[RSS] The life and times of an Abstract Syntax Tree

https://blog.trailofbits.com/2024/05/02/the-life-and-times-of-an-abstract-syntax-tree/

[RSS] Hydra: Generalizing Peephole Optimizations with Program Synthesis [PDF]

https://users.cs.utah.edu/~regehr/generalization-oopsla24.pdf

BASIC is 60 years old. Here's a message - maybe more relevant than ever - from one of its inventors, John G. Kemeny:

"The most dangerous voice you will ever hear is the evil voice of prejudice that divides black from white, man from woman, Jew from gentile. Listen to the voice that says man can live in harmony. Use your very considerable talents to make the world better."

https://cis-alumni.org/JKemeney.html

Someone on Tumblr has made a concept for a Tarot Card deck made out of ISO hazard symbols and it goes hard:

https://www.tumblr.com/medusasstory/749203130036699136/this-is-a-nice-sign-to-look-at-1010-for

Edit: apparently this image was a WIP version, a final, printable version is available here: https://organical-mechanical.itch.io/iso-tarot

Good luck everyone!

#DEFCON #CTF
https://defcon.social/@nautilusinstitute/112344576931750426

😡 @EDPS is giving up on its @Mastodon and @peertube experiment because it couldn’t find an EU agency to continue operating it.

I hope @EU_Commission can find a new home for it before May 18th as the executive body.

https://www.edps.europa.eu/press-publications/press-news/press-releases/2024/edps-decentralised-social-media-pilot-end-successful-story_en

As a user,
I want your application to randomly steal focus
So that,
I enter my password managers main password into a chat box

MS-DOS is now open source, so in a time honored tradition. Lets look for curse words!

https://github.com/microsoft/MS-DOS

remember how Naomi fucking told us this a YEAR AGO and no one wanted to believe it until the government knocked on her door and she can't post anymore?

https://www.technologyreview.com/2024/04/24/1091740/chinese-keyboard-app-security-encryption/

Cisco warns that a group of state-sponsored hackers has exploited two zero days in its ASA security appliances to spy on government networks over the last several months. Sources close to the investigation tell us they suspect China. https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks/

Around 1985, ISI (Information Storage Inc.) introduced their 525 WC Optical Storage System. This was one of a number of magneto-optical disc storage formats introduced in the mid-1980s, and allowed users to record data to an optical disc in the days before CD-R and CD-RW.

Single-sided and double-sided discs were available, with a capacity of 115 or 230 MB respectively. The discs were pre-formatted, and were WORM (write-one, read many) capable.

Find out more at https://obsoletemedia.org/isi-525-wc/

are you for fucking real, GitHub?

I’ve been writing a lot of stories about state-sponsored cyberespionage by China. The case we’re revealing today is a prime example of this, telling the story of a five-year campaign against one of the key players in 🇩🇪 the Volkswagen group

The hackers started back in 2010, with initial mapping of the infrastructure and then, until 2015, tried to siphon data out of VW networks – repeatedly and successfully so. Even though VW removed the hackers, they kept coming back.

Very often companies do not know what the hackers were after because the hackers have deleted their traces until the time anoybody notices their presence. In this case, it was different: Volkswagen CERT was able to restore RAR-archives, giving rare insight into the tasking.

SPIEGEL:
https://www.spiegel.de/netzwelt/web/volkwagen-vw-konzern-wurde-jahrelang-ausspioniert-von-china-a-f9971315-c342-42b5-b97b-8650b91d60d4 (€)

ZDF:
https://www.zdf.de/nachrichten/wirtschaft/volkswagen-china-hacking-industriespionage-emobilitaet-100.html

"I deleted keys generated by our TV for 5 straight minutes. 5 Minutes of like 200BPM clicking. I restarted. Everything worked again. I laughed so hard I cried. I felt like I'd solved a murder."

Tech people, THIS IS A GREAT FANTASIC READ!!!

The title is, "DO NOT BUY HISENSE TV'S"

https://cohost.org/ghoulnoise/post/5286766-do-not-buy-hisense-t
#Tech #Android #TV #Debug

Cisco zero-day (PoC publicly disclosed): Cisco Integrated Management Controller CLI Command Injection Vulnerability CVE-2024-20295 (8.8 high) 🔗 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ

A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.

#zeroday #proofofconcept #vulnerability #Cisco #vulnerability #CVE_2024_20295

Some positivity.

Are we human? or are we dancer?
Introducing HydraDancer: A new hardware board and open source firmware for faster USB peripheral emulation.
The Facedancer legacy lives on!
If only we've gone faster it is because we relied on the previous work of our good neighbors

Thiébaud Fuchs tells the story here
https://blog.quarkslab.com/hydradancer-faster-usb-emulation-for-facedancer.html

a git cheat sheet