Sweet! It took two attempts, but Jack Dates of RET2 Systems (@ret2systems) succeeded in exploiting the Sonos Era 300 smart speaker. He's off to provide all the details to us and #Sonos now #Pwn2Own #P2OIreland

Here are the first attempts for #Pwn2Own Ireland:

We need to differentiate talks between those which bring a scientific contribution (something new & inventive inside) and talks which are helpful to bring the audience up to speed on a given topic (e.g. overview of botnets in the wild, or status of obfuscation...)

[RSS] Browser Security Bugs that Aren't - #2: Web Attacks

https://microsoftedge.github.io/edgevr/posts/Browser-Security-Bugs-that-Aren-t-part-2/

[RSS] IBM Power10 server (shipping since September 2021) users say their organizations achieved eight nines--99.999999%--of uptime. This is 315 milliseconds of unplanned, per server, per annum outage time due to underlying system flaws or component failures.

https://www.itjungle.com/2024/10/21/ibm-nears-the-end-of-the-road-for-server-reliability-improvements/

Pretty impressive numbers (not just from IBM) here

The new Restricted Service type finally landed in WIP and now when running Windows Protected Print (WPP), the Spooler Worker process (which now does most of the work) runs as the new Account type. This means Print effectively no longer runs as SYSTEM. Customers running the 24H2 version of WPP will get the changes "soon"

Over time we hope to replace more SYSTEM services and move them to a similar model.

Big thanks to @tiraniddo who reviewed the design and gave us early feedback.

High level diff of iOS 18.1 beta 7 vs. iOS 18.1 RC 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_1_22B5075a__vs_18_1_22B82/README.md

Halloween, Xmas, Valentines in retail...

Blockchain, AI and God knows what's coming next in IT...

Marketing rules the world.

The draw is complete and now the schedule is out! You can check out the full schedule showing all four days of #Pwn2Own Ireland madness at https://www.zerodayinitiative.com/blog/2024/10/22/pwn2own-ireland-the-full-schedule #P2OIreland

Here is my recent DEF CON talk on Anom, the encrypted phone secretly ran by the FBI. All about the phone, the network, how Anom was structured, who used it, what this means for Signal, Telegram, more https://www.youtube.com/watch?v=uFyk5UOyNqI

New Project Zero issue:

Linux: temporarily dangling PFN mapping on remap_pfn_range() failure in usbdev_mmap() (and elsewhere?)

https://project-zero.issues.chromium.org/issues/366053091

CVE-2024-47674

The next blog post in the Active Directory hardening series just posted, focusing on SMB signing. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-6-enforcing-smb-signing/ba-p/4272168. You can do this yourself and it makes a difference.

We can finally run Doom in Quake! https://www.youtube.com/watch?v=tVOYmYUWkmE #doom

Now that the drawing is complete, @TheDustinChilds and Zed have a few thoughts about the upcoming #Pwn2Own Ireland contest. https://youtube.com/shorts/6l3BW94xH8E #P2OIrleand

[RSS] Attacking the Samsung Galaxy A* Boot Chain

http://blog.quarkslab.com/attacking-the-samsung-galaxy-a-boot-chain.html

[RSS] Linux kernel instrumentation from Qemu and Gdb

http://blog.quarkslab.com/linux-kernel-instrumentation-from-qemu-and-gdb.html

[RSS] Evaluating tail call elimination in the face of return address protection, part 1

https://devblogs.microsoft.com/oldnewthing/20241017-00/?p=110380

[RSS] Finding and exploiting CVE-2024-28578 with fuzzing

https://www.mayhem.security/blog/cve-2024-28578-test-third-party-image-libraries-with-mayhem

[RSS] Hackaday Hacked!

https://hackaday.com/2024/10/19/hackaday-hacked/

By default, Kagi Image Search downranks images from websites with a high proportion of AI-generated content.

You can also use the AI images filter to completely exclude websites with AI-generated images from your image search results.

More info: https://help.kagi.com/kagi/features/exclude-ai-images.html

#Kagi #AdFree #Search #AI