Posts
2514
Following
574
Followers
1284
A drunken debugger

Heretek of Silent Signal
repeated


The first simulated image of a black hole was calculated with an IBM 7040 computer using 1960 punch cards and hand-plotted by French astrophysicist Jean-Pierre Luminet in 1978.

2
4
0
repeated

By me:

Chief among them: mandatory resets, required or restricted use of certain characters, and the use of security questions

https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/

3
8
0
repeated

Ok, I found the hotel on booking.com but I restarted my browser and now it shows up with a much higher price… I see, coming from the search as opposed to opening the hotel page directly gives you a discount… And pretending to be a mobile browser (via Firefox’ Responsive Mode) gives you another discount… Ah, screw booking.com and their attempts to overcharge me, I can just book directly on the hotel website which is still cheaper.

1
1
0
repeated
[RSS] A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary commands

https://ssd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce/

No CVE for this one?
0
0
0
repeated

in 1905.

Albert Einstein publishes the third of his Annus Mirabilis papers, introducing the special theory of relativity, which used the universal constant speed of light c to derive the Lorentz transformations.

There are some controversies on the question of the extent to which Mileva Marić contributed to the insights of Einstein's annus mirabilis publications

https://en.wikipedia.org/wiki/Annus_mirabilis_papers#

On the Electrodynamics of Moving Bodies at PG:
https://www.gutenberg.org/ebooks/66944

0
1
0
Edited 2 months ago
About vulnerability "half-life":

I still have to dig into the works referenced by the recent Google post, but the data is obviously based on known vulns.

https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html

Because of this I think the conclusion shouldn't be that bugs naturally die out ("half-life"). Rather, if we have a fixed set of methods to discover vulns, we will eventually find everything _we currently can_ in a fixed code base, and we will again find some in new code.

I think Orange Tsai's latest work on Apache modules is a great demonstration of how a new approach can result in a bunch of CVE's. But the "realization" about format strings also comes to mind. How much "old" code had to be fixed because of that?

What I'd like to see is some data on memory-safe languages blocking otherwise vulnerable code paths, or vulns getting discovered during integration with safe languages.
2
5
8
repeated

Talos Vulnerability Reports

New vulnerability report from Talos:

Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2062

CVE-2024-38140
0
1
0
repeated

I’m super excited about this blogpost. The approach is so counterintuitive, and yet the results are so much better than anything else that we’ve tried for memory safety. We finally understand why.

https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html

1
9
0
repeated

"By turning off your lights all day every day for a month, you conserved about 1 percent of the energy needed for AI to generate a picture of a duck wearing sunglasses. Isn’t he cute? Aside from the fact that he has the feet of a human man, of course."

"By dropping $7K on better, energy-efficient insulation for your home, Google AI was able to tell someone how to prepare chicken incorrectly, and they got, like, super sick—thanks to you!"

https://www.mcsweeneys.net/articles/the-department-of-energy-wants-you-to-know-your-conservation-efforts-are-making-a-difference

2
6
0
repeated

Our paper "Magika: AI-powered content-type detection" is up on Arxiv:
https://arxiv.org/abs/2409.13768

1
2
0
repeated
[RSS] CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive

https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/
0
1
0
repeated
repeated

The conference website is live!
https://re-verse.io/

CFP is now open and training tickets are open as well. General ticket sales live in three weeks!

0
6
0
repeated

This week's show is up, featuring @metlstorm and special guest co-host @RGB_Lights. Available on YouTube or through your regular podcatcher...

https://www.youtube.com/watch?v=u9G4Ov5cXw4

2
2
0
repeated

. 🔥 🔥 🔥 🎟️ 🎟️ 🎟️ 🔥 🔥 🔥
tickets are finally available!
🔥 🔥 🔥 🎟️ 🎟️ 🎟️ 🔥 🔥 🔥

https://radare.org/con/2024/

PD: All presentations will be recorded and published online for free. Tickets are only required to physically attend the event.

0
3
0
repeated

After his popular series on customizing the Sliver C2, our very own @ale98 is back with another series of three articles. This time, the topic is and , inspired by @saidelike’s @OpenSecurityTraining2 courses.

Part 1 is already out:
https://security.humanativaspa.it/exploiting-amd-atdcm64a-sys-arbitrary-pointer-dereference-part-1/

The others will follow shortly in the next weeks.

0
4
0
repeated

Holy fuck folks. Like Kapersky and their ties to the Russian government suck, yes. Them being banned from doing business in the US probably needed to be done. But folks, them installing UltraAV and uninstalling Kapersky was announced weeks ago. Paying customers got emailed about it weeks ago. Just because people don't pay attention doesn't mean it's time to engage in low effort journalism (like so many outlets are doing.)

My citation for reference. https://www.zdnet.com/article/one-million-us-kaspersky-customers-to-be-migrated-to-this-lesser-known-alternative/

1
2
0
Show older