Exploiting CVE-2024-26581: use-after-free in Linux kernel nftables subsystem

https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26581_lts_cos_mitigation/docs/exploit.md

#Linux #cybersecurity

neat: https://bug.directory/ from @thegrugq mailing list

[RSS] Eaton: Hardcoded SSH root password in XC-303 firmware

https://github.com/google/security-research/security/advisories/GHSA-xf7j-4x67-6h93

[RSS] Revisiting Neural Program Smoothing for Fuzzing (2023.09.28)

We find that the original performance claims for NPS fuzzers do not hold; a gap we relate to fundamental, implementation, and experimental limitations of prior works." #fuzzing

https://arxiv.org/pdf/2309.16618

[RSS] Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing

https://cispa.de/en/research/publications/79453-look-ma-no-input-samples-mining-input-grammars-from-code-with-symbolic-parsing

[RSS] Copy-and-Patch Compilation: A fast compilation algorithm for high-level languages and bytecode

https://arxiv.org/abs/2011.13127

The delayed import-table phantomDLL opportunities

https://hexacorn.com/blog/2024/09/14/the-delayed-import-table-phantomdll-opportunities/

#failedresearch

I've implemented Conway's Game Of Life, in Conway's Fractran, in 416 fractions.
https://paste.sr.ht/~rabbits/046a86f42b74789fd5ea08657d253287b3847ffc

OpenAI’s ‘$8.5 Billion Bills’ Report Sparks Bankruptcy Speculation

https://www.asiafinancial.com/openais-8-5-billion-bills-spark-bankruptcy-speculation

After a decade(?) without GReader I gave in and started using a server-based #RSS solution, primarily to sync between my devices.

#FreshRSS works pretty well so far: I use newsboat as client, and can even use the built-in scraper to follow sites that don't publish syndication feeds! The downside is that I have to use XPath...

Looks like Newag isn't satisfied with how their civil lawsuit against us in Warsaw is going - because they just filed another one, this time in Gdańsk, and from another corporate entity they manage. And to add to the pile of arbitrary accusations, this time it's about unfair competition (again) and violation of their corporate personality rights (slander?).

[RSS] Binary Ninja Ultimate

https://binary.ninja/2024/09/13/ultimate.html

[RSS] Ghost in the PPL Part 3: LSASS Memory Dump

https://itm4n.github.io/ghost-in-the-ppl-part-3/

Google Security Blog: A new path for Kyber on the web

• Chrome 131 will switch from supporting Kyber post-quantum algorithm to Module Lattice Key Encapsulation Mechanism (ML-KEM).
• Chrome will not support Kyber and ML-KEM at the same time.
• Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)
• The PostQuantumKeyAgreementEnabled flag and enterprise policy will apply to both Kyber and ML-KEM
• Chrome will no longer support hybrid Kyber (codepoint 0x6399)

#postquantum #chrome #kyber #mlkem #security #infosec #cybersecurity

TIL about Nexus STC (love the #wh40k reference!):

https://www.reddit.com/r/scihub/comments/12detqs/standard_template_construct_store_and_search_the/

#ShadowLibrary

My response when people ask me about the state of computer security:
(Modified from https://xkcd.com/2030/)

iFixit (and AliExpress) rocks!

#RightToRepair

34th First Annual Ig Nobel Prizes Awarded https://slashdot.org/story/24/09/13/226200/34th-first-annual-ig-nobel-prizes-awarded?utm_source=rss1.0mainlinkanon

🔥 The initial schedule for #r2con2024 is now public! The CFP is still open, but we may only accept now if you are fine submitting them for the “Online Sunday” in video format. https://radare.org/con/2024/

🎟️ Conference tickets and other details will be made available soon. Stay tuned, we will meet us all again in less than two months!