Microsoft could have kept WordPad and extended its functionality, instead of increasing the complexity (and attack surface) of Notepad.

Notepad being braindead -- including having no recovery / history -- was a feature.

https://www.bleepingcomputer.com/news/microsoft/microsoft-notepad-to-get-ai-powered-rewriting-tool-on-windows-11/

Remember America!

https://youtu.be/32iCWzpDpKs

it is always a pleasure talking with sharp people who know what they're doing

Possible Bird Strike? USN E-2C flies into a flock of seagulls while working the pattern at Pt. Mugu. Note the blowup it appears part of the wing starting to wrap around the prop #USN #mugu #ptmugu #e2c #avgeek #propeller #AWACS #aviation #nikon #photography #birdstrike #aviation #seagulls #flockofseagulls

Did you vote in America yesterday? If so, you just got doxed

This site takes voter records that can be hard to source and puts them all into one place. Name, address, voter history, for free. It turns voting into a privacy and security risk https://www.404media.co/voted-in-america-this-site-doxed-you/

We just released our Q2 & Q3 updates to the Mozilla Firefox Bug Bounty Hall of Fame. You can now find all the brilliant security researchers that helped secure Firefox in the last couple of quarters. https://www.mozilla.org/en-US/security/bug-bounty/hall-of-fame/. Thank you!

(The Mozilla web sites & services hacker hall of fame is continuously updated and available at https://hackerone.com/mozilla/hacktivity)

Generated docs for the latest #Ghidra 11.2.1 are now available at:

https://scrapco.de/ghidra_docs/

Differences from previous version:

https://gist.github.com/v-p-b/fb76fae8cbcb490a33039892c3feea9b

#Ghidra 11.2.1 released

What's New:
https://htmlpreview.github.io/?https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_11.2.1_build/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.html

Change History:
https://htmlpreview.github.io/?https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_11.2.1_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html

Upcoming hardening in PHP https://dustri.org/b/upcoming-hardening-in-php.html

and here's how we worked on the recent #curl CVE from it first being reported until published earlier today: https://hackerone.com/reports/2764830

Dear Developers,

if you write #documentation, include the *context* where a piece of code/config/prayer/... should go, pretty please!

Thank you,

Your Fellow IT People

[oss-security] shell wildcard expansion (un)safety

https://seclists.org/oss-sec/2024/q4/56

[RSS] On the limits of time travel in the face of undefined behavior in C

https://devblogs.microsoft.com/oldnewthing/20241104-00/?p=110466

New assessment for topic: CVE-2024-35250

Topic description: "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability ..."

"The ks.sys driver on Windows is one of the core components of Kernel Streaming and is installed by default ..."

Link: https://attackerkb.com/assessments/b966571c-c90a-4055-af54-ee6af8389f53

Exciting news! I’m starting X-Force’s new offensive research team (XOR) and hiring a security researcher. Want to work with researchers (like @fuzzysec and I) to find bugs, exploit popular targets, and share your work? Apply for this unique (remote) role 😊https://careers.ibm.com/job/21219320/security-researcher-san-jose-ca/

Don't threaten us with a good time

#ElonMusk #Twitter #Meme

Interested in accessing a binary as a CFG? @ArastehCma has a solid video showing how to access Ghidra's analysis as a CFG (with an awesome intro!):
https://www.youtube.com/watch?v=eTRo3xw1Gbs

Want to do the same thing in Binary Ninja? See below. (Spoiler: it's already exposed as one!)

Dutch researchers @midnightbluelab
found a critical zero-click vuln in a photo app enabled by default on Synology storage devices, putting millions of systems at risk of being hacked. They found Synology systems owned by police/law firms/critical infrastructure contractors online and all vulnerable to attack. Synology has called the vuln "critical" and issued a patch last week but apparently didn't notify customers. Synology devices don't have automated update capabilities. Here's my story: https://www.wired.com/story/synology-zero-click-vulnerability/

Early 2020 I wrote this blog post about how #Microsoft #OneDrive exports malformed #ZIP files that cannot be unzipped by widely-used tools (this only happens for large, > 4GB ZIP files):

https://www.bitsgalore.org/2020/03/11/does-microsoft-onedrive-export-large-ZIP-files-that-are-corrupt

Fast-forward 4.5 years, and Microsoft *still* hasn't fixed this!

Just ran into this again with a 6.5 GB file! Luckily the Fix-OneDrive-Zip tool by Paul Marquess helped me out again:

https://github.com/pmqs/Fix-OneDrive-Zip

#wtfZIP #wtfMicrosoft

Quick, release your #0day, US is preoccupied with the election! ;)