Posts
2508
Following
574
Followers
1284
A drunken debugger

Heretek of Silent Signal
repeated

Wonderfully elegant term for exploit development from 1980: "Synthetic Programming"

https://literature.hpcalc.org/items/1718

0
6
0
repeated

Wow, a fairly serious auth bypass in Next.js, a super popular frontend framework:

If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.

https://securityonline.info/cve-2024-51479-next-js-authorization-bypass-vulnerability-affects-millions-of-developers/

0
4
0
repeated
repeated

Don't fix what isn't broken: https://www.tomshardware.com/desktops/indiana-bakery-still-using-commodore-64s-originally-released-in-1982-as-point-of-sale-terminals

In my professional opinion this is the best malware protected setup I have seen for years.

6
9
0
Dependency injection is the art of converting rude compile errors telling you detailed information about the mistakes you made into runtime exceptions from the depths of Khazad-dûm.
2
20
41
repeated

👋 Looking for some cool research opportunities in 2025?
We still have an open position in our 2024-2025 internships season.
Take a look and hurry up to submit, those satellites won't hack themselves

https://blog.quarkslab.com/internship-offers-for-the-2024-2025-season.html

0
3
0
repeated
Edited 4 days ago

Ed Zitron went to Amazon and bought its best-selling laptop — a $238 machine running Microsoft S, a hobbled version designed to limit what a user can do

The laptop is janky, slow, awful — and the internet it opens onto is a shitshow of upselling, slop, and con schemes, where the walled gardens are preferable mostly because they offer an illusion of order

His point: for *most* people, computing is psychologically abusive

He’s right

Read the whole thing!

https://www.wheresyoured.at/never-forgive-them/

12
15
1
repeated

Shot: US considers banning TP-Link routers over cybersecurity concerns https://securityaffairs.com/172128/uncategorized/us-considers-banning-tp-link-routers.html

Chaser: Today, NY Times Wirecutter recommends.... wait for it... TP-Link routers, writing: "we’ve spent hundreds of hours testing and evaluating more than 110 routers, and we’ve determined that the best router for wirelessly connecting your laptops, your smart devices, and anything else your daily life depends on is the TP-Link Archer AX3000 Pro." https://www.nytimes.com/wirecutter/reviews/best-wi-fi-router/

3
3
0
repeated

Juniper: 2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
Juniper warns that customers with Juniper Session Smart Routers (SSR) are getting infected with Mirai DDoS botnet malware because they didn't change from the default password. 🤦‍♂️

0
2
0
repeated

What do you think, AI slop or not? It's not always easy to tell...

https://hackerone.com/reports/2905552

9
1
0
repeated

Petition to flood GitHub with AI-generated code to trigger model collapse.

1
2
0
[RSS] How an obscure PHP footgun led to RCE in Craft CMS

https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms

Oh the memories...
0
1
1
repeated

Hi Mastodon hivemind, a friend has a Gemmacert device and the company behind it has gone bankrupt. He's wondering whether someone has already reverse engineered it, so he can continue to use his expensive machine to measure how potent his weed is

1
2
0
repeated

Talos Vulnerability Reports

New vulnerability report from Talos:

Foxit Reader 3D Page Object Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2094

CVE-2024-47810
0
2
0
repeated

Talos Vulnerability Reports

New vulnerability report from Talos:

Foxit Reader Checkbox Calculate CBF_Widget Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2093

CVE-2024-49576
0
1
0
repeated

cts🌸🏳️‍⚧️

New attack on x86 secure enclaves, specifically AMD SEV this time. SEV is AMD's answer to Intel TDXs.

Basically tricking the CPU into thinking the DRAM is a different size, causing physical address aliasing, which can then be exploited

0
4
0
repeated

"Your GitHub account now includes free use of GitHub Copilot"
LOL get fucked

16
8
0
repeated

Why do iOS apps update so much. “Bug fixes and improvements.” You’ve said that every week for eight years. I’m impressed by the commitment honestly but what are you DOING in there

6
4
0
repeated

Biden has just pardoned the entire executive team behind the Windows 11 out of box experience.

4
12
0
Show older