Back in the day I reverse engineered Oracle Forms network protocol and published a bunch of writeups and tools about it:

https://github.com/silentsignal/oracle_forms/

I've always thought Forms is a niche in enterprise IT that's slowly dying out (for good), until I saw this video about our local nuclear power plant o.O

https://youtu.be/xsOAjgFLImg?si=_FJsd7EoEC1J3gim&t=4660

WIRED article forecasting the generative AI bubble will burst in 2025. This is more optimistic than my own expectations, but if WIRED are printing it, it's the direction sentiment in Silicon Valley is running in.

(Hint: there's gold in AI, but it's in *analytical* AI, aka big data, not stochastic parrot bullshit.)

https://www.wired.com/story/generative-ai-will-need-to-prove-its-usefulness/

Call for SPI flashes at #38C3

I'm developing some SPI-flash tools and want to try a variety of devices and flash chips for testing.

Got devices where it's tricky to dump in-system or rare flash chips? I'd love to test them at #38c3 if you can bring them!

My strategic privacy analysis. Is Google undoing a decade of progress on privacy? Their new policy allows invasive device fingerprinting for tracking user activity. Here’s my deep dive into what this means for privacy—and the future of AI. https://blog.lukaszolejnik.com/biggest-privacy-erosion-in-10-years-on-googles-policy-change-towards-fingerprinting/

My first article for @mogwailabs_gmbh just released. Thanks to @h0ng10 for making it happen. 🥳

https://mogwailabs.de/en/blog/2024/12/jndi-mind-tricks/

#jndi #java #deserialization

Seems like a mitigation for a Tomcat TOCTOU vuln was incomplete.

(H/t) @AAKL

https://seclists.org/oss-sec/2024/q4/164

Does Tidal compensate artists fairly? I'm ready to ditch Spotify, but I'd like to do it the right way.

Sophos security advisory 19 December 2024: Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)

• CVE-2024-12727 (9.8 critical) pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall
• CVE-2024-12728 (9.8 critical) weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall
• CVE-2024-12729 (8.8 high) post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall

Sophos has not observed these vulnerabilities to be exploited at this time.

#sophos #firewall #vulnerability #cve #infosec #cybersecurity

Security Bulletin: #IBMi is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464]

https://www.ibm.com/support/pages/node/7179509

Somebody tell Elon: "Never go full retard."

Why AI language models choke on too much text
Compute costs scale with the square of the input size. That's not great.
https://arstechnica.com/ai/2024/12/why-ai-language-models-choke-on-too-much-text/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Heads up: Folks on #Codeberg

You might get an email belittling your project, seemingly from Michael Bell (mikedesu) via noreply@codeberg.org (an issue is created on your repo and then deleted, leading to the notification).

This appears to be part of a smear campaign someone is running that started on GitHub. e.g., see:

https://www.techradar.com/pro/security/github-projects-are-being-targeted-with-malicious-action-in-apparent-attempt-to-frame-researcher

CC: @Codeberg – hope you can identify the account(s) responsible and block them. Example (deleted) issue: https://codeberg.org/kitten/app/issues/216

#Physics Girl #DoingBetter after #LongCovid

I owe this YouTuber a lot. She educated people on physics. Took them to places.
More than 2 years ago she got really sick with Covid that soon became Long-Covid. Earlier messages from her [partner] she was barely alive, non responsive.
If you want to check out her channel:
-> Physics Girl <-
-> youtube.com/@physicsgirl <- And please do.

Now she gives a very happy sign of emprovement I'm happy to share:

"Hello from Dianna! - Two years in bed"
by physicsgirl

https://www.youtube.com/shorts/euCkKszuWDQ

Quote by PG:
"Nov 21, 2024
Here is a small update from Dianna herself! She hasn't been able to communicate directly here on Youtube for almost 2 years now. A quick hello and thank you!"

[RSS] The Windows Registry Adventure #5: The regf file format

https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html

[RSS] CVE-2024-44825 - Invesalius Arbitrary File Write and Directory Traversal

https://www.partywave.site/show/research/CVE-2024-44825%20-%20Invesalius%20Arbitrary%20File%20Write%20and%20Directory%20Traversal

It's official.

The US is totally nuts: 🇺🇸 🥜

"BITCOIN Act of 2024"
https://www.congress.gov/bill/118th-congress/senate-bill/4912/all-info

Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks
https://www.yahoo.com/news/kidnapping-assassination-and-a-london-shoot-out-inside-the-ci-as-secret-war-plans-against-wiki-leaks-090057786.html

#frombsky