not recognize it as a security issue? Or did they just happen to change code to accidentally avoid the overflow (and decide to use exploit mitigations as well).

You decide...

Probably the highlight of all the varieties, meet its holiness the god-tier inductor.

I would really love to hear the rationale behind (hehe) this design.

Trump’s new tariff math looks a lot like ChatGPT’s

https://www.theverge.com/news/642620/trump-tariffs-formula-ai-chatgpt-gemini-claude-grok

The reason I get so annoyed about people pitching LLMs as a way to 'democratise programming' or as end-user programming tools is that they solve the wrong problem.

The hard part of programming is not writing code. It's unambiguously expressing your problem and desired solution. Imagine if LLMs were perfect programmers. All you have to do is write a requirements document and they turn it into a working program. Amazing, right? Well, not if you've ever seen what most people write in a requirements document or seen the output when a team of good programmers works from a requirements document.

The most popular end-user programming language in the world (and, by extension, the most popular programming language), with over a billion users, is the Calc language that is embedded in Excel. It is not popular because it's a good language. Calc is a terrible programming language by pretty much any metric. It's popular because Excel (which is also a terrible spreadsheet, but that's a different rant) is basically a visual debugger and a reactive programming environment. Every temporary value in an Excel program is inspectable and it's trivial to write additional debug expressions that are automatically updated when the values that they're observing change.

Much as I detest it as a spreadsheet, Excel is probably the best debugger that I have ever used, including Lisp and Smalltalk.

The thing that makes end-user programming easy in Excel is not that it's easy to write code, it's that it's easy to see what the code is doing and understand why it's doing the wrong thing. If you replace this with an LLM that generates Python, and the Python program is wrong, how does a normal non-Python-programming human debug it? They try asking the LLM, but it doesn't actually understand the Python so it will often send them down odd rabbit holes. In contrast, every intermediate step in an Excel / Calc program is visible. Every single intermediate value is introspectable. Adding extra sanity checks (such as 'does money leaving the account equal the money paid to suppliers?') is trivial.

If you want to democratise programming, build better debuggers, don't build tools that rapidly generate code that's hard to debug.

This thread you guys 🤔 my vote goes to UD2
https://www.quora.com/What-are-the-5-most-absurd-x86-assembly-instructions

Are you FUCKING KIDDING ME

About 10% of Apple's $3T market cap got wiped out today.

That $1M inauguration investment currently has a return of -$300B.

I'm glad to announce that - probably as a result of careful shitposting yesterday - Nicole, the Fediverse Chick noticed me!