Volkswagen's bad streak: They know where your car is, Chaos Computer Club says – and they don't know how to secure it properly. https://reynardsec.com/en/volkswagens-bad-streak-we-know-where-your-car-is/

I found the GitHub repo "A Compiler Writing Journey" and was glad to see the compiler building from the ground up - documented with each step in detail.

For any compiler enthusiast, these steps provide valuable insights worth sharing.

I'm making a memory-safe implementation of C/C++. It's called Fil-C. Currently working on making it fanatically compatible with C and C++ so that lots of programs can be made memory-safe with zero or minimal changes.

Learn more here: https://github.com/pizlonator/llvm-project-deluge/blob/deluge/Manifesto.md

Only 10 days left to submit your papers to #MADWeb and secure a spot to present your work in the sunny San Diego!

📅 Deadline: January 9, 2025 (AoE)
📜 Submit here: https://madweb25.hotcrp.com/
🔗 Website: https://madweb.work/

#CfP #websec #websecurity

i just discovered some really good software: SENinja https://github.com/borzacchiello/seninja

it lifts Binary Ninja's intermediate representation to a symbolic form and lifts it to an SMT2 representation, then feeds it to Z3

the user interface is like a debugger, except you get things like symbolic expression, or you can ask for which inputs will result in reaching a specific branch

this is so so so cool

https://doi.org/10.1016/j.softx.2022.101219

Part of our global dumbing down is the assumption no one wants to read anything anymore. This leads to ever briefer articles. Which sucks, since the world is too complicated to be understood through soundbites alone. However, if you invest time in decent writing & do the measurements, you find that tens of thousands of people DO read 3200 word posts straight through to the end:

First, solve the problem. Then, write the code.

— John Johnson

Neat, someone used JRuby to add Ruby scripting support to Ghidra.
https://github.com/goatshriek/ruby-dragon#readme

#ghidra #jruby #ruby

What would be interesting in a book about file formats ? Or streaming myself exploring file formats ?
Just come tell me - I have stickers #38C3.

The hardest part about refuting Y2K disinfo is how many problems were fixed quietly, in part to mitigate risk of ligitation (negligence, etc.). People have stories they can't tell.

At this point, I think enough years have passed that a formal amnesty - to encourage companies to disclose just how bad some of the problems were - would be in our historical best interest.

The easiest way to succeed is to measure success wrong.

"OpenAI expects about $5 billion in losses on $3.7 billion in revenue this year, CNBC confirmed in September. Those numbers are increasing rapidly."

So… The business model is to train models on everyones' data without paying them, then lose a billion dollars.
https://www.cnbc.com/2024/12/27/openai-needs-more-capital-than-wed-imagined-moves-to-for-profit.html

NIST is proposing a 256-bit block variant of AES with a static 256-bit key size. Public comments are open until January 25, 2025.

#crypto #cryptography

https://www.nist.gov/news-events/news/2024/12/nist-proposes-standardize-wider-variant-aes

"Invariant inversion" in memory-unsafe languages

https://pacibsp.github.io/2024/invariant-inversion-in-memory-unsafe-languages.html

The CCC 38 Saal1 Presentation - BlinkenCity: Radio-Controlling Street Lamps and Power Plants by Fabian Bräunlein and Luca Melette

...on reversing streetlamps, ripple controls, Versacom and Semagyr, power gear, smart meters, controlling FREs with flashlights and flipper zero's(!), was a tour de force in reverse engineering, critical infrastructure risk analysis, and hacking excellence. If you use electricity or streets, you should watch it.

https://fahrplan.events.ccc.de/congress/2024/fahrplan/talk/HSNZGR/

Cartoon Network website officially shuts down after 32 years 💔🥹😩😩😩😩😩