It’s the academic paper on phishing sims I’ve been waiting for and the abstract alone is 🔥🔥 https://www.computer.org/csdl/proceedings-article/sp/2025/223600a076/21B7RjYyG9q

📼 The video edition is done! 🔥 You can now watch all the workshops (friday), conference presentations (saturday) and online talks (sunday) by checking our Youtube channel or following the links from the website!

➡️ https://radare.org/con/2024/

It's been ten years, so a short story about the "gotofail" bug.

Someone came to me about a catastrophic vulnerability in Apple's TLS implementation.

I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.

They didn't know exactly what it was, just some vague details and the key point that it allowed use of the real certificate.

This was enough for me to find the bug (yay open source), which would go on to be known as "gotofail", and produce a working exploit in less than a day.

The details were anonymously back channelled to Apple, who released a fix.

@matthew_d_green posted on Twitter about it, concerned by Apple's vague release notes.

I used a burner phone to share the details with him anonymously.

Then everyone forgot about the whole thing because heartbleed.

¯\_(ツ)_/¯

When I was a PhD student, I attended a talk by the late Robin Milner where he said two things that have stuck with me.

The first, I repeat quite often. He argued that credit for an invention did not belong to the first person to invent something but to the first person to explain it well enough that no one needed to invent it again. His first historical example was Leibniz publishing calculus and then Newton claiming he invented it first: it didn’t matter if he did or not, he failed to explain it to anyone and so the fact that Leibniz needed to independently invent it was Newton’s failure.

The second thing, which is a lot more relevant now than at the time, was that AI should stand for Augmented Intelligence not Artificial Intelligence if you want to build things that are actually useful. Striving to replace human intelligence is not a useful pursuit because there is an abundant supply of humans and you can improve the supply of intelligent humans by removing food poverty, improving access to education, and eliminating other barriers that prevent vast numbers of intelligent humans from being able to devote time to using their intelligence. The valuable tools are ones that do things humans are bad at. Pocket calculators changed the world because being able to add ten-digit numbers together orders of magnitude faster allowed humans to use their intelligence for things that were not the tedious, repetitive, tasks (and get higher accuracy for those tasks). If you want to change the world, build tools that allow humans to do more by offloading things humans are bad at and allowing them to spend more time on things humans are good at.

If you know #radare2 and want to reverse engineer Japanese. This is the book for you! https://techbookfest.org/product/251850002 #books #reverseengineering

[RSS] Reverse Engineering iOS 18 Inactivity Reboot

https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html

[RSS] Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability

https://redrays.io/blog/redis-cve-2024-31449-how-to-reproduce-and-mitigate-the-vulnerability/

[RSS] Hungary confirms hack of defense procurement agency

https://therecord.media/hungary-defense-procurement-agency-hacked

I just published my writeups for all challenges of #flareon11:

👉 https://blog.washi.dev/posts/flareon11/

👉 https://washi1337.github.io/ctf-writeups/writeups/flare-on/2024/

Hope you like them as much as I liked writing them!

Astronomers have just discovered the first known "Einstein zigzag."

Due to a rare, lucky cosmic alignment, the combined gravity of two galaxies bent light like spaghetti & split a distant quasar into six different images.

This six-part image could allow a very accurate measure of the expansion of the universe.

https://www.science.org/content/article/first-known-double-gravitational-lens-could-shed-light-universe-s-expansion #science #space #astronomy #physics

To say something positive about LLM's the English auto subtitles on this documentary about #Hungarian #punks are *really* good:

https://www.youtube.com/watch?v=svc5ZjK-43o

OK so I'm going through YT videos about terminal emulators, seek randomly in one and guy talks about **privacy settings** then later the video has a section called **AI features** :O

Yeah I totally want a parrot on LSD finish my rm command!

Another serious question: why do terminal emulators need hardware acceleration? #ELI5

Device vendor placed deliberate backdoor in device, and doesn't provide updates anymore. Assuming no hacky stuff, if you want a not backdoored device you throw the one you bought in trash and buy a new one.

Can you sue in EU in 2024?

https://isc.sans.edu/diary/rss/31442

SANS ISC: Ancient TP-Link Backdoor Discovered by Attackers
@jullrich did you want to report this vulnerability to MITRE (or be credited)? Using CWE-912: Hidden Functionality and sekurak's entry as vulnerability details, this should be a quick CVE submission.

#tplink #backdoor #vulnerability #cve

It’s finally landed! You can now watch “Listen to the whispers: web timing attacks that actually work” on YouTube: https://youtube.com/watch?v=zOPjz-sPyQM

Could someone from @Rapid7Official shut this spammer up?

RE: https://infosec.place/objects/43b8b113-fa3b-4fcf-b893-e61261304e7e

Evasive ZIP Concatenation: Trojan Targets Windows Users

https://perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/

Parser differentials FTW :)

[RSS] Cute trick to mark parts of a C structure read-only

https://dustri.org/b/cute-trick-to-mark-parts-of-a-c-structure-read-only.html