@mcc mathcore/math rock? E.g.: https://www.youtube.com/watch?v=D4-erceTpc8

Edit: or simply Tool...

New assessment for topic: CVE-2025-41232

Topic description: "Spring Security Aspects may not correctly locate method security annotations on private methods ..."

"On May 19 2025, Spring released an [advisory](https://spring.io/security/cve-2025-41232) warning that Spring Security versions before `6.4.6` were vulnerable to a flaw in how Spring security annotations were identified and processed, that could lead to annotations being ignored on private methods, potentially leading to authorization bypasses on those private methods ..."

Link: https://attackerkb.com/assessments/c3734c78-c018-4e5f-9c70-b5f3c074a411

[RSS] Micropatches Released for Preauth DoS on Windows Deployment Service (CVE-2025-29957)

https://blog.0patch.com/2025/05/micropatches-released-for-preauth-dos.html

Good bathroom reads.

Unfortunately the #OpenStreetMap wiki is very slow today. We are fighting an aggressive web scraper bot. 10,000 of IPs involved. Randomised User-Agent. Ignoring robots.txt #aibot #ddos

Update: Fixed. We've been able to mitigate the bot traffic. #fail2ban

@nicemicro Yes I also have concerns about how restrictions could be implemented in practice.

Thank you, it's good to see that civilized arguments are still possible online!

@david_chisnall @kenshirriff Just for the record, I find this part of AS/400 history pretty fascinating (from Inside AS/400, by Frank Soltis) :)

@psa @algernon I'm not fully confident that an 8 years old codebase can handle todays mess on the web...

@Ember @algernon Thanks I'll give these a shot!

@algernon Thanks, really appreciated!

@algernon Are you aware of any recursive mirroring tools? My searches so far only turned up wget (which is severely limited) and ArchiveBox (that doesn't support full mirrors either) :(

@algernon Does Readeck support full domain mirroring? I can't seem to find a definite answer...

@TarkabarkaHolgy ICYMI: https://www.youtube.com/watch?v=JVl7obdh81k

Looks like @bluehatil talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make it: https://youtu.be/Dk2rLO2LC6I

@david_chisnall @lauriewired @kenshirriff I didn't mean offense towards CHERI (or IBM i), I find all of these concepts really interesting even if some of them didn't turn out to be widely adopted or even useful.

It looks like Kerio Control was PWNed with a Pre auth RCE! We're going through the exploit now to see everything works like it should #TyphoonCon25

[RSS] CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender

https://www.netspi.com/blog/technical-blog/red-teaming/elevating-privileges-with-sonicwall-netextender/

[RSS] The Windows Registry Adventure #8: Practical exploitation of hive memory corruption

https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html

@nicemicro @Hazzbenn @twipped

(I attempt to reply to all of your 3 replies, hope it won't cause confusion)

First, I don't think I ever argued about scraping public online content, the original CD ripping analogy is about non-free works, and "AI" companies do scrape copyrighted works (e.g. OSS with non-commercial license clauses).

Second, my little joke is only an example of how scale can change how you want to do business with the other party, independently from the goods or services being exchanged (I.C.M. probably won't give away even 10 cones at once, even though their cost would still be negligible). And yes, copyright probably has to change in order to account for the fact that in 2025 information can be collected and processed in unprecedented scale.

The Junkyard - An End-of-Life Pwnathon is now open:

https://www.districtcon.org/junkyard

"We want you to bring your most impactful, creative, or most meme-worthy bugs in end-of-life (EOL) targets (both software or hardware), and demonstrate them live on stage."