The dark side of the Force is a pathway to many abilities some consider to be...unhinged

We've had our first collision of #Pwn2Own Ireland. The @Synacktiv team exploited the #Lorex camera with two bugs, but one had previously been used in the contest. They still earn $11,250 and 2.25 Master of Pwn points. #P2OIreland

Green Day “demastered” their 1994 album Dookie into 15 “obscure, obsolete, and inconvenient” formats, like wax cylinder, Fisher Price record, Teddy Ruxpin, and player piano roll. This is amazing. https://www.dookiedemastered.com/

Verified! PHP Hooligans / Midnight Blue (@midnightbluelab) used a single bug to exploit the Canon imageCLASS MF656Cdw printer. They earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland

Nice! Team Neodyme (@neodyme) wasted no time exploiting the HP Color LaserJet Pro MFP 3301fdw printer. They head off to the disclosure room to provide the details. #Pwn2Own #P2OIreland

Sweet! PHP Hooligans / Midnight Blue (@midnightbluelab) were able to exploit the #Canon imageCLASS MF656Cdw printer without problems. They head to the disclosure room with the details. #Pwn2Own #P2OIreland

On their second attempt, the @Synacktiv team was able to exploit the #Lorex 2K Indoor Wi-Fi camera. They're off to the disclosure room to provide details. #Pwn2Own #P2OIreland

Confirmed! Team Neodyme (@neodyme) used a stack-based buffer overflow to exploit the HP Color LaserJet Pro MFP 3301fdw printer. The earn $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland

Never underestimate the bandwidth of an airplane loaded with racks full of disk packs

Wow! @SinSinology of Summoning Team @SummoningTeam used a total of 9(!) different bugs to go from the QNAP QHora-322 through to the TrueNAS Mini X. His effort earns him $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OIreland

Confirmed! phudq and namnp from Viettel Cyber Security (@vcslab) used a stack-based buffer overflow and an untrusted pointer deref to exploit the #Lorex 2K camera. They earn $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OIreland

Sweet! It took two attempts, but Jack Dates of RET2 Systems (@ret2systems) succeeded in exploiting the Sonos Era 300 smart speaker. He's off to provide all the details to us and #Sonos now #Pwn2Own #P2OIreland

Here are the first attempts for #Pwn2Own Ireland:

We need to differentiate talks between those which bring a scientific contribution (something new & inventive inside) and talks which are helpful to bring the audience up to speed on a given topic (e.g. overview of botnets in the wild, or status of obfuscation...)

[RSS] Browser Security Bugs that Aren't - #2: Web Attacks

https://microsoftedge.github.io/edgevr/posts/Browser-Security-Bugs-that-Aren-t-part-2/

[RSS] IBM Power10 server (shipping since September 2021) users say their organizations achieved eight nines--99.999999%--of uptime. This is 315 milliseconds of unplanned, per server, per annum outage time due to underlying system flaws or component failures.

https://www.itjungle.com/2024/10/21/ibm-nears-the-end-of-the-road-for-server-reliability-improvements/

Pretty impressive numbers (not just from IBM) here

The new Restricted Service type finally landed in WIP and now when running Windows Protected Print (WPP), the Spooler Worker process (which now does most of the work) runs as the new Account type. This means Print effectively no longer runs as SYSTEM. Customers running the 24H2 version of WPP will get the changes "soon"

Over time we hope to replace more SYSTEM services and move them to a similar model.

Big thanks to @tiraniddo who reviewed the design and gave us early feedback.

High level diff of iOS 18.1 beta 7 vs. iOS 18.1 RC 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_1_22B5075a__vs_18_1_22B82/README.md

Halloween, Xmas, Valentines in retail...

Blockchain, AI and God knows what's coming next in IT...

Marketing rules the world.