What are the online #book stores that are neither a) monopolistic giants built on enshittification nor b) copyright bullies?

If I ask for a unicorn, which ones do at least give authors a more fair share for their work?

The slides for the keynote our Cristofaro Mune(@pulsoid) has given at @h2hconference
"False Injections: Tales of Physics, Misconceptions and Weird Machines" are now available here:

https://raelize.com/upload/research/2024/2024_H2HC2024_False-Injections-Tales-of-Physics-Misconceptions-and-Weird-Machines.pdf

Enjoy!

nice one, asus

https://www.windowslatest.com/2024/12/22/asus-bombards-windows-11-with-christmas-exe-malware-like-christmas-wreath-banner/

In light of the Crowdstrike outage over 5 months ago, what specific changes has your organization made to your enterprise security program? What changes to policies, procedures, training, alerting, testing, and your written IRP have you made? Please share!

European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.

https://www.bleepingcomputer.com/news/security/european-space-agencys-official-store-hacked-to-steal-payment-cards/

Got like 20 new followers overnight at Bsky, what is happening?

Announcing #CodeQL Community Packs

https://github.blog/security/vulnerability-research/announcing-codeql-community-packs/

Maybe we should stop calling them *Notifications* and instead refer to *Interruptions*.

"Working on some stuff so I've turned off interruptions for a while."

"Right on."

⚡ A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk.

An uploaded file could turn into malicious JSP code—resulting in remote code execution.

» Affected Versions: Tomcat 9.0.0-M1 to 11.0.1
» Java users: Incorrect configurations = higher risk.
» Severity? CVE-2024-50379 scored a 9.8 on CVSS!

Details here 👉 https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html

Using @voooooogel control vector library to backdoor a model so that it introduces command injection vulnerabilities rather than using safer subprocess methods

Hi all. In order to make the Defensive Security Podcast content a bit more approachable and easier to navigate, I've created a playlist of individual stories/segments we cover here: https://www.youtube.com/playlist?list=PLzHXsgtVDQEq9JiCbwJojE4nd9dRVAT5l

Note: I've only gone back 4 episodes, but will be doing this for all episodes going forward.

Happy holidays!

Kagi's new video search controls let you replace clickbait thumbnails with real screenshots, customize title formatting, and focus on actual content.

You may find these controls in your search settings.

#Kagi #Search #AdFree #Videos

I started keeping a log of the serious attempts I've made to use generative AI for things (mostly coding-related). I've been bucketing them as successes or failures, along with the date and models used.

From the past several months, I'm up to 9 failures and 3 successes. I'll share this list some day.

When these systems have been successful, it's pretty neat. However, the successes I've seen have been for easy things, and the failures have mostly been time-sucks for me.

I feel like a heretic saying this (I'm a Principal Machine Learning Engineer), but I am not seeing a net benefit from using generative AI in my own work!

Windows Server 2022 and MsMpEng.exe:

https://www.hexacorn.com/blog/2024/12/20/windows-server-2022-and-msmpeng-exe/

Windows Server 2025 and MsMpEng.exe:

https://www.hexacorn.com/blog/2024/12/22/windows-server-2025-and-msmpeng-exe/

/by @hexacorn

Windows Cloud Files Mini Filter Driver LPE

CVE-2024-30085

https://ssd-disclosure.com/ssd-advisory-cldflt-heap-based-overflow-pe/

[RSS] Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150

https://pentesterlab.com/blog/another-jwt-algorithm-confusion-cve-2024-54150

I’ll be honest, hearing SEO people complain about the state of Google now is like hearing an arsonist complain that they just can’t get the quality of kerosene they used to.

A few of my followers mentioned that they'd like to know about my background as a "musician", so I am very happy to share my story as an amateur who went from trying to form a high school band to publishing a track with Sony Music, performed by a famous singer and produced by an even more famous producer.

Buckle up! I hope it is going to be an inspirational story or something, because it is a story of giving up and starting again, and again, and again.

New post in my Hyundai Kona Electric reverse engineering series: introducing the Fakon project
https://www.projectgus.com/2024/12/fakon/

#badpuns #reverseengineering #KonaHacking #EVs

current debian no longer writes to syslog 😦

if you look in /var/log, someone left a README file.

the README says "you are looking for logs? but you cannot find them?" and continues in broken english, smugly telling you that systemd has made logs obsolete, and you should use "journal cattle" to ask politely for your own logs.

[did you just tell me to fuck off, jim?]

if you run journal cattle, it shows a page of syslog from april. if you hit G to go to the end, it hangs forever.

[slow clap]