#Physics Girl #DoingBetter after #LongCovid

I owe this YouTuber a lot. She educated people on physics. Took them to places.
More than 2 years ago she got really sick with Covid that soon became Long-Covid. Earlier messages from her [partner] she was barely alive, non responsive.
If you want to check out her channel:
-> Physics Girl <-
-> youtube.com/@physicsgirl <- And please do.

Now she gives a very happy sign of emprovement I'm happy to share:

"Hello from Dianna! - Two years in bed"
by physicsgirl

https://www.youtube.com/shorts/euCkKszuWDQ

Quote by PG:
"Nov 21, 2024
Here is a small update from Dianna herself! She hasn't been able to communicate directly here on Youtube for almost 2 years now. A quick hello and thank you!"

[RSS] The Windows Registry Adventure #5: The regf file format

https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html

[RSS] CVE-2024-44825 - Invesalius Arbitrary File Write and Directory Traversal

https://www.partywave.site/show/research/CVE-2024-44825%20-%20Invesalius%20Arbitrary%20File%20Write%20and%20Directory%20Traversal

It's official.

The US is totally nuts: 🇺🇸 🥜

"BITCOIN Act of 2024"
https://www.congress.gov/bill/118th-congress/senate-bill/4912/all-info

Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks
https://www.yahoo.com/news/kidnapping-assassination-and-a-london-shoot-out-inside-the-ci-as-secret-war-plans-against-wiki-leaks-090057786.html

#frombsky

Wonderfully elegant term for exploit development from 1980: "Synthetic Programming"

https://literature.hpcalc.org/items/1718

Wow, a fairly serious auth bypass in Next.js, a super popular frontend framework:

If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.

https://securityonline.info/cve-2024-51479-next-js-authorization-bypass-vulnerability-affects-millions-of-developers/

Unveiling Hidden Transformers in Windows ANSI! https://worst.fit/assets/EU-24-Tsai-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf

Don't fix what isn't broken: https://www.tomshardware.com/desktops/indiana-bakery-still-using-commodore-64s-originally-released-in-1982-as-point-of-sale-terminals

In my professional opinion this is the best malware protected setup I have seen for years.

Dependency injection is the art of converting rude compile errors telling you detailed information about the mistakes you made into runtime exceptions from the depths of Khazad-dûm.

👋 Looking for some cool research opportunities in 2025?
We still have an open position in our 2024-2025 internships season.
Take a look and hurry up to submit, those satellites won't hack themselves

https://blog.quarkslab.com/internship-offers-for-the-2024-2025-season.html

Ed Zitron went to Amazon and bought its best-selling laptop — a $238 machine running Microsoft S, a hobbled version designed to limit what a user can do

The laptop is janky, slow, awful — and the internet it opens onto is a shitshow of upselling, slop, and con schemes, where the walled gardens are preferable mostly because they offer an illusion of order

His point: for *most* people, computing is psychologically abusive

He’s right

Read the whole thing!

https://www.wheresyoured.at/never-forgive-them/

Juniper: 2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
Juniper warns that customers with Juniper Session Smart Routers (SSR) are getting infected with Mirai DDoS botnet malware because they didn't change from the default password. 🤦‍♂️

#juniper #threatintel #cybersecurity #infosec #mirai #botnet #securitybestpractice

What do you think, AI slop or not? It's not always easy to tell...

https://hackerone.com/reports/2905552

Petition to flood GitHub with AI-generated code to trigger model collapse.

[RSS] How an obscure PHP footgun led to RCE in Craft CMS

https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms

Oh the memories...

Hi Mastodon hivemind, a friend has a Gemmacert device and the company behind it has gone bankrupt. He's wondering whether someone has already reverse engineered it, so he can continue to use his expensive machine to measure how potent his weed is

#weed #gemmacert #reverseengineering #dtv #helpneeded