The promised writeup of how I discovered that the Feeld dating app was protecting private data by doing client-side filtering: https://mjg59.dreamwidth.org/70061.html

The recent ideas about LLM summarizers reminded me of an old joke by Woody Allen on speed reading:

“I took a course in it, learning to read straight down the middle of the page, and was able to go through ‘War and Peace’ in 20 minutes. It’s about Russia.”

https://quoteinvestigator.com/2015/12/08/speed-reading/

Archer 4 President!

https://www.youtube.com/watch?v=WpMSbKG2uZw

test

Getting code execution on Veeam through CVE-2023-27532
https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

Getting code execution on Veeam through CVE-2023-27532
https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

Getting code execution on Veeam through CVE-2023-27532
https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

[RSS] Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

We've completed a comparative security assessment of authorization policy languages: Cedar, Rego, and the OpenFGA modeling language.
If you are a language designer or a software developer, our AWS-sponsored assessment also provides recommendations for improving policy language design and for securing systems that use policy languages.
https://buff.ly/4cSO63s

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

Are we not negative enough towards #ai

[RSS] Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

[RSS] We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI

https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

Australia really looked at GDPR and said “those fines are rookie numbers, mate”.

https://ministers.ag.gov.au/media-centre/parliament-approves-governments-privacy-penalty-bill-28-11-2022

(from https://twitter.com/troyhunt/status/1597841957526568966 )

New vulnerability report from Talos:

Microsoft Windows 10 AllJoyn Router Service information disclosure vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1980

CVE-2024-38257,CVE-2024-38257

As @echo_pbreyer reminded us, EU member states have revived their effort to force-install a child pornography scanner on our phones again. This idea was rejected twice before, but they'll keep trying. Here's an English transcript of what I said about this in Dutch parliament last year: https://berthub.eu/articles/posts/client-side-scanning-dutch-parliament/

My SharePoint RCE got fixed: CVE-2024-38018. Site Member privs should be enough to exploit.

I also found a DoS vuln that got patched today: CVE-2024-43466.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38018