Unused functions are now skipped by default. This reduces generated C dramatically. Give it a try! if you have issues, use v -no-skip-unused ... and report them.
After making this option by default, CI times went down significantly:

I've noticed a concerning trend of "slop security reports" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to push back:

#oss #opensource #security

https://sethmlarson.dev/slop-security-reports?utm_campaign=mastodon

Fucking PaloAltoNetworks...

two major CVEs come out, guidance says X version is fine and unaffected. I upgrade everything to that version.

PaloAlto then changes the CVE details to say that ""LOL version Y is good, X sucks.""

I don't want to have to keep checking CVE pages for changes....

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Hot off the press!

• CVE-2024-11667 (7.5 high) Zyxel Multiple Firewalls Path Traversal Vulnerability
• CVE-2024-11680 (9.8 critical) ProjectSend Improper Authentication Vulnerability
• CVE-2023-45727 (7.5 high) North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability

#CVE #CVE_2024_11667 #Zyxel #ProjectSend #CVE_2024_11680 #proself #CVE_2023_45727 #cisa #kev #cisakev #knownexploitedvulnerabilitiescatalog #vulnerability #eitw #activeexploitation #infosec #cybersecurity

Chesterton’s Fence: A Lesson in Thinking

https://fs.blog/chestertons-fence/

We just released AFL++ v4.30c - deprecate afl-gcc/clang, fast resume support, lots of improvements. https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.30c #afl #fuzzer #fuzzing

I work in IT and hate friends/family asking me to fix their home computers, now everytime I fix someones computer and hand it back I whisper "Dirty bastard!" and the look of pure horror on their face gets me everytime. Nobody asks now so it worked a treat.

My team college @rame found the CVE-2024-8001 vulnerability in VIWIS LMS 9.11. Congrats! 🥳 https://vuldb.com/?id.284352

#BOFH excuse #281:

The co-locator cannot verify the frame-relay gateway to the ISDN server.

One thing I find difficult in Radare2 is its advanced syntax. Not sure where it's documented + the naming logic.

For example: db $in:5 @ main - in yesterday's Advent of Radare (https://radare.org/advent/02.html). Where does $in come from?

Or ?$? ... ouch!
Or $$+10
or @10!20
or @@10 ...

Any good pointers to read?

cc: @radareorg

#radare2

AMD Disables Zen 4's Loop Buffer

https://chipsandcheese.com/p/amd-disables-zen-4s-loop-buffer

In an interview with the BBC in 2021, the British head of intelligence, Sir Richard Moore, MI6, describes the dangers of digital dependencies. The Foreign Intelligence Service speaks of a “data trap”: “If you allow another country to gain access to really critical data about your society, it will over time undermine your sovereignty, as you no longer have control over this data.” - https://gi.de/themen/beitrag/alarmzeichen-deutschland-demnaechst-im-goldenen-microsoft-kaefig

Want to help build Binary Ninja this summer? Our 2025 summer internship application process is live!

https://binary.ninja/students/internship-2025.html

Former Polish spy chief arrested to testify before parliament in spyware probe

https://therecord.media/poland-former-spy-chief-testifies-pegasus-spyware

Google security advisories: Android Security Bulletin December 2024
At a glance, no mention of exploitation. No Pixel bulletin, Android Automotive OS and Wear OS have no patches for December 2024. Nothing for Pixel Watch.

#google #android #pixel #vulnerability #cve #infosec #cybersecurity