bsky.app/profile/mrme.bsky.social/post/3lbql2z2uas2f

Trust me, the Chinese hack Spring apps harder than you: https://juejin.cn/post/6972564484720328718

Revisiting unresolved JetBrains TeamCity issues: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=teamcity

• TeamCity 2024.07.3
  • Release/Blog Publish Date: 01 October 2024
    CVE assigned/publicly available: 08 October 2024 (8 days)
  • "5 security problems have been fixed."
    5 CVEs assigned
• TeamCity 2024.07.2
  • Release/Blog Publish date: 29 August 2024
    CVEs: N/A
  • "3 security problems have been fixed."
    0 CVEs assigned
• TeamCity 2024.07.1
  • Release/Blog Publish date: 06 August 2024
    CVE assigned/publicly available: 16 August 2024 (11 days)
  • "6 security problems have been fixed."
    5 CVEs assigned
• TeamCity 2024.07
  • Release/Blog Publish Date: 18 July 2024
    CVE assigned/publicly available: 22 July 2024 (5 days)
  • "19 security problems have been fixed."
    6 CVEs assigned

I may be a hater but I'm not lying and to my customers and hiding security issues.

#jetbrains #teamcity #vulnerability #cve

social media platform users are going to link offsite. the only question is how obnoxious the platform will make it for them and everyone else.

(For context: Instagram prohibits links in post text. This, plus the incentive to inflate comments, has led to the proliferation of tools where creators instruct their followers to comment with a specific word to receive a link in their DMs— in this case, to a pie crust recipe)

[RSS] RISC CPU Lives in Excel

https://hackaday.com/2024/11/24/risc-cpu-lives-in-excel/

From Guardian to Gateway: The Hidden Risks of EDR Vulnerabilities - Neodyme
https://neodyme.io/en/blog/wazuh_rce/

/via @tekwizz123

CVE-2024-32038, CVE-2023-50260
#frombsky

Page-Oriented Programming: Subverting Control-Flow Integrity of Commodity Operating System Kernels with Non-Writable Code Pages | USENIX
https://www.usenix.org/conference/usenixsecurity24/presentation/han-seunghun

/via @andersonc0d3

Prefer Rust to C? There's no reason your decompilation has to necessarily target C as the output. With our Language Representation UI/API in 4.2 you can see all your decompilation as Rust instead.

A bit annoying thing in #Bsky #ATProto is that you don't post plaintext that is "enriched" remotely, but provide a Rich Text object with links, tags, etc. marked as such. It seems from the servers perspective len(rich_text)!=len(str(rich_text)) and I found no way to find out what the true length of my rich Text object will be resulting in failed posts and bad thread splitting...

https://atp.readthedocs.io/en/latest/atproto_client/utils/text_builder.html

Latest #Ghidra failed to build because some obscure pyOpenSSL error, which can break pip altogether:

> TypeError: deprecated() got an unexpected keyword argument 'name'

Here's what worked for me:
- Delete the failing pyOpenSSL directory from site-packages
- pip install "pyOpenSSL>22.0.0,<23.0"

I really like the idea of Bandcamp Gift Cards! Get your friends and family hooked on supporting independent artists/small labels!

https://bandcamp.com/gift_cards

My son's #biology book represents carnivores as a true subset of animalivores (which is a new word to me).

Which animals are animalivores but not carnivores?

This is another #test

My keynote from @sansoffensive in Hollywood. Attacking Intelligence: Attacking and Defending AI on The Edge

I cover confidential GPUs, Windows Recall architecture, and post-compromise tradecraft with AI and lots more!

https://www.youtube.com/watch?v=1zl1NSwuhAk

Ignite session covering all the Windows Security newness just posted

https://ignite.microsoft.com/en-US/sessions/GS06

In the "Worth Reposting from Twitter" series today:

https://scrapco.de/twitter/buherator/status/1576535053571530752/

This is a thread about technological things I misjudged during my career. Maybe it'll help someone. (Or maybe I misjudge again?)

- I started gera's challenges, but "why bother with client-side?"

https://github.com/gerasdf/InsecureProgramming.git

- During university, seeing Meterpreter's shortcomings I considered to start developing a professional implant. But "no security boundaries, no fun".

Now look at all teh frameworks...

- Gave up on chemistry because of an idiot teacher

Hunting the Mongoose: Discovering 10 Vulnerabilities in the Mongoose Web Server Library
https://www.nozominetworks.com/blog/hunting-the-mongoose-discovering-10-vulnerabilities-in-the-mongoose-web-server-library

"You never pay here... not with money"

OMG I just realized at the end of the episode Needful Things was bought by *Google*

https://rickandmorty.fandom.com/wiki/Needful_Things

I am looking for padlock or similarly visual device that has bluetooth vulnerabilities (i.e. just uses an "unlock" command or so and no decent cryptography). Any tips welcome!

We misunderstood the concept of afterlife. What the religious texts meant to say is that the essence of your online life will be preserved as the weights of an LLM that handles airline customer support and prescribes Viagra in a telehealth app.