Posts
2517
Following
574
Followers
1284
A drunken debugger

Heretek of Silent Signal
repeated

I can FINALLY announce the news! I have been awarded a British Academy small grant!!

https://www.thebritishacademy.ac.uk/news/over-17-million-in-british-academyleverhulme-trust-small-research-grants-awarded-to-support-shape-researchers/

This work will be on safeguarding knowledge about floppy disks! The project will include working with @dpc_chat @JennyMitcham @anj on gathering floppy disk information in one place. But will also include interviewing floppy disk experts across communities and cleaning floppy disks with different techniques with the conservation department at the Cambridge University Library!!

11
2
1
repeated

Finished the training by @stevenseeley and found something cooler than calc.exe to pop: The almost 30 years old dialer.exe. And yes, it's on PATH blobcatgooglytrash

1
3
0
repeated

In March 2019, I broke a story about how Facebook had been storing unencrypted password data for hundreds of millions of Facebook users.

https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/

Today, the lead European Union privacy regulator fined Meta ~$100 million for that security/privacy failure, which Facebook said could have allowed any one of its 200,000 employees to see the plaintext passwords for up to 600M accounts.

https://www.reuters.com/technology/eu-privacy-regulator-fines-meta-91-million-euros-over-password-storage-2024-09-27/

4
12
0
repeated

“Do we need to worry about cups?”

“No we’ve got a handle on it”

1
2
0
repeated

my pronouns are they/them/../../../etc/shadow

2
16
2
#music #deathmetal
Show content
New Black Dahlia Murder \m/

https://theblackdahliamurder.bandcamp.com/album/servitude

R.I.P. Trevor :(
0
1
5
repeated

OpenPrinting/CUPS project decided to publish my related-but-different finding (in code that is about to all go away) https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq86-c7g6-r2h8

0
2
0
repeated

Aris Adamantiadis verified💲Paid

Some soft skills insight I gathered over my long career as a security researcher and shitposter:

  • When you insult the devs on your security bug reports when they dare not understanding the impact of your awesome bug on the first try, they turn non cooperative. Their main focus shifts from fixing the bug to avoid interacting with you.
  • When the disclosure process isn't going well, going to your community to stir the pot isn't going to make things go easier, especially when you're overevaluating the impact of your bug.

Thanks for following my Ted speech

1
3
0
Edited 2 months ago

#Ghidra 11.2 released

Documentation links with HTML preview (generated links point to raw repo contents):

https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.2_build

0
3
6
[RSS] Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall

https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall
0
0
1
[RSS] Exploiting Exchange PowerShell After ProxyNotShell: Part 4 - No Argument Constructor

https://www.thezdi.com/blog/2024/9/25/exploiting-exchange-powershell-after-proxynotshell-part-4-no-argument-constructor
0
0
0
repeated

Thunderbird for Android is coming soon! Find out how to get involved, from beta testing to localization to support and more, in our shiny new contributor guide!

(Seriously, by soon, we mean soon!)

https://blog.thunderbird.net/2024/09/contribute-to-thunderbird-for-android/

12
5
0
repeated

Mark Zuckerberg says the individual work of most creators isn’t valuable enough for it to matter. First of all, FUCK you, Mark. Another billionaire thinks an artist's work, such as images/art, books, music, text, and other things, has no value. People can't even browse IG or FB without downloading your shity app. Why don't you allow everyone to scrap those IG/FB posts? This guy is a menace to society and doesn't care if someone will lose their livelihood so that he can have another 100 billion.

12
6
0
repeated

Unath RCE in CUPS which triggers after a print job - affects most desktop linux flavors https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

0
2
0
repeated

Hackers showed me (there's video) how a website vulnerability let them locate, unlock, honk the horn, start ignition of any of millions Kias in seconds, just by reading a car's license plate.

They found similar bugs for a dozen carmakers over the last two years.

https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/

4
15
0
[RSS] Analysis of CVE-2024-21310 Pool Overflow Windows Cloud Filter Driver

https://gabrieldurdiak.github.io/clfd/
0
0
1
repeated

I am teaching a course on Linux kernel exploitation, and I mentioned the indeterminism of the objects in the physmap to the class. An example I showed is the struct task_struct of the first process, systemd. Even with KASLR disabled, that address will always differ on every boot. I said the CPU is fundamentally indeterministic, but my answer is too vague. I will read the Linux kernel initialization code to see if I discover anything interesting. Still, I would appreciate it if someone could give me a more detailed answer or point me in the right direction.

(gdb) p/x init_task->tasks->next
$76 = 0xffff888005028890
(gdb)

(gdb) p/x init_task->tasks->next
$77 = 0xffff88800502bb90
(gdb)

(gdb) p/x init_task->tasks->next
$79 = 0xffff88800502d510
(gdb)

0
1
0
repeated

A jockey who is paralyzed from the waist down lost his ability to walk after a small battery for his $100,000 exoskeleton broke and the manufacturer refused to fix it because it was more than 5 years old

https://www.404media.co/paralyzed-jockey-loses-ability-to-walk-after-manufacturer-refuses-to-fix-battery-for-his-100-000-exoskeleton/

0
9
1
repeated

Greetings, cool people. The Internet Archive is having our yearly celebration event in October. The announcement and the link to getting tickets to attend are here:

https://blog.archive.org/2024/08/19/celebrate-with-the-internet-archive-on-october-22nd-23rd/

0
3
0
Show older