Please stop externalizing your costs directly into my face

https://drewdevault.com/2025/03/17/2025-03-17-Stop-externalizing-your-costs-on-me.html

"Whether it’s cryptocurrency scammers mining with FOSS compute resources or Google engineers too lazy to design their software properly or Silicon Valley ripping off all the data they can get their hands on at everyone else’s expense… I am sick and tired of having all of these costs externalized directly into my fucking face. Do something productive for society or get the hell away from my servers"

layerone cfp is open
https://www.layerone.org/call-for-papers/

Massive result in Dutch parliament just now. They passed 10 separate motions to enhance digital resilience, run more of our own servers & reduce dependency on US cloud technology.
https://www.reuters.com/world/europe/dutch-parliament-calls-end-reliance-us-software-2025-03-18/

Today, March 18, in 1982, Seattle high schooler David Lightman teaches his friend Jennifer Mack about war dialing, hacking, phreaking, and the importance of infosec (WarGames, 1983)

#Movies #Film #Cinemastodon #Letterboxd #WarGames #TheOnlyWinningMoveIsNotToPlay

This is wild.. also, honeypots totally work..

https://bird.makeup/@parkerconrad/1901615179718406276

[RSS] Why didn't Windows 95 setup use a miniature version of Windows 95 as its fallback GUI?

https://devblogs.microsoft.com/oldnewthing/20250318-00/?p=110975

CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers

https://mastersplinter.work/research/passkey/

[RSS] SAML roulette: the hacker always wins

https://portswigger.net/research/saml-roulette-the-hacker-always-wins

GitLab CVE-2025-25291 + CVE-2025-25292

Dropkick Murphys kicks ass as always:

https://www.youtube.com/watch?v=Tl4ggwyWEMI

#uspol #punk

“Wired is going to stop paywalling articles that are primarily based on public records obtained through the Freedom of Information Act”

https://freedom.press/issues/wired-is-dropping-paywalls-for-foia-based-reporting-others-should-follow/

🥳The latest !exploitable is here! We're sharing all the joy that comes with exploiting an arbitrary file write in GitLab, while cruising the Mediterranean. 🚢 Everything from onerous configurations to spotty internet! Enjoy!
#doyensec #appsec #security

https://blog.doyensec.com/2025/03/18/exploitable-gitlab.html

🧠 glibc has a noreturn function returning an int 🧠

https://github.com/bminor/glibc/blob/8c6fee9f7f4c09bf96766942fdd430f8beb638b0/csu/libc-start.c#L209-L220

shellify allows generating shell.nix from ad-hoc #Nix environments:

https://github.com/danielrolls/shellify

Why isn't this a core feature??

We are testing Ghost's ActivityPub beta integration for 404 Media! We're really excited about the future of the decentralized internet, we're stoked that Ghost is leading the way, and we're proud to be one of its first adopters.

You can follow us @index

Right now things seem pretty buggy but it's obviously very early. Looking forward to messing around with it and making the product better. Eventually as it gets better that will probably become our main account but for now we'll crosspost

CEF Debugger Enabled in Google Web Designer | Google Bug Hunters https://bughunters.google.com/reports/vrp/qMhY4nw9i

I found 2 use-after-free bugs in libxslt with Jackalope, let's find more together! The harness is now included in examples (link below). This also serves as a demo for two not very commonly used modes in Jackalope: grammar mutational fuzzing and sanitizer coverage.
https://github.com/googleprojectzero/Jackalope/tree/main/examples/libxslt

Slides of my talk "Malware analysis with R2AI": https://filestore.fortinet.com/fortiguard/research/r2ai.pdf

Demo of string obfuscation on Linux/RudeDevil: https://asciinema.org/a/708621

Download and contribute to r2ai: https://github.com/radareorg/r2ai @radareorg

#AI #radare2 #INSO25 #malware #linux

@patrickleavy has started a petition:

Behavioural metadata extraction underpins the 'surveillance business model'... We think it [enables] manipulation of individual voting at scale via social media microtargeting, spreading fake news, increasing big tech power, mistrust of govs, opinion polarisation, victimisation. RTB system data can be accessed by anyone, not just advertisers (as reported by ICCL)!

Might be a good one to add your name to? Let get the numbers up!

https://petition.parliament.uk/petitions/713456

C++ macro for x64 programs that breaks ida hex-rays decompiler tool.

https://github.com/android1337/brkida

"This project exploits the fact that IDA decompiler fails when it encounters a stack access on a pointer that's too big."

#IDA #IDAPro #HexRays

New Project Zero issue:

libxslt: use-after-free in xsltParseStylesheetProcess

https://project-zero.issues.chromium.org/issues/382015274

CVE-2024-55549