My team college @rame found the CVE-2024-8001 vulnerability in VIWIS LMS 9.11. Congrats! 🥳 https://vuldb.com/?id.284352

#BOFH excuse #281:

The co-locator cannot verify the frame-relay gateway to the ISDN server.

One thing I find difficult in Radare2 is its advanced syntax. Not sure where it's documented + the naming logic.

For example: db $in:5 @ main - in yesterday's Advent of Radare (https://radare.org/advent/02.html). Where does $in come from?

Or ?$? ... ouch!
Or $$+10
or @10!20
or @@10 ...

Any good pointers to read?

cc: @radareorg

#radare2

AMD Disables Zen 4's Loop Buffer

https://chipsandcheese.com/p/amd-disables-zen-4s-loop-buffer

In an interview with the BBC in 2021, the British head of intelligence, Sir Richard Moore, MI6, describes the dangers of digital dependencies. The Foreign Intelligence Service speaks of a “data trap”: “If you allow another country to gain access to really critical data about your society, it will over time undermine your sovereignty, as you no longer have control over this data.” - https://gi.de/themen/beitrag/alarmzeichen-deutschland-demnaechst-im-goldenen-microsoft-kaefig

Want to help build Binary Ninja this summer? Our 2025 summer internship application process is live!

https://binary.ninja/students/internship-2025.html

Former Polish spy chief arrested to testify before parliament in spyware probe

https://therecord.media/poland-former-spy-chief-testifies-pegasus-spyware

Google security advisories: Android Security Bulletin December 2024
At a glance, no mention of exploitation. No Pixel bulletin, Android Automotive OS and Wear OS have no patches for December 2024. Nothing for Pixel Watch.

#google #android #pixel #vulnerability #cve #infosec #cybersecurity

It's Baaaaaack!!

Our Credit Card Canarytokens are out of beta and on your Canarytoken servers..

- Grab one;
- Stash it somewhere "safe";
- We will notify you if it's ever used!

Read more about it at https://blog.thinkst.com/2024/12/its-baaack-credit-card-canarytokens-are-now-on-your-consoles.html

💡@criscifuentes, the Mother of Decompilation, reflects in her #LABScon2024 keynote on three decades of innovation in reverse engineering. Highlights include:

- Her 1994 PhD research on reverse compilation techniques for 80286 DOS binaries
- Groundbreaking methods for mapping instruction flows and tracing compiler optimizations
- The evolution of decompilation tools and their modern applications in malware analysis

👉 Watch the full video: https://t.co/WYqhuybFd8

A new version of function-graph-overview is out, now with C++ support!

Online demo - https://tmr232.github.io/function-graph-overview/?language=3
VSCode - https://marketplace.visualstudio.com/items?itemName=tamir-bahar.function-graph-overview
JetBrains - https://plugins.jetbrains.com/plugin/25676-function-graph-overview

#FunctionGraphOverview #cpp #vscode #jetbrains

Thank you #LABScon2024 for the great conference and for posting a recording of my talk on 30 years of decompilation!

https://bird.makeup/@sentinelone/1861465678232068495

Yay! The r2k plugin for #radare2 is back! #kernel #reverseengineering

google’s latest fuckery: if you write online, read this

The Google app for iOS now adds THEIR links to YOUR posts from YOUR website unless you opt-out.

Their links lead people away from your site and back to Google. Because that’s definitely what you want, right? That’s why you have a blog or portal or web site or whatever. You want people to leave your site and go back to Google.

Oh, it’s not?

If you don’t like it, you can “Opt out.” Opting out is a pain in the ass. Here’s where you go to do it. You have to enter every variation of each of your domains or it won’t work. It will take up to 30 days, during which time Google will continue to pollute your work and your writing and your website with their modifications and their added links to take people away from your site and back to themselves.

For example, here’s the list of what I need to opt-out just for this one blog:

solarbird.nethttp://solarbird.nethttps://solarbird.netwww.solarbird.nethttp://www.solarbird.nethttps://www.solarbird.netweb.solarbird.nethttp://web.solarbird.nethttps://web.solarbird.net

Yes, you explicitly have to file no prefix, http:, and https: variants separately. They say so.

Making it difficult like this is 100% intentional and entirely designed to make it as annoying as possible, and also, to make sure you slip up if at all possible and forget one or more combinations.

(Tho’ I am just going to depreciate web. as a prefix right now, to bring down the load a little. Still gonna list ’em, though, because spite is why.)

Right now it’s only in the Google app for iOS and it’s probably a test to see whether they can get away with it without complaint, and how much revenue it generates. Let’s make that a combination of no and as close to zero as possible. Because otherwise they’ll roll it out everywhere, and probably derank you if you don’t go along.

Fucking hell, Google. Fuck you. Just… fuck you.

#art #t0000000000bs_ #writing