Smashing the limits: Installing Windows XP in DOSBox-X

A couple of months ago, I tried to install (the unsupported) Windows XP in DOSBox-X. Well, it was not easy.

https://fabulous.systems/posts/2023/07/installing-windows-xp-in-dosbox-x/

#retrocomputing

Special Authority Data Mart created to allow me to see which profiles have special authorities, and to capture the information over time into a file.
💙 #IBMi #rpgpgm #IBMChampion
https://www.rpgpgm.com/2024/10/special-authority-data-mart.html

Put up the slides for my Bluehat 2024 presentation on improvements to OleView.NET https://github.com/tyranid/infosec-presentations/blob/master/Bluehat/2024/DCOM%20Research%20for%20Everyone!.pdf You can also grab v1.15 of OleView.NET from the PS Gallery which has the new features to generate proxy clients on the fly.

Outstanding. I am glad that more folks are picking on what I have been saying for quite some time. Confidential Computing is something we should continue pursuing and developing, but the tech, currently, is not there yet. Excellent work on formalizing a quite important (and hard) aspect of the discussion (remote attestation).

https://bird.makeup/@gabrielkerneis/1851664264895123736

Our security researchers @cod_rse@twitter.com and @inode conducted a security assessment on #Keycloak, identifying significant vulnerabilities impacting this open-source #IAM solution.

Read the full article at https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system

The Vanishing Culture report arrives today at a critical moment: While Internet Archive recovers from a cyberattack, it’s a reminder of how fragile our access to knowledge can be. Preserving culture & history requires resilience—and collective action.

🔗 https://blog.archive.org/2024/10/30/vanishing-culture-a-report-on-our-fragile-cultural-record/

Another Masto Instance going down. But not because moderation or something but because running bigger instances on Mastodon gets really expensive.

I think this is an issue that we need to put more work into: Not just finding better ways to sustainably fund the operation of instances but also the technical means to make running it on smaller hardware easier. This includes mechanisms to maybe push certain data into "archives" as to not have it in the live database/asset store.

(Original title: RIP botsin.space)

https://muffinlabs.com/posts/2024/10/29/10-29-rip-botsin-space/

Annoyed Redditors tanking Google Search results illustrates perils of AI scrapers | Ars Technica
https://alecmuffett.com/article/110533
#ArtificialIntelligence #llm #regulation

Consider: James Bond movie but his gadgets constantly fail and show him ads and he gets caught because the company that made his laser nose-hair trimmer nunchuck gets hacked.

I’m doing Movember this year with a focus on raising awareness about colon cancer, since it typically kills more men than prostate & testicular cancer & it took my Dad. I’d appreciate it if you shared my page, joined me, or donated for cancer research. https://ex.movember.com/mospace/15243648

Russia issued a monetary fine on Google: 2 undecillion rubles ($2,500,000,000,000,000,000,000,000,000,000,000) after refusing to restore the accounts of pro-Kremlin and state-run media outlets. https://www.themoscowtimes.com/2024/10/29/russia-fines-google-25-decillion-over-youtube-bans-rbc-a86846

Congratulations to our @MaitaiThe for discovering a new kickoff method to resurrect a universal gadget chain for exploiting unsafe deserialization in #ruby!

You can find the details here: https://github.com/GitHubSecurityLab/ruby-unsafe-deserialization/commit/8c66d0e31d000bb07ac5a50c575cf0ffec510bba
#doyensec #appsec #security

Somehow I missed it, but I just noticed that Chrome finally caught up with Edge to have a option to disable JIT.
If you care about security, which I suspect a good number of you do, you probably want to make this change in your settings.
https://www.cdbackslash.com/?p=221

We Patched CVE-2024-38030, Found Another Windows Themes Spoofing Vulnerability (0day) https://blog.0patch.com/2024/10/we-patched-cve-2024-38030-found-another.html

@pspaul just released a great writeup of the pacparser bug we found a few years back. The Zscaler VPN client, running as root, would inject the destination hostname in a JavaScript snippet and execute it with a very old version of SpiderMonkey. Paul transformed it in a CTF challenge for hack.lu and found the perfect vm bug to get RCE

https://blog.pspaul.de/posts/ancient-monkey-pwning-a-17-year-old-version-of-spidermonkey/

The removal of Russian linux maintainers working for sanctioned companies is a prime example of how one creates collective trauma by not being careful on how to convey the message proper.

The messaging were terrible, yes, a lot of people understood immediately why it happened, no, you can't look at it rationally and say "people will know". Your own collective trauma stood in the way.

Some people lost trust, others feel deeply betrayed, not due to the step itself, but by the way it was done.