Seriously, this HAS to be insider trading.

Come on! First you announce tariffs, every stock tanks, you play the hard to get dude and proclaim with a swollen chest that there will be no delays, everything tanks even more.

And now you delay everything by 90 days? In the mean time your buddies bought everything at a low and now the stock recovers.

Come the fuck on!

pleased to hear the penguins have won the trade bargains

#USpolitics #USpol

NEW: A recently published court document shows the locations of WhatsApp victims targeted with NSO Group's spyware.

The document lists 1,223 victims in 51 countries, including Mexico, India, Morocco, United Kingdom, United States, Spain, Hungary, Netherlands, etc.

This targeting was over a span of around two months in 2019, according to WhatsApp's lawsuit against NSO Group.

http://techcrunch.com/2025/04/09/court-document-reveals-locations-of-whatsapp-victims-targeted-by-nso-spyware/

Just saw it mentioned on LWN, handy site for checking which distros enable a certain config option: https://oracle.github.io/kconfigs/?config=UTS_RELEASE&... Just replace UTS_RELEASE with whatever config option name minus CONFIG_, for example: https://oracle.github.io/kconfigs/?config=CFI_CLANG&...

Splitting water into hydrogen and oxygen takes more energy than it theoretically should, which is partly why it's not used on a large scale to generate hydrogen fuel.

Now scientists know why – and it's all down to a feat of nanoscale gymnastics.

https://physicsworld.com/a/splitting-water-takes-more-energy-than-theory-predicts-and-now-scientists-know-why/

#physics #chemistry #science

@wdormann "defenders think in lists, attackers think in graphs" vibes

🔴 Our @reconmtl talk of last year has been published!

"Path of rev.ng-ance: from raw bytes to CodeQL on decompiled code"

Check it out: https://www.youtube.com/watch?v=0lrhCV14nVE

@disconnect3d The chosen implementation also depends on the copy size, right?

@disconnect3d https://github.com/v-p-b/reversing-memcpy-again

A call to memcpy() in a single binary that uses glibc may behave in 12 different ways depending on the features of the specific x86-64 CPU you run it on.

Here is a list of those impls in glibc:

https://github.com/bminor/glibc/blob/12a497c716f0a06be5946cabb8c3ec22a079771e/sysdeps/x86_64/multiarch/ifunc-impl-list.c#L1174-L1218

Fwiw this may matter a lot during binary exploitation. This was important in a challenge from PlaidCTF 2025. E.g. passing a negative (or: very huge) length allowed you to write past a buffer without a crash (the given implementation was not doing a wild copy).

#linux #binaryexploitation #ctf

Hardening the Firefox Frontend with Content Security Policies
https://attackanddefense.dev/2025/04/09/hardening-the-firefox-frontend-with-content-security-policies.html

This meeting could have been a nap.

Here’s the #Ghidriff output for CLFS.sys 10.0.20348.3328 vs. 10.0.20348.3453, likely corresponding to the CVE-2025-29824 use-after-free LPE:

https://gist.github.com/v-p-b/8c43fb8e0d72814dcd03764d478622ce

[RSS] The SQL Server Crypto Detour

https://posts.specterops.io/the-sql-server-crypto-detour-5ff9ac7033de?source=rss----f05f8696e3cc---4

[RSS] The April 2025 Security Update Review

https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review

[RSS] A small bug in the signature verification of AOSP OTA packages

http://blog.quarkslab.com/aosp_ota_signature_bug.html

[RSS] Enter the IBM z17 mainframe with Telum II (more clues for Power11?)

https://www.talospace.com/2025/04/enter-ibm-z17-mainframe-with-telum-ii.html

Announce: OpenSSH 10.0 released

https://www.openwall.com/lists/oss-security/2025/04/09/1

Oh is it time for another Fortinet crit again? Unauthenticated admin password change in FortiSwitch.

CVE-2024-48887, CVSSv3 9.3

https://fortiguard.fortinet.com/psirt/FG-IR-24-435

#CVE #ThreatIntel

@rickoooooo @GossiTheDog @sadarex Thanks, this is a great resource: I think the main point here is that it was the Secretary of Defense, and two USIP board members who "fired" Moose (see the linked letter on X). Whether they had the authority to do that is disputed, but nobody even claims DOGE has any authority in this case, they just showed up like flies around a carcass.

Amazingly, DOGE seems to be a meme: their power is that people assume they have power (note that the top article doesn't even mention DOGE).