@cR0w https://infosec.place/notice/B49KKCZ4HPHv4zIniK

@ciaranmak Yes, accidentally blowing them up is an accepted risk.

Hear me out: The boiling point of ethanol is well within the range of operating temperatures of GPUs, so we could use all those AI datacenters to brew moonshine!

Released a tool to erase X-Gold 608 (06.15.00 iPad) baseband.
https://github.com/tihmstar/bberase_ultrasn0w

This is useful if you want to downgrade your iPhone 3G to iOS 2.0 with the matching baseband.

The exploit/payload was taken from redsn0w and some code from xerub. There isn't really anything novel here, but until now there wasn't a straightforward way to erase the baseband or to downgrade to iOS 2.0 baseband on the iPhone 3G.

@dale_price The fact that browsers used to make you click through a warning window when you encountered a HTTPS site still makes me giggle

TFW LLM keeps hallucinating

Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.

https://cyllective.com/blog/posts/lenovo-vantage

@joxean Have we tried applying microcode updates?

@dmnk ...that will do unexpected shit at the worst possible times?

This agent could've been 10 lines of Bash.

TIL Geohot is blogging:

https://geohot.github.io//blog/jekyll/update/2026/03/11/running-69-agents.html

🚨 New advisory was just published!

A critical vulnerability in UNISOC modem firmware allows one User Equipment (UE) to remotely attack another over the cellular network. By sending specially crafted malformed SDP within SIP signaling messages, an attacker can trigger memory corruption in the target modem, potentially leading to remote execution of arbitrary native code on the victim device: https://ssd-disclosure.com/unisoc-t612-rce/

@Sandfish6811 I can't dive deeper into this rn, but the linked GHSA confirms the essence of the vulnerability and the way it was introduced.

I checked and you are right that the hash is not sent back during auth, I'll probably leave a comment about this on /r/ so they can clarify.

CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/

[RSS] Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy

https://xclow3n.github.io/post/6

[RSS] How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

https://pentesterlab.com/blog/freshrss-bcrypt-truncation-auth-bypass

The exact moment software went downhill was when #mozilla changed away from this.

#retrocomputing

examples for the tcpdump and dig man pages https://jvns.ca/blog/2026/03/10/examples-for-the-tcpdump-and-dig-man-pages/

NEW: A former DOGE employee allegedly stole Americans' personal data from two large databases at the Social Security Administration, according to a new report.

The former employee allegedly put the databases on a thumb drive and wanted to use them at their new contractor job.

https://techcrunch.com/2026/03/10/doge-employee-stole-social-security-data-and-put-it-on-a-thumb-drive-report-says/

thoughtful chin scratching

https://gist.github.com/mondain/b0ec1cf5f60ae726202e?permalink_comment_id=3958696