📢 It's here! Part two of Norbert Szetei's (@sine) research into ksmbd. See how customized fuzzing & selecting the right sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.

https://blog.doyensec.com/2025/09/02/ksmbd-2.html
#doyensec #appsec #security #fuzzing

[RSS] Dubious security vulnerability: Remembering passwords for recently-opened ZIP files

https://devblogs.microsoft.com/oldnewthing/20250902-00/?p=111544

[RSS] Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel

https://swarm.ptsecurity.com/kernel-hack-drill-and-a-new-approach-to-exploiting-cve-2024-50264-in-the-linux-kernel/

@gsuberland

@GossiTheDog @MisuseCase Ahh I see thx!

@MisuseCase np, I tried to address @GossiTheDog anyway :)

@GossiTheDog @MisuseCase I mean CTXS stock

@GossiTheDog @MisuseCase Neat! It'd be cool to show threats drive down product use predictably! Stocks on the other hand seem pretty stable, so I still don't know what this all tells about the market...

@MisuseCase @GossiTheDog I also think this is the true cause of the decline, vulns probably just correlate (evidence: every other product with frequent ItW vulns)

@sir_pepe TIL thanks! I'll have to check the availability in Kaitai...

@sir_pepe 64-bit integers when?

🤯🚨 BREAKING NEWS 🚨🤯

In a shocking development, new additions to the #ECMAScript standard WILL UNLEASH THE HERETOFORE UNAVAILABLE POWER OF ADDITION _IN JAVASCRIPT_ upon the world!

👉 https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/sumPrecise

Only works in Firefox ATM. Like, Chrome and Safari can't even add numbers currently.

#javascript #webdev

Eerie Linux posted an extensive introduction to using CP/M that assumes no previous knowledge of early operating systems. They also link to other posts they wrote on the evolution of CP/M.

https://eerielinux.wordpress.com/2025/08/28/a-gentle-introduction-to-cp-m

#cpm #retrocomputing #os

Ksmbd Fuzzing Improvements and Vulnerability Discovery https://blog.doyensec.com/2025/09/02/ksmbd-2.html

[RSS] Linux I/O Port Access Checks on x86_64

https://u1f383.github.io/linux/2025/09/02/linux-io-port-access-checks-on-x86_64.html

go to the cloud they said
it'll be fine they said
https://www.bleepingcomputer.com/news/security/zscaler-data-breach-exposes-customer-info-after-salesloft-drift-compromise/

@lintile buuut IIRC WEP's flaw was unrelated to RSA (on the shirts), but WEP's key size *was* limited because of export controls:

https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy

@lintile FTR here's the code and the design: http://www.cypherspace.org/adam/rsa/

Your #DFIU category today is OG HACKER SHIRTS

This Ron Rivest 1987 cipher, illegal to export from the US (mathematical munitions), fit on 3 lines of Perl and adorned t-shirts as a form of civil disobedience before becoming the WEP protocol's greatest weakness