Part of our global dumbing down is the assumption no one wants to read anything anymore. This leads to ever briefer articles. Which sucks, since the world is too complicated to be understood through soundbites alone. However, if you invest time in decent writing & do the measurements, you find that tens of thousands of people DO read 3200 word posts straight through to the end:

First, solve the problem. Then, write the code.

— John Johnson

Neat, someone used JRuby to add Ruby scripting support to Ghidra.
https://github.com/goatshriek/ruby-dragon#readme

#ghidra #jruby #ruby

What would be interesting in a book about file formats ? Or streaming myself exploring file formats ?
Just come tell me - I have stickers #38C3.

The hardest part about refuting Y2K disinfo is how many problems were fixed quietly, in part to mitigate risk of ligitation (negligence, etc.). People have stories they can't tell.

At this point, I think enough years have passed that a formal amnesty - to encourage companies to disclose just how bad some of the problems were - would be in our historical best interest.

The easiest way to succeed is to measure success wrong.

"OpenAI expects about $5 billion in losses on $3.7 billion in revenue this year, CNBC confirmed in September. Those numbers are increasing rapidly."

So… The business model is to train models on everyones' data without paying them, then lose a billion dollars.
https://www.cnbc.com/2024/12/27/openai-needs-more-capital-than-wed-imagined-moves-to-for-profit.html

NIST is proposing a 256-bit block variant of AES with a static 256-bit key size. Public comments are open until January 25, 2025.

#crypto #cryptography

https://www.nist.gov/news-events/news/2024/12/nist-proposes-standardize-wider-variant-aes

"Invariant inversion" in memory-unsafe languages

https://pacibsp.github.io/2024/invariant-inversion-in-memory-unsafe-languages.html

The CCC 38 Saal1 Presentation - BlinkenCity: Radio-Controlling Street Lamps and Power Plants by Fabian Bräunlein and Luca Melette

...on reversing streetlamps, ripple controls, Versacom and Semagyr, power gear, smart meters, controlling FREs with flashlights and flipper zero's(!), was a tour de force in reverse engineering, critical infrastructure risk analysis, and hacking excellence. If you use electricity or streets, you should watch it.

https://fahrplan.events.ccc.de/congress/2024/fahrplan/talk/HSNZGR/

Cartoon Network website officially shuts down after 32 years 💔🥹😩😩😩😩😩

To use the Montreal subway, you tap a paper ticket against the turnstile and it opens. But how does it work? And how can the ticket be so cheap that it's disposable? I opened up the tiny NFC chip inside to find out more... 1/15

This year, we worked swiftly to save legacy media sites like https://Vice.com and MTVNews before decades worth of valuable journalism could be erased. These sites are searchable on the Wayback Machine. 📰📺

Help us in saving these resources: https://archive.org/donate/?origin=mstdn-eoy2024

Oh! @raspberry_pi RP2350 gotcha detailed at @ccc. Does he win the prize?? https://events.ccc.de/congress/2024/hub/en/event/hacking-the-rp2350/

VulnCheck: Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild
CVE-2024-12856 (7.2 high) Four-Faith Industrial Router post-auth command injection is a reported exploited zero-day. Suricata rule available, no IOC though.

@todb there are still 2 more weekdays left in 2024, cram it all into the KEV!

#vulnerability #fourfaith #cve #eitw #activeexploitation #CVE_2024_12856 #infosec #cybersecurity