Please help us test OpenSSH ahead of the 9.9 release, due in a few weeks.

New features include a new post-quantum key exchange based on ML-KEM, improved controls to disallow unwanted connections and better performance for the existing PQ key exchange.

Full details at: https://marc.info/?l=openssh-unix-dev&m=172638834815257&w=2

God this is fucking incredible. Please take my word for it and read

https://modem.io/blog/blog-monetization/

Apple unexpectedly drops its civil suit against #spyware vendor NSO
Group as it claims discovery against it might disclose information that would benefit… spyware vendors. https://www.securityweek.com/apple-suddenly-drops-nso-group-spyware-lawsuit/

#namethatware #electronics A PCB from the late 90s ...

Please use content warnings to prevent spoilers. I'll publish the solution in ~ 24 hours

TBF I face much more challenges saving data _from_ the WaybackMachine using the CDX API than most of the sites I've scraped:

Most tools for offline archiving simply don't work, and although I'm *really* slow with my requests I get throttled all the time :P

Oh, and I almost forgot that it's surprisingly hard to translate IA URL's to local file paths, esp. since the URL's retrieved from the API aren't properly encoded (https://web.archive.org/.../http://example.com/...)

Huh, TianfuCup website cert expired: https://www.tianfucup.com

About once in a year I have to look at some Ruby stuff, and it's always getting worse.

Not only can't I install fresh versions with rbenv anymore, but even the ones that are available are broken.

More ranting, as a result from a conversation I had with a couple other #fuzzing people:

https://addisoncrump.info/research/fuzzers-and-gaming/

Exploiting CVE-2024-26581: use-after-free in Linux kernel nftables subsystem

https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26581_lts_cos_mitigation/docs/exploit.md

#Linux #cybersecurity

neat: https://bug.directory/ from @thegrugq mailing list

[RSS] Eaton: Hardcoded SSH root password in XC-303 firmware

https://github.com/google/security-research/security/advisories/GHSA-xf7j-4x67-6h93

[RSS] Revisiting Neural Program Smoothing for Fuzzing (2023.09.28)

We find that the original performance claims for NPS fuzzers do not hold; a gap we relate to fundamental, implementation, and experimental limitations of prior works." #fuzzing

https://arxiv.org/pdf/2309.16618

[RSS] Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing

https://cispa.de/en/research/publications/79453-look-ma-no-input-samples-mining-input-grammars-from-code-with-symbolic-parsing

[RSS] Copy-and-Patch Compilation: A fast compilation algorithm for high-level languages and bytecode

https://arxiv.org/abs/2011.13127

The delayed import-table phantomDLL opportunities

https://hexacorn.com/blog/2024/09/14/the-delayed-import-table-phantomdll-opportunities/

#failedresearch

I've implemented Conway's Game Of Life, in Conway's Fractran, in 416 fractions.
https://paste.sr.ht/~rabbits/046a86f42b74789fd5ea08657d253287b3847ffc

OpenAI’s ‘$8.5 Billion Bills’ Report Sparks Bankruptcy Speculation

https://www.asiafinancial.com/openais-8-5-billion-bills-spark-bankruptcy-speculation

After a decade(?) without GReader I gave in and started using a server-based #RSS solution, primarily to sync between my devices.

#FreshRSS works pretty well so far: I use newsboat as client, and can even use the built-in scraper to follow sites that don't publish syndication feeds! The downside is that I have to use XPath...

Looks like Newag isn't satisfied with how their civil lawsuit against us in Warsaw is going - because they just filed another one, this time in Gdańsk, and from another corporate entity they manage. And to add to the pile of arbitrary accusations, this time it's about unfair competition (again) and violation of their corporate personality rights (slander?).

[RSS] Binary Ninja Ultimate

https://binary.ninja/2024/09/13/ultimate.html