TIL there is a thing called #Sarif, a Static Analysis Results Interchange Format, developed by Microsoft.
https://groups.oasis-open.org/communities/tc-community-home2?CommunityKey=c64ae352-bebf-446d-8ebf-018dc7d3eeb0

🎮 Announcing Steam gaming on Fedora Asahi Remix! 🎮

Get the scoop here: alx.sh/gaming.

... or just dnf install steam and give it a go!

Promoting exploits with logos and websites may be overkill, but let me remind you of this show put together for the release of a RAT:

https://youtu.be/oHxNEvklKqE?si=59JzajcBQYRP7xrX&t=1491

#bo2k #cdc #defcon

Bibi-binary is a hexadecimal notation system from 1968 with its own binary-derived symbols and single-syllable pronunciations for each digit https://en.wikipedia.org/wiki/Bibi-binary

Just a new #lolbin - sweet16 I mean, setup16

c:\windows\SysWOW64\setup16.exe

blog post to follow

calling all #coding connoisseurs, #webdev hobbyists, #html heroes, #css comrades, #blog buffs, and digital #art aficionados!

the #32bitcafe's second annual #halloween event will be starting this weekend for two weeks! 🎃

we'll have four ways to participate with either art, writing, or code, including a FRANKENSITE! oooo~ scary~ 👹

you have the 13th-27th to submit something that fits into our theme/format! :)

can't wait to see what everyone sends in! 👻

https://32bit.cafe/halloween24

#indieweb #personalweb #smallweb #web #internet #codejam #personalsites #personalwebsites

Apple did the research; LLMs cannot do formal reasoning. Results change by as much as 10% if something as basic as the names change.

https://garymarcus.substack.com/p/llms-dont-do-formal-reasoning-and

Sent from San Diego, California, U.S.A. on April 4, 1994. https://postcardware.net/?id=20-18

wow, check out this time lapse from last night's solar storm 😍

🤖 GSM-Symbolic: Understanding the Limitations of Mathematical Reasoning in Large Language Models

"Recent advancements in Large Language Models (LLMs) have sparked interest in their formal reasoning capabilities, particularly in mathematics. The GSM8K benchmark is widely used to assess the mathematical reasoning of models on grade-school-level questions. While the performance of LLMs on GSM8K has significantly improved in recent years, i…"

https://machinelearning.apple.com/research/gsm-symbolic

Two relatives of mine got scammed/phished recently. Nothing serious happened fortunately. Some interesting observations:

- People see URL's as opaque blocks. They have 0 clue where they point to since they have 0 clue about how to read them.
- "Check the domain" doesn't help (even assuming the knowledge of what part of an URL string is a domain) if you have no information about what domains are "normal" (whatever that means).
- Regular people don't see giving out CC's or other sensitive information as a critical task. One of the victims told me they gave out their CC while doing two other things - I'd drop everything to focus such a task, while for them it's just another boring physical copy-paste.

Based on this most of our awareness advise is shit.

#phishing #scam

We can't stop here...this is Dependency Hell!

#ghidra #java

Latest update on the DDOS attack from @brewsterkahle (Oct 11 @ 10:22am PT):

"The data is safe.

Services are offline as we examine and strengthen them. Sorry, but needed. @internetarchive staff is working hard.

Estimated Timeline: days, not weeks.

Thank you for the offers of pizza (we are set)."

We wrote a thing https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/

Another Ghidra build script bug yaay...

I wonder how much did Eclipse contribute to the bad reputation of Java...

Very kind for 0-day to hit right at the start of a workday TBH
https://blog.mozilla.org/security/2024/10/11/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit/
Light on details, but there's some.

[RSS] Aw, Sugar. Critical Vulnerabilities in SugarWOD

https://www.n00py.io/2024/10/critical-vulnerabilities-in-sugarwod/

[RSS] Marriott agrees to pay $52 million settlement, improve data security practices

https://cyberscoop.com/marriott-starwood-breach-ftc-settlement-data-security/

Here's a story about a Hungarian guy who hacked Marriott ~15 years ago: https://www.securityweek.com/hungarian-man-pleads-guilty-hacking-marriott-systems-demanding-job-it-dept/ I know this guy learned some hard lessons, Marriott apparently didn't...

[RSS] Russian cyber firm Dr.Web denies data leak by pro-Ukraine hackers

https://therecord.media/russian-antivirus-company-drweb-denies-data-leak