Posts
2438
Following
590
Followers
1307
A drunken debugger

Heretek of Silent Signal
repeated

Here's one way to view the 28 transfer protocols supports.

4
7
0
repeated

Google Chrome security advisory: Stable Channel Update for Desktop
Google does not know how to count past five as they state 5 security fixes but list 6 externally reported vulnerabilities:

  1. CVE-2024-7532 (critical) Out of bounds memory access in ANGLE
  2. CVE-2024-7533 (high) Use after free in Sharing.
  3. CVE-2024-7550 (high) Type Confusion in V8.
  4. CVE-2024-7534 (high) Heap buffer overflow in Layout
  5. CVE-2024-7535 (high): Inappropriate implementation in V8
  6. CVE-2024-7536 (high) Use after free in WebAudio.

No mention of exploitation.

2
1
0
repeated
repeated

After months of digging and reporting, I have learned where Facebook's bizarre AI spam (like "Shrimp Jesus") comes from, who is making it, how it works, and how it is monetized.

Turns out Meta is directly paying people to spam FB with this stuff

https://www.404media.co/where-facebooks-ai-slop-comes-from/

1
5
0
I don't have hight expectations about security products but this one about #CrowdStrike is straight up terrifying
2
5
6
repeated
Can't look into this rn, but based on comments on the other site this Chinese post claims the #CrowdStrike bug is exploitable for LPE:
https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ
1
0
2
repeated

I have just added support in for 9.0 (currently in beta). I wrote the changes this weekend, but I had to test multiple things... anyway, enjoy it.

https://github.com/joxeankoret/diaphora/commit/232a2720d56d17acce809b6bf82a6a561c980d82

0
1
0
repeated

New fashion goals 💾

2
5
0
[RSS] Unquoted service paths: The new frontier in script kiddie security vulnerability reports

https://devblogs.microsoft.com/oldnewthing/20240723-00/?p=110032
0
0
1
[RSS] There is no mystery over who wrote the Blue Screen of Death, despite what some may want you to believe

https://devblogs.microsoft.com/oldnewthing/20240730-00/?p=110062
0
0
0
[RSS] What are the dire consequences of registering a RunOnce command from my RunOnce command?

https://devblogs.microsoft.com/oldnewthing/20240805-00/?p=110098
0
0
0
repeated
x86 ISO warning sticker
4
25
2
repeated

Last week, Public Citizen’s Rick Claypool and I filed a complaint with the Federal Election Commission based on my research into apparent campaign finance violations by the Coinbase cryptocurrency exchange.

Read the full complaint and my updated article.

Complaint: https://www.citizen.org/article/coinbase-fec-complaint/

Updated article: https://www.citationneeded.news/coinbase-campaign-finance-violation/

4
8
0
repeated

Resorts World Las Vegas announced they're performing periodic room checks for the duration of the blackhat / defcon hacking conference. When asked what they are looking for, one of the employees responded with "people hacking our stuff" ☠️

Reminds me of that old blog post by some dude who got pulled aside by the TSA so they could search his bag for "bitcoins".

https://www.404media.co/hotel-to-search-rooms-during-def-con-hacking-conference/

5
3
0
repeated

The original Pentium chip was introduced in 1993. It was the first "superscalar" x86 chip, able to run two instructions per clock cycle. I took this die photo of the chip yesterday. The chip has three metal layers; the thick lines you see are the top metal layer, mostly power and ground. The silicon itself is almost entirely obscured. Around the edges of the chip, tiny bond wires connect to the bond pads, providing the connections to the chip's external pins. 1/N

2
3
0
repeated

Currently trending on the bad place (Twitter): Leaked Wallpaper
Proof of concept for CVE-2024-38100 (7.8 high, disclosed 09 July 2024 by Microsoft Windows File Explorer Elevation of Privilege Vulnerability.

This is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.

0
1
0
[RSS] Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail

https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail
0
0
0
repeated

New from 404 Media: we got a massive leak from inside Nvidia (emails, Slack chats, documents) which show how it created a yet-to-be-released AI model. The leak shows that Nvidia scraped YouTube en masse, had clearance from highest levels of the company https://www.404media.co/nvidia-ai-scraping-foundational-model-cosmos-project/

1
4
0
Show older