@G33KatWork constraints induce creativity: finishing the project without *that* part is almost like writing a haiku :)

@d_olex @whitequark oh I think I misunderstood! I'm concerned about how NDAs the Red Team is usually subject to (the target, data from their systems, etc) can be compatible with these third party services.

#BOFH excuse #225:

It's those computer people in X {city of world}. They keep stuffing things up.

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75ad42e40

powf

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ad42e40.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ad42e40.json&colors=light

@d_olex @whitequark Honest question: how is the NDA compatible with SaaS models?

I'm a really weird stage in my career - a bad point - where I'm having to go to prominent industry leaders and be like 'you realise that article you just shared about 90% of ransomware being from GenAI isn't real' constantly.

100% think a load of these people are thinking I don't know what I'm on about, because 1000 other industry leaders have told them about GenAI ransomware.

It's really interesting to watch though as basically China has played a blinder, Chinese whisper panic basically.

@lcamtuf Thank you for "nerd lore", I add it to my dictionary!

Dear designers: scrollbars are useful and exist for a reason. Don't hide them, please.

See that the procedures adopted are as inconvenient as possible for the management, involving the presence of a large number of employees at each presentation, entailing more than one meeting for each grievance, bringing up problems which are largely imaginary, and so on.

Every now and then, someone shares a hilarious Kagi result. Now they'll have a place in the Kagi Bloopers hall of fame:

https://help.kagi.com/kagi/bloopers/

We've integrated with Surveillance Watch, an interactive database that documents surveillance and spyware entities.

When searching for an entity that appears on their list, we'll display a banner on its domain to alert you that it's a known surveillance tech provider.

#Kagi #Search #Surveillance #Spyware #Privacy

Binary Ninja 5.2, Io, is live and it's out of this world! https://binary.ninja/2025/11/13/binary-ninja-5.2-io.html

With some of our most requested features of all time including bitfield support, containers, hexagon, Ghidra import, and a huge upgrade to TTD capabilities, plus a ton more, make sure to check out the changelog!

This is my new favorite #design #fail.

Your periodic reminder that most CLI password prompts accept Ctrl+U to fully clear input so you can try again. Leave that backspace key alone.

@ricci

Not just natural language processing. It’s also the largest public archive of spreadsheets. When I was at Microsoft, a bunch of projects used it. For example, when the TypeScript version of the Excel calc engine wanted to see how good their coverage was, they tried to see how many of the Enron sheets they could correctly calculate (as in, give the same answers as desktop Excel, not give the answer without all of the fraud).

It sometimes surprises me to learn that there are people who don't know that one of the first really big datasets used to train and evaluate computer language and social models was (and still is) a bunch of internal emails from Enron.

Yes, that Enron. Collected as part of the investigation into its collapse.

https://en.wikipedia.org/wiki/Enron_Corpus

@cR0w As my bio says "I'm interested in all kinds of astronomy" :)

Y'all like AIX vulns, right? How about four of them? Okay well what if three are sev:CRIT? Fine, one is a perfect 10 if that's what it takes to get y'all to care. 🥳

https://www.ibm.com/support/pages/node/7251173

Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands (CVE-2025-36251, CVE-2025-36250), obtain Network Installation Manager (NIM) private keys (CVE-2025-36096), or traverse directories (CVE-2025-36236). These vulnerabilities are addressed through the fixes referenced as part of this bulletin. These vulnerabilities are exploitable only when an attacker can establish network connectivity to the affected host.

I wrote a proof-of-concept and writeup for CVE-2025-48593, an Android Bluetooth issue that only seems to affect devices that act as Bluetooth headsets / speakers. (i.e. NOT phones, only smartwatches/wearables/cars. And only after pairing. So you can stop worrying.)

https://github.com/zhuowei/blueshrimp

It should be a use-after-free; I haven’t gotten it to do anything interesting though.

So far, I was only able to get a null pointer deref (without malloc debug) or an attempted write to library rodata (with malloc debug).

Today, we're launching SlopStop: Community-driven AI slop detection in Kagi Search.

Join our collective defense against AI-generated spam and content farms:

https://blog.kagi.com/slopstop

#Kagi #Search #AISlop