Ever heard of Kati Kariko?

https://www.nytimes.com/2021/04/08/health/coronavirus-mrna-kariko.html

Time for an Arm-twist! CVE-2023-4039

Tom Hebb (Meta red team) and I discovered an 0day in GCC (for AArch64 targets) during my Arm exploitation training.

It renders stack canaries against overflows of dynamically-sized variables useless.

https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64

🤣

Funny-not-funny that the author of Musk's hagiography issues a correction (on the deadbird site, of course) for what Musk told him during the reporting for the book.

Also a reminder that the author withheld a huge story from the public for more than a year in order to have a scoop in his book.

Remembering Dennis Ritchie, born this day 1941. I had the great privilege of working with Dennis during my summer at Bell Labs. This is his "What am I doing in a suit?" photo. #UNIX #BellLabs

We need an EU regulation to mandate that all internet-connected devices must have a mechanism to disable internet access entirely and remain functional indefinitely, at whatever capacity is technically possible.

Want to have an app to control your dumb gadget? That fucker can use bluetooth, there is no legitimate reason to require an account on the vendor's website, which they can block at any time, harvest data from at any time, get hacked, and also make your lightbulbs unable to turn off if us-east-1 is down.

I want an apology from all the mansplainers that mocked my belief that privatizing NASA and relying this heavily on SpaceX would undermine the national security policy of the United States.

https://t.co/WoMI4XEPhE

did you know that 100 years ago there were *electromechanical* radio transmitters?

these things are so crazy, you just have to read this

(photo from https://en.wikipedia.org/wiki/Grimeton_Radio_Station#/media/File:Alexanderson_Alternator.jpg)

Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft

These are the first 6 companies designated as ‘gatekeepers' under the Digital Markets Act.

They have 6 months to ensure their core platform services comply with our rules, including:

✔ Allowing users to unsubscribe and remove pre-installed services
✔ Allowing the download of alternative app stores

❌ Banning tracking outside of their services without consent
❌ Stopping ranking their products more favourably

➡ https://europa.eu/!NbfBbn

#DMA

Techbros: self driving cars are inevitable!

Also techbros: prove you are human by performing a task that computers can’t do, like identifying traffic lights.

#software #unexplained

I hope everyone is having a great weekend!

This is my periodic reminder to support your instance - nearly all instances are free and rely on donations to pay the bills. I very much appreciate donations to Infosec.exchange, and I know that some other instances may be struggling financially. If you are in a position to donate to your instance, especially for those people on other instances, please consider donating. You can usually find the link to donate to your instance on the instance’s about page (such as Infosec.exchange/about).

My thanks to everyone who does support their instance. And there is zero problems (for me at least) with those that can’t afford it. These are tough times for many, and I think it’s vitally important to provide a reliable and useful social network outlet that is available to everyone.

Thank you!

Exactly 20 years and 20 minutes ago, this happened.

A man in Saudi Arabia has been sentenced to death for his tweets, and surprise: Elon Musk is NOT funding his legal bill as promised because there's a good chance that the necessary data to identify this man came from the second largest shareholder of Twitter: the Saudi prince Alwaleed bin Talal.

Musk has been awfully silent about this as you can't really make your “freedom of speech!!” argument when you assist with killing a retired teacher for the regime critic posts they made on your platform, only possible because that regime owns a huge chunk of “your” platform.

A colleague spent his 6-month internship reversing Starlink's dish.
Here are the results and the tools he built. Nice work on nicely engineered hardware.

https://blog.quarkslab.com/starlink.html

#infosec at it's finest.

A renegade certificate is removed from Windows, then returns. Confusion ensues."

https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/

I updated my WordPress plugin that warns your site's visitors if they don't have an ad-blocker installed.

https://wordpress.org/plugins/detect-missing-adblocker

EDIT: You can now fully customize the note, including links to plugins and browser extensions you want to suggest.

By default, a link to my blog with a list of popular options will be shown.

https://stefanbohacek.com/project/detect-missing-adblocker-wordpress-plugin/#resources

Happy to get more recommendations!

#wordpress #webdev #WebDevelopment #ads #AdBlocker #OpenWeb #IndieWeb