Currently trying to repair this device. Can you deduct or guess what it is? #NameThatWare

As always, hide your replies behind a CW to not spoil others.

Was that non-admin x-user exploit @gossithedog talked about[1] ever released?

https://digitalmarketreports.com/news/25091/microsoft-recall-feature-on-windows-11-not-removable-after-all/

[1] https://infosec.place/notice/AieooVB1w6sCv45MFE

Tired of using outdated languages for #Ghidra scripting or a REPL that you can't even properly paste into? @tmr232 and I wrote a plugin to embed a #Jupyter #Kotlin kernel for a full Notebook environment alongside your GUI.
https://github.com/GhidraJupyter/ghidra-jupyter-kotlin

Internet Archive breached again through exposed access tokens https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-exposed-access-tokens/?utm_source=dlvr.it&utm_medium=mastodon ( :-{ı▓

I stand with @internetarchive 🏛️

I’m a software developer with a bunch of industry experience. I’m also a comp sci professor, and whenever a CS alum working in industry comes to talk to the students, I always like to ask, “What do you wish you’d taken more of in college?”

Almost without exception, they answer, “Writing.”

One of them said, “I do more writing at Google now than I did when I was in college.”

I am therefore begging, begging you to listen to @stephstephking: https://mstdn.social/@stephstephking/113336270193370876

Any hints about what can cause these vertical lines on my Featherwing OLED display (SH1107)? Soldering is definitely messy but I dont think that would cause such static, localized errors.

It's interesting to think that "my browser doesn't work with this website" used to mean "my browser is out of date". Now it means "someone intentionally broke this website for my browser because it supports ad blocking"

Everything I knew about Python parameter passing was a fucking lie.

#Saturday

#subvertising

Respect 🫡

#opensource #vlc

In combination with the research published yesterday by ETHZ into IBPB implementation vulnerabilities on some Intel and AMD CPUs (https://comsec.ethz.ch/research/microarch/breaking-the-barrier/), Johannes Wikner has published a detailed walkthrough of the first cross-process Spectre exploit against a real target, an attack he developed in part during his internship with us last year.

Check it out here: https://grsecurity.net/cross_process_spectre_exploitation

The first ever end-to-end cross-process Spectre exploit? I worked on this during an internship with @grsecurity! An in-depth write-up here:
https://grsecurity.net/cross_process_spectre_exploitation

We're excited to announce dtrace.conf(24), the premier unconference for all things DTrace! 🎉
📅 Date: December 11th, 2024
📍 Location: Emeryville, CA

As an unconference, the agenda is driven by attendees. Come ready to actively participate!

https://dtraceconf24.eventbrite.com

Free System/36 in SoCal. Today only. Please repost. #retrocomputing

🚨 We're hiring! 🚨
HackSys Inc. is looking for a full-time Vulnerability Researcher (Windows/Android/Browser) based in India! 🛡️

🔍 Skills:
- Vulnerability classes, C/C++/ASM
- Exploited n-day on Windows/Android/Browser
- Reverse Engineering (WinDbg, IDA, Ghidra)
- Passionate about VR 🔥

Interested? DM @hacksysteam on Discord or Twitter for more details! #Hiring #VulnerabilityResearch #CyberSecurity

As much as I've been inconvenienced by the Internet Archive being offline this long, I'm proud of them for making up their minds to just keep it down for as long as it takes to make sure everything's fixed and safe before exposing it again. I hope everyone involved is putting in reasonable hours and getting enough sleep.

I joined @durumcrustulum and @tqbf on the Security Cryptography Whatever podcast to talk about our latest blogpost:

https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/
https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html

Something that Thomas said in the podcast really stood out to me. He said “the blog post undersells it. …. This is a lot more interesting than it looks like on the tin.”

I agree with this. It feels like we discovered a game-changer not just in memory safety, but in security more generally - that doing something very practical results in major security improvements for non-obvious reasons. Focusing on new code is disproportionately effective, exponentially.

Thomas also said “And that observation about the half life of vulnerabilities, if that’s true, says something pretty profound about what the work looks like to shift to a memory safe future.”

Or as Deidre said: “You can get really big bang for your buck, which is if you have something new, just write it in the Rust or another memory safe language and make it interop with the rest of your project and you will in fact, get really good returns on mitigating your memory safe vulnerabilities, which is the majority of your vulnerabilities, period.”

Agreed. We’re already prioritizing differently based on this data. It was a fun conversation, and we believe that it applies to a lot more than just memory safety.

CISA is looking for feedback on its "Secure by design" initiative draft doc.

https://www.infosecurity-magazine.com/news/cisa-product-security-flaws/

#cisa #appsec