I know that one should never, ever go to SciHub to find academic papers but is there a site one should never, ever go to for ISO/IEC standards documents?

Today is the 10 year anniversary of the first time I ever pwned anything!

My first exploit was a simple stack smash, overwrite return ptr, jump to admin function. This was an in internal recruiting CTF by @gaasedelen for the RPISEC

Before that day I had never even considered computer security and was primarily doing robotics.

You never know when a buffer overflow may change the very course of your life!

Years ago, I created a bot that posted Sun Tzu quotes, if Sun Tzu had written about cyber war. When X closed up API access that bot broke, and it never was high on my list of priorities to bring here. Well, I just fixed that. May I introduce you to @SunTzuCyber, which posts every 6 hours. The posts are set up as unlisted/quiet public, so they won't show up in timelines unless you follow it.

There's a large number of #FreeBSD, #OpenBSD, and #illumos users out there.

We don't talk much because it "Just Works™"

I was not able to prove this for a very long time, so I used the most powerful weapon available out there: asking!

https://www.reddit.com/r/selfhosted/comments/1f1hr4m/unix_but_notlinux_club/

Did you ever found firmwares for Tricore or v850 architectures accessing addresses starting with 0xa.. instead of the 0x80.. one? after so much research I end up learning that this is handled by the mmu which applies a cache layer on top of the same memory range. In other words: IDA lies by fake the references by dropping the 3rd bit, ghidra can't handle this, and r2 is again the only tool able to properly define this memory layout.

https://community.infineon.com/t5/AURIX/About-the-issue-with-lsl-files/td-p/676113#.

I may be late to the party but today I’ve learned that ASML has installed a kill switch into an extreme ultraviolet lithography machine it has sold to TSMC, allowing it to be shut down if China invades Taiwan.

https://www.datacenterdynamics.com/en/news/asml-adds-remote-kill-switch-to-tsmcs-euv-machines-in-case-china-invades-taiwan-report/

GitHub copilot seems to be high.

I typed "A simple hash function.", then autocomplete kicked in.

This is absolutely nuts. SQL Injection 101 attack on a site authorized by DHS for TSA vetting of known crew members. I’d bet there aren’t even audit logs that would be able to show if the system was tampered with.

How many other auxiliary sites with deep ties into critical infrastructure are this poorly secured?

https://ian.sh/tsa

/cc @briankrebs @dangoodin

"Just don't give a damn about what anybody else thinks of you!"

Well that is all nice and dandy, unless the 'anybody else' has the power and means to actively make your life harder.

Because at that point, you realize that not caring what anyone thinks is a privilege.

#ISaidWhatISaid

At the height of One Million Checkboxes's popularity I thought I'd been hacked. A few hours later I was tearing up, extraordinarily proud of some brilliant teens.

Here's my favorite story from running OMCB :)

https://eieio.games/essays/the-secret-in-one-million-checkboxes/

In light of the issue page for CVE-2024-5274 being made public. Me and @buptsb
have decided to make our exploit public. It's a bit different than the issue page POC.
https://github.com/mistymntncop/CVE-2024-5274/blob/main/exploit.js

I was happy to be quoted alongside security research leaders like @dustin_childs and @haifeili on the challenges with (good-faith) coordinated vulnerability disclosure. https://www.csoonline.com/article/3491353/is-the-vulnerability-disclosure-process-a-glitch-in-itself-how-cisos-are-being-left-in-the-dark.html

You can now use the ANGR decompiler with radare2. The old angr integration was renamed to r2angr-io.
Install it like this: r2pm -ci r2angr

Are you living near Paris, female*, and want to learn reverse engineering for free? 📱👩‍💻 There'll be a 4-day @blackhoodie training at Hexacon!

I'll be giving the training on two days, teaching iOS and Android reversing basics. Register now: https://reversing.training/hc24

#reverseengineering #paris #womenintech

LIKE-DBG is a great project to make Linux kernel debugging hassle-free. However, I wanted to use it without docker and I needed the ability to use an external build server. Long story short, I did a fork. Here you go https://github.com/raymontag/like-dbg

New, by me: Google's Threat Analysis Group found evidence that a group of Russian government hackers, aka APT29, are using exploits that are "identical or strikingly similar" to those previously made by spyware makers Intellexa and NSO Group.

The exploits were found hidden on Mongolian government websites, and designed to steal cookies and passwords, most likely from government employees.

More: https://techcrunch.com/2024/08/29/russian-government-hackers-found-using-exploits-made-by-spyware-companies-nso-and-intellexa/

I wrote an op-ed today in @lemonde about Durov's arrest. It's paywalled and French-walled too, so I'll post the key points here!

https://www.lemonde.fr/idees/article/2024/08/29/que-le-sort-de-pavel-durov-ne-serve-pas-de-cheval-de-troie-qui-legitimerait-des-pressions-sur-d-autres-developpeurs-dont-la-situation-n-a-rien-de-comparable_6298532_3232.html

1) You may have noticed that close to nobody in the infosec community (beyond Snowden) is calling for Durov's immediate release. That's because the infosec community knows Telegram has nothing to do with security and TG is not, in fact, a secure messenger. Not by a long shot.

A lot of people have written extensively about this, so I'll just summarize: most chats are only encrypted in transit, and when they are, it's with a proprietary and non-audited protocol. All your data is stored in plaintext on Telegram's servers.

2) It's actually unclear that the authorities view TG as a messenger at all. The indictment uses language that is more fitting to platforms and social media. Elon Musk understands this, which is why he's been vocal about the arrest.

This case IS NOT ABOUT FREE SPEECH. It's about whether platforms should be forced to cooperate with law enforcement (here, on drug / CP cases). EU law says that if problematic content is reported to X/Fb/Linkedin, they must delete it. If they do, they can't be held responsible.

You may disagree. But you cannot frame the situation as "the French government wants to destroy the last bastion of free speech". Also, this is not a political arrest, since prosecutors are independent in France. It's almost certain they didn't ask the government for permission.

3) Most platforms have nothing to worry about. Despite what @andyyen says, there's zero risk for him because he fully cooperates with authorities, which he knows. That was in fact the source of terrible PR for Proton.

The best thing platforms can do to protect themselves is use E2EE everywhere they can and store the least possible user data.
Crucial: don't say no to governments like Durov and go to jail. Create the conditions for your powerlessness. Say "we'd love to but we can't".

4) Maybe the most important point: the battle for free speech and encryption does go on. Telegram never was our champion for this battle and never will. Threats to encryption are still looming in 🇪🇺 and we need to be ready to fight the right battles.

A kindred spirit right here, lads.

We have published the 2nd writeup about the EV vulnerabilities we exploited for #Pwn2Own Automotive: the JuiceBox 40.

Despite what the
@thezdi advisories say, these bugs were NOT fixed by the vendor! SiLabs has declared the product EOL and won't fix it.

https://sector7.computest.nl/post/2024-08-pwn2own-automotive-juicebox-40/

1993: I use BBSes for online interaction. Each BBS is run by some random person. They connect to a federated worldwide network. I keep my notes in .TXT files.

2008-2022: I use social networks like Facebook and Twitter for online interaction. They're huge and popular. I use Evernote for my notes, which is full of features.

2023: I use Mastodon for online interaction. Each instance is run by some random person. They connect to a federated worldwide network. I keep my notes in .TXT files.