In a new Q&A, Philip Bump, columnist for The Washington Post, reflects on why archiving the news goes beyond saving stories. From holding leaders accountable to capturing moments in culture, Bump shares insights on the need to preserve digital media. #VanishingCulture

🔗 https://blog.archive.org/2024/11/04/vanishing-culture-qa-with-philip-bump-the-washington-post/

New assessment for topic: CVE-2024-37404

Topic description: "Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. ..."

"Ivanti Connect Secure versions prior to 22.7R2.1 and 22.7R2.2, and Ivanti Policy Secure versions prior to 22.7R1 are vulnerable to [CRLF injection](https://owasp.org/www-community/vulnerabilities/CRLF_Injection), which leads to remote code execution with the privileges of the user `root` ..."

Link: https://attackerkb.com/assessments/34ea5769-e0d6-4c65-bfc3-510c679ef515

Don’t miss out—RE//verse tickets are on sale now! https://shop.binary.ninja/products/re-verse

funny one

https://bird.makeup/@spendergrsec/1851625943237902784

Announcement: ph0wn registration is opening today at 2pm!

The Ph0wn/Pico fan shop is already open. You'll find there hoodies, t-shirts, bags and many other items with or without @picolecroco . All items are sold at cost price and there's a 25% discount for 10 days.
Wear your item on the day of ph0wn!

https://ph0wn.myspreadshop.fr/

#ph0wn #registration #workshop #shop

I have written a copyleft #chiptune and #lofi album for the upcoming Radare2 conference: https://rada.re/con/2024/

Enjoy!

https://darkharmony.bandcamp.com/album/r2con-2024

#electronic #chiptune #radare2 #r2 #r2con #r2con2024

Hotdog or not hotdog?? 🌭

Let's take a look into a machine learning app that can detect hotdogs. How does it work? Can we change it into a pizza detector 🍕 app?

https://youtu.be/e2kosWm2vag
#reverseengineering #reversingshorts

🔥💀After 40 hours of constant reversing of weird looking c++ and no sleep, I Finally cooked the
CVE-2024-47575 fortimanager unauthenticated RCE 🩸

https://bird.makeup/@watchtowrcyber/1853262240822276534

[RSS] TLS 1.3 Hybrid Key Exchange using X25519Kyber768 / ML-KEM

https://www.netmeister.org/blog/tls-hybrid-kex.html

#cryptoraphy #tls #pqcrypto

[RSS] Reverse-engineering what a "short" section is

https://devblogs.microsoft.com/oldnewthing/20241029-00/?p=110436

#PowerPC #PPC #Itanium

[RSS] I have enabled "take ownership" permission, but I still cannot obtain write access

https://devblogs.microsoft.com/oldnewthing/20241030-00/?p=110440

Code auditing is not the same as vulnerability research

https://pacibsp.github.io/2024/code-auditing-is-not-the-same-as-vulnerability-research.html

The economics of proving exploitability by @x43r0

https://nickg.ca/posts/economics-of-proving-exploitability/

I love how this looks like they’re having a conversation.

Stop thinking of Twitter, TikTok, IG, (et al) as social media sites.

They are **Content Refineries.**

Like processed food manufacturers they take user content & extract the most addicting/engaging content. Brains eat it up but in an unhealthy “devour the whole bag of chips” way.

They make hyper-processed social media junk food.

Mastodon is more like a potluck. We're all bringing dishes. It's a mess. Kids are running all over. But we are, at least, real people sharing real things.

This seems accurate #agile #SoftwareDevelopment

Finally achieved empty tcpdump starting Firefox. Had to find and clear location.services.mozilla.com and push.services.mozilla.com from show-all in about:config. Then there were the following that are hard-coded, not appearing in about:config, for which /etc/hosts needed to be invoked:

firefox.settings.services.mozilla.com content-signature-2.cdn.mozilla.net prod.remote-settings.prod.webservices.mozgcp.net content-signature-chains.prod.autograph.services.mozaws.net

FFS do better.

New Update to the #InfoCon Security Archives: Hacktivity 2023 has been added to the https://infocon.org/cons/Hacktivity/ collection, and missing English captions have been generated.

"The IT Security Festival in Central and Eastern Europe since 2004"

You can D/L, Torrent or watch in your browser. @hacktivityconf #Hacking #InfoSec #Security #CyberSecurity

"While conducting a postmortem review of the Asnarök attack, [Sophos] built a specialized kernel implant to deploy to devices that Sophos had high confidence were controlled by groups conducting malicious exploit research. The tool allowed for remote file and log collection without any visible userland artifacts."
https://t.co/xUXifo4ZQV

reminder that the bcrypt hash function ignores input above a certain length! so if you do bcrypt(username || password) for some reason, a sufficiently long username will make it accept any password. to fix this you can sha256 the input first.

https://bird.makeup/@kmcquade3/1852475962715246869