Posts
2581
Following
629
Followers
1407
"I'm interested in all kinds of astronomy."
repeated

It may be Monday, but today is also National No Housework Day, National Beer Day and also International Beaver Day. Do with that information what you will. BEAVER_PNG

1
4
0
repeated

salt-n-pepa: *nod approvingly*

3
4
0
repeated

I wondered how OSS-Fuzz fuzzes Woff2 fonts with Brotli compression.

The answer seems to be… brute force.

https://issues.oss-fuzz.com/issues/42478986 shows a sample WOFF2 fuzzed font, and it contains a valid Brotli stream.

So oss-fuzz must be fuzzing raw WOFF2 fonts without a special mutator.

Yet it works: OSS-Fuzz coverage shows 93% coverage on the WOFF2 decoder:

https://storage.googleapis.com/oss-fuzz-coverage/freetype2/reports/20250404/linux/src/freetype2-testing/external/freetype2/src/sfnt/report.html

It works, but the uncovered lines are the error lines… As if there’s not enough executions to actually hit the error cases…

looking at the execution coverage:

https://storage.googleapis.com/oss-fuzz-coverage/freetype2/reports/20250404/linux/src/freetype2-testing/external/freetype2/src/sfnt/sfwoff2.c.html

71.2k makes it to woff2_open_font 57.3k makes it to woff2_decompress 14.7k makes it to reconstruct_font 8.68k makes it to the end of woff2_open_font

1
4
0
repeated
repeated

I look away for 5 minutes and Annie goes and makes herself home in the vacant spot in the rack,

Little baby

5
9
1
repeated

I laughed out loud

3
11
0
repeated
repeated
repeated
repeated

Be like Ronin...

"Hero rat sets Guinness World Record for detecting landmines"

https://taskandpurpose.com/tech-tactics/ronin-landmines-rat-guinness-world-record/

via @TaskandPurpose

0
3
1
@th @babe I love the user interface! Two buttons:
1. Power
2. Destroy

#simplicity
0
0
3
repeated
Edited 24 days ago
(CVE-2025-3155) Arbitrary file read by abusing ghelp scheme

https://gitlab.gnome.org/GNOME/yelp/-/issues/221

"Yelp, the GNOME user help application, allows help documents to execute
arbitrary JavaScript. A malicious help document may exfiltrate user files
to a remote server. A malicious website may download a help document
without user intervention, then trick the user into opening a ghelp URL
that references the help document. This notably requires the attacker to
guess the filesystem path of the downloaded help document."

And we just discussed old-school .HLP exploits the other day...

#EnoughEyeballs
0
0
2
repeated

I learned about the “500 mile email" bug the other night and it really is a rather amazing story. If you work with tech I think you'll really appreciate this one: https://www.ibiblio.org/harris/500milemail.html

1
7
0
# ./mpclient_x64 ../eicar.com 2>&1 | fgrep EngineScanCallback 

EngineScanCallback(): Threat Virus:DOS/EICAR_Test_File identified. 

happy dance

1
2
7
@wdormann also the prevalence of attacks + ease of exploits
0
0
1
Show older