Looks like @bluehatil talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make it: https://youtu.be/Dk2rLO2LC6I

@david_chisnall @lauriewired @kenshirriff I didn't mean offense towards CHERI (or IBM i), I find all of these concepts really interesting even if some of them didn't turn out to be widely adopted or even useful.

It looks like Kerio Control was PWNed with a Pre auth RCE! We're going through the exploit now to see everything works like it should #TyphoonCon25

[RSS] CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender

https://www.netspi.com/blog/technical-blog/red-teaming/elevating-privileges-with-sonicwall-netextender/

[RSS] The Windows Registry Adventure #8: Practical exploitation of hive memory corruption

https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html

@nicemicro @Hazzbenn @twipped

(I attempt to reply to all of your 3 replies, hope it won't cause confusion)

First, I don't think I ever argued about scraping public online content, the original CD ripping analogy is about non-free works, and "AI" companies do scrape copyrighted works (e.g. OSS with non-commercial license clauses).

Second, my little joke is only an example of how scale can change how you want to do business with the other party, independently from the goods or services being exchanged (I.C.M. probably won't give away even 10 cones at once, even though their cost would still be negligible). And yes, copyright probably has to change in order to account for the fact that in 2025 information can be collected and processed in unprecedented scale.

The Junkyard - An End-of-Life Pwnathon is now open:

https://www.districtcon.org/junkyard

"We want you to bring your most impactful, creative, or most meme-worthy bugs in end-of-life (EOL) targets (both software or hardware), and demonstrate them live on stage."

Would you?

"In the Who Cares Era, the most radical thing you can do is care." – @dansinker
https://dansinker.com/posts/2025-05-23-who-cares/

"I miss the insanity of 80s processor design.

Intel’s iAPX 432 was a 'micromainframe'.

It had no general purpose registers, supported object orientation *directly*, and performed garbage collection on-chip." - Also by @lauriewired

https://threadreaderapp.com/thread/1925982635903398106.html

The i960 post by @kenshirriff is also worth checking out if you are interested in revolutionary architectures that just didn't really make it (while some concepts are still working in #IBMi and #CHERI I guess?):

https://www.righto.com/2023/07/the-complex-history-of-intel-i960-risc.html

"Want to recognize a song from just a few seconds of distorted audio? Use Constellation Maps." by lauiriewired

https://threadreaderapp.com/thread/1927474297909489852.html?s=09

A small slide deck for a 15 minute impulse talk at Cycon 2025 in Talinn: https://docs.google.com/presentation/d/1_3Iu74UijAjfSLHzqWDkDEaIwoB6WBSo9-mY5e0u0HM/edit?usp=drivesdk

[RSS] Inside GitHub: How we hardened our SAML implementation

https://github.blog/security/web-application-security/inside-github-how-we-hardened-our-saml-implementation/

[RSS] Remote Code Execution on Evertz SDVN (CVE-2025-4009 - Full Disclosure)

https://www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009

[RSS] MATLAB developer bringing systems back online following ransomware attack

https://therecord.media/matlab-developer-bringing-systems-online-ransomware

Hands off MATLAB!

🆕 New blog post! It's a rather short one, nothing crazy. Just wanted to share a random finding I made recently. 🤷‍♂️

'Hijacking the Windows "MareBackup" Scheduled Task for Privilege Escalation'

👉 https://blog.scrt.ch/2025/05/20/hijacking-the-windows-marebackup-scheduled-task-for-privilege-escalation/

#pentest #pentesting #redteam #windows #privilegeescalation

@nicemicro @Hazzbenn @twipped "I could literally go, and buy a hundred books," -> The keyword here is "buy".

To elaborate on intent: Little Girl likely won't/can't eat all the empty cones but wants to resell them (or give them away to 5000 buddies at the expense of Ice Cream Man).

As for your second reply, doing statistics _at this scale_ allows producing cheap replacement of the original works which is the CD ripping/compression problem discussed above.

@nicemicro @Hazzbenn @twipped I think this is the "copyright can't prevent learning from a book" argument which I like to respond to with a joke:

Little Girl: Ice Cream Man, how much is for an empty cone?
Ice Cream Man: Oh, you can get an empty cone for free!
Little Girl: Great, then I'd like 5000 of them!

In other words, scale (that can imply intent) matters.

this is it -- GOOD INTERNET magazine is LIVE, BABY~ 🥂 🎊 🥳

https://goodinternetmagazine.com/
https://goodinternetmagazine.com/
https://goodinternetmagazine.com/

i present the spring 2025 issue of GOOD INTERNET, featuring stories by @binarydigit, @internetarchive, @Leilukin, @greg, @surprisetalk, and SO MUCH MORE!

with only 6.5 hours to go before my surgery, the website is now launched! you can order physical or digital copies of the magazine! :) there are some initial stories on the website now, but more are coming over the next week, so keep an eye on your RSS feeds!!

‼️quick note: pre-ordered print editions will begin shipping out this week (!!!) and digital editions will go out this week as well to emails!

🙏 THANK YOU SO MUCH to EVERYONE who helped with this. thank you to the contributors (like @robb/ @echofeed, & @adam/ @omgdotlol). thank you to the writers, thank you to everyone who thought about this project, shared it with others, and got the word out. i am so so so stoked to bring y'all this.

🕛 issue 2 is in the fall! :) get your submission ideas in!!

#html #css #web #indieweb #smallweb #socialmedia #internet #enshittification #website #webdev #webdesign #neocities #indie #zine #coding #code #personalweb #blog #blogging