Another externality of half-assed #EU #privacy regulation:

Translated pages become unreadable because you can't click through consent banners (and blockers stop working too) :P

OK this is pretty awesome: thanks to recent advances in machine translation (in large part LLM's), my old blog became magically available English:

https://translate.kagi.com/Hungarian/English/https://buhera.blog.hu/2014/02/22/apple_vs_ssl_goto_fail

We open sourced FastFeedParser, a high performance RSS, Atom and RDF parser in Python: https://github.com/kagisearch/fastfeedparser

This library powers Kagi Small Web (https://github.com/kagisearch/smallweb) and a few other initiatives at Kagi and is 10x-100x faster and more efficient at parsing feeds than existing alternatives!

#Kagi #AdFree #SmallWeb #Python

"The xCyclopedia project attempts to document all executable binaries (and eventually scripts) that reside on a typical operating system."

https://strontic.github.io/xcyclopedia/intro

[oss-security] PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

https://www.openwall.com/lists/oss-security/2024/11/16/7

CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979

Extracting Plaintext Credentials from Palo Alto Global Protect https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Qualys is at it again:

https://seclists.org/oss-sec/2024/q4/108

LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992,
CVE-2024-10224, and CVE-2024-11003)

Vulnerability names: this is log4shell. We named it this way because it's in log4j and gives you shell.

Threat actor names: this is HAIRY EEL, aka VIOLIN HIPPO, no relation to VEXING MACKEREL. Also known as APT-74, formely APT-C-92. We named it this way because he's a guy in Bulgaria

Thinking of participating in #Pwn2Own Automotive? ZDI's Connor Ford provides a detailed look at the internals of the #Kenwood DMX958XR. This is the first in a series detailing the attack surface of the IVI. Read all the details (and gander at the pics) at https://www.zerodayinitiative.com/blog/2024/11/18/looking-at-the-internals-of-the-kenwood-dmx958xr-ivi

ZDI-24-1514|CVE-2024-11393] (0Day) Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 8.8; Credit: The_Kernel_Panic) https://www.zerodayinitiative.com/advisories/ZDI-24-1514/

Hello! I've written 22,000+ words on "Safe" C++

https://izzys.casa/2024/11/on-safe-cxx/

Paged Out! #5 is out! Enjoy!
https://pagedout.institute/
And if you like the cover, check out the 8K wallpaper by Mark Graham (downloadable on our website)!

https://bird.makeup/@pagedout_zine/1858799166505234848

Finally got to publish the CVE for a "forever-day" path traversal in the .NET library DotNetZip affecting all releases since 2018. Enjoy, the PoC is in the patch! #CVE_2024_48510

https://www.cve.org/CVERecord?id=CVE-2024-48510

I try to reconstruct the design process of PAN-OS web services:
- Let's require authentication on all interfaces, because security!
- ...but we need some stuff to be accessible pre-auth 🤔
- Let's define a skeleton key that can be passed to us by another parser that have 0 concept of what needs to be authenticated!

Am I missing something?

#PaloAlto

[RSS] Pluralistic: Canada's ground-breaking, hamstrung repair and interop laws (15 Nov 2024)

https://pluralistic.net/2024/11/15/radical-extremists/#sex-pest

Boost this toot if you're planning on sticking around Mastodon whether or not it's more popular than Bluesky.

If only Sun Microsystems had purchased Apple when it had the chance, we could have had this magnificent device
https://alecmuffett.com/article/110670
#SunMicrosystems #apple

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 - watchTowr Labs https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/

We’ve just published on the @hnsec blog the seventh article on the creation of extensions for @burp_suite "Extending Burp Suite for fun and profit - The Montoya way", by @apps3c.

Topic: using the #Collaborator in #BurpSuite plugins

https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-7/

Extending Burp Suite for fun and profit - The Montoya way - Part 7 (Using the Collaborator) https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-7/