🎂🗻 Looking for simh/DEC J-11 experts to volunteer for our project of developing a libre emulator of the Slovenian Iskra Delta Triglav computer which is celebrating 40 years! We have ROM and disk images (RSX11-M/DELTA-M OS) and lots of documentation. Interested? 👉 marko@muzej.si

Project: golang/go https://github.com/golang/go
File: src/runtime/map.go:1255 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/runtime/map.go#L1255

func evacuate(t *maptype, h *hmap, oldbucket uintptr)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fruntime%2Fmap.go%23L1255&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fruntime%2Fmap.go%23L1255&colors=light

Why You Probably Don't Need A VPN To Stay Secure On Public Wi-Fi

You've probably heard advice about how hackers can steal all your sensitive information if you don't use a VPN on public Wi-Fi, but is that actually true? In this video I'll walk through some of the major risks of public Wi-Fi such as Man-In-The-Middle Attacks, Rogue Access Points, SSL Stripping, and TLS Downgrades, as well as discuss how modern security measures prevent them.
https://www.youtube.com/watch?v=i7GwjGGwxzg

Project: golang/go https://github.com/golang/go
File: src/cmd/trace/gen.go:41 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/trace/gen.go#L41

func runGenerator(ctx *traceContext, g generator, parsed *parsedTrace, opts *genOpts)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Ftrace%2Fgen.go%23L41&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Ftrace%2Fgen.go%23L41&colors=light

New #Ivanti Connect Secure #0day — I'm sure we'll see Mandiant and MSTIC write-ups shortly on whichever threat campaign/actor was hitting CVE-2025-0282. https://www.rapid7.com/blog/post/2025/01/08/etr-cve-2025-0282-ivanti-connect-secure-zero-day-exploited-in-the-wild/

I'm very happy to see @kagihq joining Peertube with their inaugural video below about what makes Kagi independent search special!

https://tilvids.com/w/twGQeYV9c1TGwMmbdXtY2q

Remember to follow their Peertube account at @kagi and boost to encourage and show them the effort is appreciated! Also do check out their excellent lenses feature, shown in the video.

#Kagi #Peertube #Fediverse #Fedi #Privacy

GitLab security advisory 08 January 2025: GitLab Patch Release: 17.7.1, 17.6.3, 17.5.5

• CVE-2025-0194 (6.5 medium) Possible access token exposure in GitLab logs
• CVE-2024-6324 (4.3 medium) Cyclic reference of epics leads resource exhaustion
• CVE-2024-12431 (4.3 medium) Unauthorized user can manipulate status of issues in public projects
• CVE-2024-13041 (4.3 medium) Instance SAML does not respect external_provider configuration

No mention of exploitation

#gitlab #vulnerability #cve #infosec #cybersecurity

Hi all. Given the recent announcement from Meta about AI personas and allowed behavior, I am moving threads.net back to a limit, and will likely move them to a block in the future on infosec.exchange. I can’t ignore the reality that the changes they’re making are specifically intended to permit attacks on many of the people that call this place home. I won’t rule out that they walk the changes back, which is why I’m not jumping to sever the nearly 4000 mutual follow relationships between people on threads and here.

🚨 Deadline Extended 🚨

By popular demand, the #MADWeb submission deadline is now January 14, 2025 (AoE)! 🗓️

You still have 1 week to send your papers and join us in San Diego!

📜 Submit here: https://madweb25.hotcrp.com
🔗 Details: https://madweb.work

Spread the word!

#websec #cfp #ndss #NDSS2025

Does anyone use the Aviatrix Network Controller? I don't know anything about it but a CVSS 10 command injection in a network controller seems a bit yikes. Advisory and CVE published yesterday so I may be slow to this one.

A vulnerability could allow an unauthenticated user to execute arbitrary command against Aviatrix Controllers. As of January 7, 2025, Aviatrix is not aware of any known exploit activity.

https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers

https://nvd.nist.gov/vuln/detail/CVE-2024-50603

There are rumor swirling that there might be some upcoming Ivanti Connect Secure (ICS) CVEs being released soon.

I feel bad for anybody needing to decipher what Ivanti product versions are vulnerable to what CVE.

The Ivanti advisories use confusing language that is unclear if it's referring to which versions are fixed, and which are affected. The CVE entries don't mention which versions contain the fix. And the release notes...
Can somebody smarter than myself decipher what order the security patches are listed in? It's not by order of CVE ID, and it's not by order of ICS version. Which leaves... ?

If we are indeed about to have an Ivanti fire drill, good luck folks.

In case it wasn't posted here already, Project Zero is hiring!
See https://t.co/bA3FT6ZbzH

(please RT for reach - thank you!)
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?

Write a 1-page article for the #6 issue of Paged Out! :)
https://pagedout.institute/?page=cfp.php

Soft deadline is Feb 1st.

From over at the Bad Place:
https://gist.github.com/alfarom256/f1342f14dc6a742de7ea4004a1b6d7ed

IObit Malware Fighter has a driver device called IMFForceDelete123.
When you call the only exposed IOCTL to this device, 0x8016E000, along with a specified path, the Windows kernel will delete the specified file/directory. NTFS ACLs don't matter because we're the kernel.

Who is allowed to interact with this device? EVERYONE.

The more software you have on your system, the less secure it is.

The art of programming is the art of organizing complexity, of mastering multitude and avoiding its bastard chaos as effectively as possible.

— E. W. Dijkstra

#complexity