“Admiral Grace Hopper’s landmark lecture is found, but the NSA won’t release it “: https://www.muckrock.com/news/archives/2024/jul/10/grace-hopper-lost-lecture-found-nsa/
(I heard her speak at Chapel Hill when I was in grad school. Sadly, she did not hand out nanoseconds at that talk.)

"adhd is a new thing" is very funny to me, you used to be able to buy amphetamines over the counter, anyone with it could self medicate

much like erdős did, heh

a close friend bet him $500 he couldn't last a month without them. he did

"you have set mathematics back by a month"

gambling is the only non-substance addiction disorder recognized in the American Psychiatric Association’s DSM-5 🤔 good thing modern smartphone use is totally unlike gambling in any way whatsoever

#shitpost

My blog post about several findings in Dynamics 365 Business Central. I tried writing in a .NET primer style for code audit beginners.

https://frycos.github.io/vulns4free/2024/07/10/dynamics-ups-and-downs.html

VMware security advisory: VMSA-2024-0017
CVE-2024-22280 (8.5 high) SQL-injection vulnerability in VMware Aria Automation: An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. No mention of exploitation.

#VMware #PatchTuesday #CVE_2024_22280 #vulnerability #CVE

Only something this useless could be this educational https://robertheaton.com/pyskywifi/

Pwn2Own: WAN-to-LAN Exploit Showcase TP-Link ER605 routers and Synology BC500 IP camera - Part 1: WAN https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase

Stacey Marshall, the current sendmail maintainer for #OracleSolaris, has blogged about disabling the CR+LF requirements for SMTP newly enforced in Solaris 11.4.68 and later due to the fix for CVE-2023-51765, for sites stuck with non-compliant SMTP senders:
https://staceymarshall.wordpress.com/2024/07/09/configuring-sendmail-srv_feature/

(Though that should be a short-term solution until you can get the software senders updated to follow the SMTP RFCs.)

If you missed it: "Run Your Own Mail Server" is now on preorder from my site. You could get ebooks, signed paperback, or signed hardcover. #ryoms #sysadmin

Or give up the Internet and improve your life. Whichever.

https://www.tiltedwindmillpress.com/product/ryoms-preorder/

It's Patch Tuesday once more. While #Adobe had a tiny release, #Microsoft had one of their biggest months ever - including two 0-days under active attack. Join @TheDustinChilds as he breaks down all the details. https://www.zerodayinitiative.com/blog/2024/7/9/the-july-2024-security-update-review

🗑️ From File Delete to RCE 🔥

In part 2 of our Gogs series, we revisit how attackers can use weak primitives for a big impact! These vulnerabilities are still unpatched; don't miss the details:

https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-2/?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=blog-gogs-vulnerabilities-1-240709-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=mastodon

#appsec #security #vulnerability #golang

The interesting thing about OpenAI pleading that they cannot build their systems if they have exclude or license copyrighted materials isn't the fact that "if you can't afford to run your business while complying with the laws you have no business". It's the fact that they believe that creating their stochastic systems is such a good and human goal per se that they can throw it in against all the externalities and still come out winning.

Sam Altman is a cynic who only cares about getting richer and says whatever leads there. But many other people in that space are actual believers in the religion of #AI.

https://futurism.com/the-byte/openai-copyrighted-material-parliament

'Don’t say “Europe should invest in secure communications”, write out that the European Commission should procure a secure email solution that does not fall under US spying legislation' - https://berthub.eu/articles/posts/europe-must-invest-in-xyz/?redo=1

NEW: Apple has removed several VPN apps from the App Store in Russia after the government censorship agency flagged the apps, according to app makers.

VPN makers shared a letter they received from Apple with us.

"We are writing to notify you that your application, per demand from Roskomnadzor will be removed from the Russia App Store because it includes content that is illegal in Russia," the letter read.

Apple, for now, doesn't comment.

https://techcrunch.com/2024/07/08/apple-removes-vpn-apps-at-request-of-russian-authorities-say-app-makers/

Exploiting An Enterprise Backup Driver For Privilege Escalation - CVE-2023-43896 https://northwave-cybersecurity.com/exploiting-enterprise-backup-software-for-privilege-escalation-part-two

Flickr album for the Classical Computing Laboratory at IBM Poughkeepsie launch: https://www.flickr.com/gp/200991657@N06/1o1e4FYuvX

Rust, but it's on Plan9. #rust #plan9

In this blog, we dive deep into how the automation employed by the recently-formed Linux CNA managed to take a detailed, unrestricted vulnerability report for their 5.10 LTS kernel, and produce an error-filled CVE unhelpful for downstream consumers: https://grsecurity.net/cve-2021-4440_linux_cna_case_study

My friend Thalia has published a regexp museum! 🥳 have a visit!

https://github.com/thaliaarchi/regexp-museum

#regex #museum