Wouldn’t it be easier to make it illegal to trick, mislead, or defraud people?
https://alecmuffett.com/article/110438
#LinaKhan #ai #cyber

Everyone was up in arms about the CUPS thing but this is much more serious: CVE-2024-45200 https://github.com/latte-soft/kartlanpwn

I bought a HTML template for a site I'm making. Typically I just pull the compiled html files out and make a standalone project which I maintain in a text editor. But, this time I figured it's time to learn modern web development so I tried using the toolchain it came with.

The toolchain consists of 3,446 dependencies, runs 15 processes, and uses 3 GB of ram. Unfortunately I can't run for president, but if I could I would run on the platform of making Node.js illegal.

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog
Hot off the press! Page is now live and published on their website.

• CVE-2019-0344 (9.8 critical) SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
• CVE-2021-4043 (5.5 medium) Motion Spell GPAC Null Pointer Dereference Vulnerability
• CVE-2020-15415 (9.8 critical) DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
• CVE-2023-25280 (9.8 critical) D-Link DIR-820 Router OS Command Injection Vulnerability

#cisa #kev #vulnerability #cve #eitw #activeexploitation #CVE_2019_0344 #CVE_2021_4043 #CVE_2020_15415 #CVE_2023_25280 #draytek #dlink #motionspell #sap

Massive e-learning platform Udemy is training its AI on instructors' classes. It gave them a short "opt-out" window to reject this. Instructors are surprised to learn that time has passed.

https://www.404media.co/massive-e-learning-platform-udemy-gave-teachers-a-gen-ai-opt-out-window-its-already-over/

We'd love your insights and feedback to improve Kagi!

Since Kagi does not track its users, we need to hear directly from you in order to better serve you and our community💡

https://docs.google.com/forms/d/e/1FAIpQLSd7F3uYX4pY4avwHIDdJGWBjnUMUPy8X8FVCSu43740OOAL2Q/viewform

(And yes, we know, Google Forms! What are some recommendations for the best alternatives?)

Supermicro BMC pre-auth stack overflow PoC exploit by @binarly_io

https://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py

CVE-2024-36435

In recent days, I’ve observed and talked to some people.

Some responses made me reflect: "I tried Mastodon, but I didn’t know whom to follow. No system gave me targeted suggestions, and I felt lost and abandoned it."

"Purchases? Mostly online. Sometimes I don’t know what to buy, and targeted advertising suggestions help me."

"I get my information online, especially from social media. I receive all the news that interests me, while official sites are full of things I have no interest in."

One of the problems in today’s society is that people, bombarded by the sheer amount of information available, feel lost. Algorithms help them choose, decide, and orient themselves, but the issue is that if these algorithms are not calibrated positively but solely in an interested manner, the result is to produce individuals incapable of making informed decisions, conditioned exclusively by what is suggested, stated, and amplified.

It’s as if, after years of guided information, many people believe they are always right (the "famous" bubble), feel entitled to everything (advertisements), and perceive the world as hostile (conspiracy theories, etc.).

Artificial intelligence has now become another example of this system: I know people who can no longer do anything without it. They try to impose me (incorrect) IT sysadmin solutions me because "the AI said so."

At this rate, I fear the most atrophied part of our body will be our brains.

#Mastodon #SocialMedia #InformationOverload #DigitalSociety

ICYDK Kay 'neoeno' Lack makes nice materials (blogs, posters, videos) about file formats, analysis, crafting...
Ex: https://www.0de5.net/stimuli/a-reintroduction-to-programming/memory/binary-formats-through-bitmap-images

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3) https://www.ambionics.io/blog/iconv-cve-2024-2961-p3

#PSA #PayPal is changing their privacy statement/terms of service starting November so that they can sell your information to merchants.

You CAN opt out, but you have to do it before they start:

Settings > Data & Privacy > Manage shared info > Personalized shopping, and toggle that shit off

ETA: this is probably country specific, due to differing privacy laws.

You can try privacy>settings>recommendations

Check replies, people have found the same toggle under a different header.

New on blog: "The perils of transition to 64-bit #time_t"

"""
In the "Overview of cross-architecture portability problems", I have dedicated a section to the problems resulting from use of #32-bit `time_t` type. This design decision, still affecting Gentoo systems using glibc, means that 32-bit applications will suddenly start failing in horrible ways in 2038: they will be getting `-1` error instead of the current time, they won't be able to `stat()` files. In one word: complete mayhem will emerge.

There is a general agreement that the way forward is to change `time_t` to a 64-bit type. Musl has already switched to that, glibc supports it as an option. A number of other distributions such as Debian have taken the leap and switched. Unfortunately, source-based distributions such as #Gentoo don't have it that easy. So we are still debating the issue and experimenting, trying to figure out a maximally safe upgrade path for our users.

Unfortunately, that's nowhere near trivial. Above all, we are talking about a breaking ABI change. It's all-or-nothing. If a library uses `time_t` in its API, everything linking to it needs to use the same type width. In this post, I'd like to explore the issue in detail — why is it so bad, and what we can do to make it safer.
"""

https://blogs.gentoo.org/mgorny/2024/09/28/the-perils-of-transition-to-64-bit-time_t/

Them: “This is not a paywall.”
Me: “whew”

Them: Provide your Email address”

Me: “that’s a payment, though. Personal information is a payment”

Analog filters, part II: let it ring

https://lcamtuf.substack.com/p/analog-filters-part-2-let-it-ring/?1

[RSS] Reverse-engineering a three-axis attitude indicator from the F-4 fighter plane

http://www.righto.com/2024/09/f4-attitude-indicator.html?m=1

I just realized that the "DoD Cyber Crime Center" on GitHub is not just a parody reference to NSA o.O

1 file changed, 99 insertions
but it ain't fucking work

Anyone has an idea what I should do with this exception:

ghidra.framework.store.LockException: domain object(s) are busy/locked

I solved like a dozen #Ghidra API mysteries today, but I'm running out of ideas with this one...

I’m happy to see that the GOV.UK Service Manual’s “Building a robust frontend using progressive enhancement” page was updated this week and made it to the top of Hacker News today. The technology industry would collectively save unimaginable quantities of time, money, energy and stress if this single page were required reading for everyone involved in building a web site. https://www.gov.uk/service-manual/technology/using-progressive-enhancement