Version 3.4.0 of the PHP implementation of PASETO has been released!

https://github.com/paragonie/paseto/releases/tag/v3.4.0

Includes PHP 8.4 compatibility and removes internal use of strtok(), which we don't consider a safe function for handling secret keys.

(We pulled 3.3.0 which was an accidental tag of an earlier commit in the master branch.)

#whataweekhuh

In light of US tech oligarchy setting its sights on Wikimedia Foundation, a historical detail I did not know before: #Wikipedia became the non-profit it is today partly as the result of a labour strike of Spanish Wikipedia editors who disagreed with the proposed inclusion of advertisements. Initially, it was not clear what revenue model Wikipedia would get, and Wales moved towards a for-profit model already a year after launch. However, rather than working for free, so Jimmy Wales could profit from their labour via advertising, Spanish contributors forked Spanish Wikipedia as the Encyclopedia Libre Universal. Under the threat of losing the editorial community of such a large language, Wales conceded and set up the non-profit.

That is to say, however imperfect they are, all the digital commons we have are the result of ongoing struggle and hard work to keep them as commons.

Via Las Redes Son Nuestras (https://www.consonni.org/es/publicaciones/las-redes-son-nuestras) by @teclista

After releasing his PoC for CVE-2024-49138, @ale98 is back with two new articles that provide background on #Windows #CLFS, analyze two distinct #vulnerabilities patched by Microsoft’s KB5048685, and describe how to #exploit them.

https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buffer-overflow-analysis-part-1

https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buffer-overflow-analysis-part-2

Well, here's the cyberpunk part of the dystopia. Congrats Linux users, you're all criminals now.

Starting on January 19, 2025 Facebook's internal policy makers decided that Linux is malware and labelled groups associated with Linux as being "cybersecurity threats". Any posts mentioning DistroWatch and multiple groups associated with Linux and Linux discussions have either been shut down or had many of their posts removed.

https://distrowatch.com/weekly-mobile.php?issue=20250127#sitenews

I accidentally clicked a fucking YT short and it WON'T STOP PLAYING IF I START ANOTHER VIDEO!!

Via another "crazy security scanner" report, I learn that #libcurl is installed in a #Microsoft Office and/or Teams install on Windows? According to the reddit post, in a normal install.

Does anyone know more?

The reddit page mentioning this: https://www.reddit.com/r/sysadmin/comments/1hx9eib/libcurl_vulnerability_in_office_and_teams/?sort=new

The libcurl mailing list post:

https://curl.se/mail/lib-2025-01/0086.html

David Sacks and OAI complaining about distillation is extremely rich considering OAI trained in all of Libgen. :-(

Everyone is r*tarded.

OpenAI says it has evidence China’s DeepSeek used its model to train competitor - https://www.ft.com/content/a0dfedd1-5255-4fa9-8ccc-1fe01de87ea6?shareType=nongift via @ft

[RSS] My electric toothbrush was acting up, so I tried to reboot it

https://devblogs.microsoft.com/oldnewthing/20250128-00/?p=110815

Life is an adventure!

Evolving the Windows User Model – Introducing Administrator Protection

https://techcommunity.microsoft.com/blog/microsoft-security-blog/evolving-the-windows-user-model-%E2%80%93-introducing-administrator-protection/4370453

Sent by Charles Adams from Inyokern, California, U.S.A. on May 20, 1996. https://postcardware.net/?id=43-13

GhidraDbg - A Python script that creates a bridge between #Ghidra and #WinDbg for dynamic driver analysis, allowing real-time synchronization of debugging states.

https://github.com/philsajdak/GhidraDbg

"The built-in Ghidra-WinDbg sync can be challenging to configure and maintain, often requiring specific connection settings and troubleshooting. This script aims to provide a more straightforward, feature-rich alternative."

Tour of #Rust's Standard Library Traits

https://github.com/pretzelhammer/rust-blog/blob/master/posts/tour-of-rusts-standard-library-traits.md

jesus, Google Maps is going to change the names of the Gulf of Mexico and Denali. https://www.theverge.com/2025/1/27/24353450/google-maps-rename-gulf-of-mexico-america-mt-mckinley

It’s Tuesday. How’s everyone holding up?

Sitting in bed and using my portable data terminal to read about USA billionaire vs China military backed battling AI systems suspected of stealing our data and spying on us is exactly the cyberpunk future I was promised.

A detailed, well-written, and hilarious breakdown of the details of CVE-2024-55591, one of the latest Fortinet fiascos:

#ThreatIntel #ThreatIntelligence #CVE

https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/

You know the drill.
Update your fruit.
At least one of these (CVE-2025-24085) is being used by attackers in the wild.
https://support.apple.com/en-us/100100

What if the human brain can be deceived much cheaper?