@foone PythonForWindows worked pretty well for me for ALPC based stuff: https://github.com/hakril/PythonForWindows

#Webmin: a critical security vulnerability discovered in a widely-used web-based system administration tool, allowing authenticated attackers to escalate privileges to root level and execute code.
Caused by CRLF injection: CVE-2025-2774 (CVSS 8.8)
👇
https://cybersecuritynews.com/webmin-vulnerability-escalate-privileges/

New Project Zero issue:

Firefox: JavaScript can run during XSLTProcessor transform, leading to use-after-free

https://project-zero.issues.chromium.org/issues/389079450

CVE-2025-3028

Software is like entropy. It is difficult to grasp, weighs nothing, and obeys the second law of thermodynamics; i.e. it always increases.

Oh, right. I should share how to debug WG issues better, shouldn't I?

echo "module wireguard +p" | doas tee /sys/kernel/debug/dynamic_debug/control

On both sides of the tunnel. That'll surface errors like a packet having an unwallowed source IP.

Do the same thing with -p instead of +p to turn the debug messages off.

@algernon I remember having a similar issue, details a bit foggy but I think switching on which peer the keepalive was detected solved the problem. A symptom was that I could ping A->B only after I sent out a bunch of B->A pings.

Tech Companies Apparently Do Not Understand Why We Dislike AI

It's becoming increasingly apparent that one of the reasons why tech companies are so enthusiastic about shoving AI into every product and service is that they fundamentally do not understand why people dislike AI. I will elaborate. I was recently made aware of the Jetbrains developer ecosystem survey, which included a lot of questions about AI. After I answered some of them negatively (and possibly…

http://soatok.blog/2025/05/04/tech-companies-apparently-do-not-understand-why-we-dislike-ai/

Wrote a wrapper for Linux’s HID descriptor parser so I can fuzz it with libFuzzer: https://github.com/worthdoingbadly/hid-parser-harness

I’m still trying to figure out the USB uninitialized memory issue from that Amnesty International report, so I made it abort when it sees a 0xbe byte (ASan fills uninitialized malloc’d buffers with this).

#TeleMessage, that app used by the #Trump administration to archive Signal messages, has been #hacked. The #hacker managed to get some users' #Signal group chats and messages too. This is a hugely significant #breach not just for those individual customers, but also for the U.S. government more widely. #natsec #nationalsecurity https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/ #government #democracy #trump #hegseth

May the 5th Element be with you.

#MayThe5th #MultiPass

@siina wrong link sorry, this is the correct one: https://js.wiki/

@siina https://js.wiki/ (edited) is pretty nice for simple stuff.

Sorry, I have a nasty hangover...

Quick note: https://arm.jonpalmisc.com/ has been updated to the latest version of the Arm spec. Any changes should be strictly improvements, but let me know if something seems off.

👊

One of M&S’ biggest suppliers have said they have reverted to pen and paper for orders due to M&S lacking IT.

Additionally, M&S staff are raising concern about how they will be paid due to lack of IT systems.

M&S are over a week into a ransomware incident and still don’t have their online store working.

https://www.bbc.com/news/articles/cvgnyplvdv8o

#threatintel #ransomware

I know this is gatekeeping, but spammers who can't replace "%victim%" should just leave the industry.

Want to see something cursed?

It's the Linux kernel 4.19 building *natively* under Windows XP under Services for UNIX. The amount of effort to get this far was immense ...

EDIT: Follow the adventure at https://YouTube.com/c/NCommander

Sent from Utrecht, Netherlands on August 21, 1995. https://postcardware.net/?id=37-32

The latest WatchTowr post reminded me of this classic:

https://www.youtube.com/watch?v=jTfwpWj4eqA

Miss this band :(

#punk #music