Let’s try something new in 2025…
This saturday at 8pm CET, I'll stream about crafting a valid PDF file from scratch.
We’ll see how it goes!

Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates.

https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/

Trying Out Binary Ninja's new WARP Signatures with IPSW Diff'ing
https://www.seandeaton.com/binary-ninja-warp-signatures/

#frombsky

#RetroFlash: PCGA-TKN1 #Sony #Vaio

Yes, it is exactly what you think it is:

an additional number pad you can flip out of the #notebook bay:

Big organizations have all sorts of problems that we employees can't help.

One problem I *can* help? The feud between the sysadmins and the network team.

I wrote the first edition of "Networking for System Administrators" in the hope that we tech flunkies would come together, freeing us to plot against the C-levels.

I'd appreciate your support for the new edition.

https://www.tiltedwindmillpress.com/product/n4sa2e-sponsor/

The eleventh LangSec (often featuring input validation, program analysis, program verification, parser hacking, specification analysis, and all sorts of related fun things) would love your submissions for 2025. See https://langsec.org/spw25 for the CFP 💚

In the old days if you clicked a link you would just get a web page. It was great.

~Windows 2 article minor updates~

Windows/286 vs Windows/386 vs Windows 3.0 Real / Standard / Enhanced mode. Do you know which is which? I added a table to the Windows 2 article comparing those, so it'll be easier to find the system you want.

Additionally, I added a section explaining why Windows 2 looks so... Unusual. It's hidden under "Wait, why does it look so ugly?" section, and covers fonts, resolutions, and EGA 3-plane graphics.

The URL is the same - https://www.ninakalinina.com/notes/win2/

Think you’ve got what it takes to pop shells and snag your ticket to... @reverseconf and @offbyoneconf ? 😏
https://github.com/star-sg/challenges/blob/main/Jan%202025/README.md

Project: python/cpython https://github.com/python/cpython
File: Python/Python-ast.c:10989 https://github.com/python/cpython/blob/2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd/Python/Python-ast.c#L10989

int obj2ast_stmt(struct ast_state *state, PyObject* obj, stmt_ty* out, PyArena* arena)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FPython%2FPython-ast.c%23L10989&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FPython%2FPython-ast.c%23L10989&colors=light

Some people have asked that 404 Media moves from a magic link system (to login you are emailed a link to click) to a user/password system. We're four journalists trying to spend as much time as possible doing journalism. We don't want your password https://www.404media.co/we-dont-want-your-password-3/

Why do vendors claim reliable and secure and then have vulns like this?? Let me guess, ping again?? https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo

⚠️ If you use iTerm with the SSH integration functionality: some debug code accidentally shipped to production and it may be logging the entire session to /tmp... on the REMOTE server. If you SSH to shared hosts with iTerm, you'll probably want to look into deleting that as quickly as possible https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog

Does anyone know how to add a new security device to a Google account? It seems the UI only supports passkeys now, but I don't want passkeys.

ghidra-r2web is a project to expose the functionality of #Ghidra to #radare2. After some compatibility fixes I refactored the original Ghidra script into a plugin for better integration and maintainability:

https://github.com/radareorg/ghidra-r2web/tree/master/GhidraR2Web

As I don't have much experience with r2 I can only rely on feature requests to add functionality that makes sense, so please use the issue tracker liberally!

IMO this is also a great opportunity to discuss possible improvements of the r2web protocol to support more integrations.

/cc @pancake

Please Boost: To all Hacker Spaces in Berlin. I have a decommissioned server to give away. So far, I have been unable to find a beneficiary.

**Who wants this server?**
HP ProLiant DL360 Gen9 - 2 CPU E5-2697 v3 @ 2.60GHz, 128 GB DDR4, 2x 900GB SAS.

Pick-up in Berlin Kreuzberg.

Somebody fooled Google AI to believe that EU mandated RS-232 usage in 1997 :)
#retrocomputing #rs232 #fakehistory

🎨Art by algixmc

"Apple has agreed to pay $95 million to settle a lawsuit alleging that its voice assistant Siri routinely recorded private conversations that were then sold to third parties for targeted ads." https://arstechnica.com/tech-policy/2025/01/apple-agrees-to-pay-95m-delete-private-conversations-siri-recorded/

[2412.20324] AFLNet Five Years Later: On Coverage-Guided Protocol Fuzzing

https://arxiv.org/abs/2412.20324

#frombsky