Please share: Our Max Planck Institute recently left X and is present here on Mastodon. Give them a follow! Beautiful pictures from the science of light!

#Mastodon #Physics #Science #Light #Quantum #Optics #Photonics #Pictures

@maxplanckgesellschaft

From: @MPI_ScienceOfLight
https://wisskomm.social/@MPI_ScienceOfLight/113906463840724222

You gotta be kidding me with this bullshit.

"But DeepSeek & Meta’s recent research suggests that more AI capabilities (& efficiency savings) could be gained by going down a more dangerous path — where AIs develop their own alien language."

The journalists amplifying this garbage will not be held accountable when the hype cycle is gone because the next cycle of journalists will do the same thing during the next hype cycle.

I don't want to amplify the article so not posting the actual article.

Alright, new rule.

NIST settled this shit before half of you twerps in NetSec or IT could drive.

If I have to change a password because it's expired one more fucking time, I am finding the least secure possible phrase that fits the security rules.

I don't even have to remember the damn things, the PM will take care of it, but you are burning my time that I'm already not being paid enough to give you.

PyPI's new archival feature lets maintainers explicitly signal when projects won't receive future updates. No more guessing about maintenance status - package users can now make clear, informed decisions about their dependencies.

https://blog.trailofbits.com/2025/01/30/pypi-now-supports-archiving-projects/

Brewster Kahle, the internet’s librarian

Brewster Kahle, founder of the Internet Archive, housed in a former San Francisco church with Greek columns that echo the ancient Library of Alexandria, discusses his three-decade mission to preserve humanity’s digital knowledge and culture. via @internetarchive

https://www.californiasun.co/podcast/brewster-kahle-the-internets-librarian/

Well done @brewsterkahle !!

#digital_library #librarians #publicdomain

I designed this open-source handheld Sokoban game back in 2023, but the original OLED display module is no longer available.

In a bid to revive the project, I did a major redesign for a new display module. You can now build your own - enjoy!

https://lcamtuf.coredump.cx/sir-box-a-lot/

Despite being central to their security, many orgs struggle to securely implement #OAuth. Our new post walks through common issues & how to prevent them, along with a useful checklist! Read it today & ensure your org is secure: https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html

#doyensec #security #appsec

Coming up next:
the .EXE file format!

I think this goes without saying but please send me your weird encodings. I want to make Hackvertor better and malformed or strange encoding will help me do that so please message me.

A blog post on r2ai / decai by @pancake which shows decompiling to Swift :

https://www.nowsecure.com/blog/2025/01/29/decompiling-apps-with-ai-language-models/

#radare2 #decai #decompile #AI

important question for anyone good at x86. can microcode cache the top of the stack in processor registers for sufficiently nearby pushes and pops or do stack accesses always require a cache access no matter what

Does anyone know how to make the computer stop doing that

The history of the RAND Corporation is fascinating. And it isn't even a corporation! https://en.wikipedia.org/wiki/RAND_Corporation

Now accepting applications for our 2025 summer internship program!

Available tracks & examples:
AI/ML Security: Develop safety frameworks, conduct risk assessments
Application Security: Exploit kernel vulnerabilities, conduct code reviews, develop anti-DRM solutions
Blockchain: Enhance Slither/Echidna, shadow professional security audits
Cryptography: Build next-gen cryptanalysis tools, contribute to academic research
Operations: Drive strategic initiatives alongside our CEO

Details:
Duration: June - August 2025
Location: NYC or Remote
Direct mentorship from industry experts

Apply now: https://apply.workable.com/trailofbits/j/7476E8C7DC/

2024 was a significant year for decompilation, constituting a possible resurgence in the field. Major talks, the thirty-year anniversary of research, movements in AI, and an all-time high for top publications in decompilation.

Join me for a retrospective:
https://mahaloz.re/dec-progress-2024

Use-after-free vulnerability in the CAN BCM subsystem of the Red Hat Enterprise Linux 9 and CentOS Stream 9 kernels

In recent months, our research team reported a use-after-free vulnerability in the Red Hat Enterprise Linux 9 and CentOS Stream 9 kernels. The vulnerability also affects Red Hat Enterprise Linux 9-derived distributions, such as Alma Linux 9 and Rocky Linux 9. Exploitation of the vulnerability could lead to denial of service, information disclosure, and bypass of security mitigations. The vulnerability is registered with the identifier CVE-2023-52922.

Even though the vulnerability was public and patched over a year ago in the upstream and stable branches of the Linux kernels, the kernels used by Red Hat Enterprise Linux 9, its derivatives, and CentOS Stream 9 remain vulnerable, exposing users and organizations. This delay in patching public vulnerabilities is part of the Linux ecosystem. Vulnerabilities are not patched in Linux distributions even after they become public and patched in the stable and upstream branches of the Linux kernel.

To mitigate the vulnerability while there's no update fixing it, the CAN BCM module could be removed and denied loading unless the system needs it. It is just one of several vulnerabilities not patched in widely used Linux distributions. If you need security beyond the Linux distributions you depend on can offer, we can help you. This finding results from our ongoing research into the security of Linux distributions. Allele Security Intelligence is an expert in this field.

Check out our website and contact us to learn more: https://allelesecurity.com.

Check out more details about the vulnerability here: https://access.redhat.com/security/cve/cve-2023-52922

We will publish a blog post analyzing the vulnerability.

Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293) https://birkep.github.io/posts/Windows-LPE/

Old Soviet joke repurposed for 2025:
Several times daily, a woman opens a news website, glances at the screen, then closes it.

Her spouse, curious, asks what she's doing.

The woman explains she's looking for death notices.

The spouse says that the website only has headlines, not obituaries.

The woman replies, "Oh, the obituaries I'm praying for will be headlines."

🔎Part 2 of our COM hijacking series is live!
This time, we discuss a vulnerability in AVG Internet Security, where we bypass an allow-list, disable self-protection, and exploit an update mechanism to escalate privileges to SYSTEM 🚀💻
https://neodyme.io/en/blog/com_hijacking_2/