Probably the strangest chip that you'll see today: the Intel 2920, a digital signal processor (DSP) from 1979. It was the "first microprocessor capable of translating analog signals into digital data in real time." Chips are usually 16-bit or 32-bit, but this was a 25-bit processor. It didn't have any jump instructions, instead running code in a loop from the 192-word EPROM. Each instruction combined an ALU operation, a shift, and an analog I/O operation. 1/7

The Federal Trade Commission (FTC) proposes a $2.95 million penalty on security camera vendor Verkada for multiple security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras.

https://www.bleepingcomputer.com/news/security/verkada-to-pay-295m-for-security-failures-leading-to-breaches/

It seems Google is still in the process of migrating issues to the new P0 issue tracker, resulting in bumping old reports to the top.

Now the bot implements a filter that won't post issues with CVE's earlier than 2023.

[RSS] Reflections on RANDSTRUCT in GrapheneOS

https://dustri.org/b/reflections-on-randstruct-in-grapheneos.html

I recently saw an amazing Navajo rug at the National Gallery of Art. It looks abstract at first, but it is a detailed representation of the Intel Pentium processor. Called "Replica of a Chip", it was created in 1994 by Marilou Schultz, a Navajo/Diné weaver and math teacher. Intel commissioned the weaving as a gift to the American Indian Science & Engineering Society. 1/6

While Burp's browsers are devouring my disk space at least their disk usage diagram looks nice

We just published v4.1.0 of the eslint plugin `no-unsanitized`, which prohibits the usafe of XSS sinks (e.g., `innerHTML=` or `setHTMLUnsafe()`) without the use of a preconfigured sanitizer library.
The rule helps finding and preventing XSS in various Mozilla projects, including Firefox.
Technical Details at https://frederikbraun.de/finding-and-fixing-dom-based-xss-with-static-analysis.html and source at https://github.com/mozilla/eslint-plugin-no-unsanitized

[RSS] In the Windows kernel, what is a LUID, and what makes it loo-ey?

https://devblogs.microsoft.com/oldnewthing/20240830-00/?p=110198

[RSS] The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks/

NVD are you okay?

We broke 10k stars on #GitHub! Remaining in the 1st and 2nd positions on #Google for, “Reverse Engineering Tutorial”. Special thanks to @0xinfection @hasherezade @fox0x01 @three_cube @binitamshah and all of you! #ReverseEngineering https://github.com/mytechnotalent/Reverse-Engineering

this is my emotional support carwash. whenever I get sad I ssh into this Montenegrin carwash I found on shodan 12 years ago and spin the rollers a bit. makes me feel real again

Capt. Grace Hopper on Future Possibilities: Data, Hardware, Software, and People (1982)

Part I.: https://www.youtube.com/watch?v=si9iqF5uTFk

Part II.: https://www.youtube.com/watch?v=AW7ZHpKuqZg

If I'm not mistaken getting these records declassified took several years of fighting NSA bureaucracy, so having this released is a pretty great achievement!

CVE-2024-5274: A Minor Flaw in V8 Parser Leading to Catastrophes

https://www.darknavy.org/blog/cve_2024_5274_a_minor_flaw_in_v8_parser_leading_to_catastrophes/?s=09

I know that one should never, ever go to SciHub to find academic papers but is there a site one should never, ever go to for ISO/IEC standards documents?

Today is the 10 year anniversary of the first time I ever pwned anything!

My first exploit was a simple stack smash, overwrite return ptr, jump to admin function. This was an in internal recruiting CTF by @gaasedelen for the RPISEC

Before that day I had never even considered computer security and was primarily doing robotics.

You never know when a buffer overflow may change the very course of your life!

mskssrv.sys - CVE-2023–29360

https://seg-fault.gitbook.io/researchs/windows-security-research/exploit-development/mskssrv.sys-cve-2023-29360?s=09

"Listing all processes keeping particular file open is not a trivial task but since Vista we have a special syscall parameter for such purpose. Microsoft says "reserved for system use" but I was brave enough to wrap it into PowerShell function. Enjoy!" @0gtweet

https://github.com/gtworek/PSBits/blob/master/Misc2/Get-PidsForOpenFile.ps1