[RSS] A brief and incomplete comparison of memory corruption detection tools

https://devblogs.microsoft.com/oldnewthing/20250124-00/?p=110805

Whoever figured out that retirement homes and kindergartens can be merged should receive a Nobel prize (any field would do).

https://www.youtube.com/watch?v=7j-lU5Lvny8

(Hungarian, use auto-translate)

The second part is about teenagers teaching computer use for the elderly. Notice that a girl explains how to pirate movies on YT xD

👀🇵🇱🇭🇺 "If Orban really blocks European sanctions at a key moment for the war, it’ll be absolutely clear that in this big game for the security and future of Europe, he is playing in Putin’s team, not in ours. With all the consequences of this fact," — Polish PM Tusk

I wonder if those who find LLM's useful (esp. in case of programmers) do so because of the "rubber duck debuging" they do in the process?

https://en.wikipedia.org/wiki/Rubber_duck_debugging

[RSS] Introduction to Fuzzing Android Native Components: Strategies for Harness Creation

https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components-strategies-for-harness-creation/

#fuzzing

[RSS] A particularly 'sus' sysctl in the XNU Kernel

https://jprx.io/cve-2024-54507/

CVE-2024-54507

As someone who is totally blind, the Fediverse is the only place where I have ever been able to follow people such as photographers, artists, or even those who post pictures of their cats or the food they ate. The reason is that most of them use alt text. They take the time to describe the images that my screen reader can't recognise. Some write the descriptions themselves, and others use tools such as altbot. Some worry that their descriptions aren't good enough, especially when they are new at this. Let me assure you, not only are they good enough, they are extremely appreciated! If the rest of the world thought as you did, it would be a much better place. Don't hesitate to ask if you're unsure of something, but never think that we don't notice your effort.

#appreciation #accessibility #altbot #alttext #blind #blindness #fediverse #gratitude #images #inclusivity #peoplewhocare #pictures #technology

BREAKING: UnitedHealth has confirmed the ransomware attack and data breach on its Change Healthcare subsidiary in February 2024 now affects around 190 million people — almost double the previous estimate.

https://techcrunch.com/2025/01/24/unitedhealth-confirms-190-million-americans-affected-by-change-healthcare-data-breach/

@HalvarFlake - I promised to take a better look at the #EuroStack but initially I could find no detail. Now there is a new (brief) document that looks very urgent but I haven't yet studied it: https://euro-stack.eu/a-pitch-paper/

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a20b610

Read

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a20b610.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a20b610.json&colors=light

C IS LEGAL AGAIN

Me clicking on a restaurant website: I wonder when they're open and what they serve

Restaurant website: O U R M I S S I O N

Project: golang/go https://github.com/golang/go
File: src/cmd/vendor/github.com/google/pprof/profile/encode.go:132 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/vendor/github.com/google/pprof/profile/encode.go#L132

func (p *Profile) encode(b *buffer)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fvendor%2Fgithub.com%2Fgoogle%2Fpprof%2Fprofile%2Fencode.go%23L132&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fvendor%2Fgithub.com%2Fgoogle%2Fpprof%2Fprofile%2Fencode.go%23L132&colors=light

TIL @tubetime has live streams on Twitch!
https://m.twitch.tv/tubetimeus

[RSS] CVE-2024-26230: Windows Telephony Service - It's Got Some Call-ing Issues (Elevation of Privilege)

https://starlabs.sg/blog/2025/cve-2024-26230-windows-telephony-service-its-got-some-call-ing-issues/

UI is hell, or why you can't design a four-function calculator: https://lcamtuf.substack.com/p/ui-is-hell-four-function-calculators

This is new: CISA KEV adds an XSS vulnerability!

https://www.cisa.gov/news-events/alerts/2025/01/23/cisa-adds-one-known-exploited-vulnerability-catalog

The KEV page quotes (emphasis mine): "JQuery contains a *persistent* cross-site scripting (XSS) vulnerability" so this still doesn't seem to meet the bar for my XSS Reflections list:

https://github.com/v-p-b/xss-reflections

If anybody has more info about the related incident please lmk!

And that’s a wrap! #Pwn2Own Automotive 2025 is complete. In total, we awarded $886,250 for 49 0-days over the three day competition. With 30.5 points and $222,250 awarded, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) is our Master of Pwn. #P2OAuto

[RSS] Memory corruption from outside the process looks like space aliens

https://devblogs.microsoft.com/oldnewthing/20250123-00/?p=110800

Full system instrumentation ftw :)

Every once in a while I have a really stupid idea, and then I sit down to write out what it would look like, and immediately spot a flaw in it that renders the whole thing insecure.

One of these days, one of my bad ideas is going to look back at me as someone else's implementation, deployed to production.