Overview of Map Exploitation in v8

https://xia0.sh/blog/visit-the-map/visit-the-map

/via @exploitsclub

Google is quietly testing ads in AI chatbots
Unsurprisingly, an advertising company is finding more places to run ads.
https://arstechnica.com/ai/2025/05/google-is-quietly-testing-ads-in-ai-chatbots/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

🔐 The SLB 9670VQ2.0 FW7.85 SPI TPM module sounds like something your cat would type mid-zoom call — but it's actually a serious piece of security hardware.

This TPM (Trusted Platform Module) chip is used in motherboards and SBCs to store crypto keys, generate true random numbers, and keep your hardware’s trust chain tight, even if the rest of your system isn’t Fort Knox. TPM 2.0 is even a requirement for modern OSes like Windows 11.

TP-Link is CNA now.

A BIG WELCOME to these 7 CVE Numbering Authority (#CNA) partners that joined the #CVE Program in April!!!

* CTOne
* Insyde Software
* Jaspersoft
* Sandisk
* Spotfire
* The Qt Company
* TP-Link

Join: https://www.cve.org/PartnerInformation/Partner#HowToBecomeAPartner

Weird how Wired is saying that the reason DPRK workers are getting Western tech jobs is because they're using AI to deviously trick recruiters.

With AI, their schemes are now more devious—and effective

But where's the discussion on how it's because said recruiters are also relying on bullshit AI tools? Not to mention the whole "foreigners stole your job" vs "corporations are willingly giving the jobs to foreigners who are not legally authorized to work in $country" bullshit.

https://www.wired.com/story/north-korea-stole-your-tech-job-ai-interviews/

How to win my instant support as a customer:

"We have decided not to focus on generative AI features, and instead reinvest heavily in quality assurance for our core products through hiring, training, and process development."

Since @wdormann is quoted in this piece and I can't find Dan Wade's handle, I'm tagging him in.

Is this suggesting that the RDP cred cache never gets updated? Ever ever?

Also what's up with this?

Old credentials continue working for RDP—even from brand-new machines.

That makes no sense at all.

https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that

Tomorrow is Bandcamp Friday. I've got fuck all money for the next 2 weeks, someone bought my discography the other day and I won't starve to death but if you dig obscure indie music of the dark electro rock type pokemon, perhaps consider buying my music tomorrow via Bandcamp! Shares help. Checking my music out and commenting on it helps! #bandcampfriday #music #art #fedimusic #fedimusicians #bandcamp

Https://Limneticvillains.bandcamp.com

Also I'm on Faircamp! https://negativevoid.art/limnetic

Thank you Fediverse.

This BBC article makes my head hurt:

https://www.bbc.com/news/articles/czd3mey1ej2o

- The main news is about Meta's consent or pay model makes users "choose between paying for a monthly subscription or letting Meta *combine data it has collected on Facebook and Instagram*", and how EU ruled this non-compliant with #DMA.
- It then links to another article about a model where where you can pay for *ad-free* Facebook. Ad-free is not the same as combining data from different platforms!
- There is no link to the EU source, but we get a full section about Meta's plans with AI, that has *nothing* to do with the original topic.
- In the middle of this mess we get a totally out of context paragraph explaining what Meta is?!

Was this all written by an LLM?

Does anyone happen to know what this regulation is actually about?

#EU #DMA #Meta #privacy #journalism

my colleague @DarkaMaul has put out a new post on the @trailofbits blog on how we worked with @pypi's maintainers to slash PyPI test run times from ~160s to ~30s despite overall test counts growing by 17% (3900 to 4700+):

https://blog.trailofbits.com/2025/05/01/making-pypis-test-suite-81-faster/

this is some of my favorite kind of work: faster test suites means that developers run tests locally more often, and are less hesitant to add new tests (especially parametric ones). another great example of security and performance/reliability engineering dovetailing.

#opensource #security #python

The sheer arrogance and idiocy of Apple acting in bad faith, thinking they'll get away with it.

https://federated.saagarjha.com/notice/AteBzOuJJxwFZbjlzs

Utterly incredible.

https://www.pcworld.com/article/2651749/office-is-too-slow-so-microsoft-is-making-it-load-at-windows-startup.html

Get in losers, we’re reading Judge Gonzalez’s ruling

(Note: you can get the zingers elsewhere, I am going to assume you read those already. If you haven’t, you should, they are *really* funny.)

Making a Lua Bytecode parser in Python

https://openpunk.com/pages/lua-bytecode-parser/

This came very handy today, and the whole blog looks pretty nice, although it wasn't updated for a while.

Shoutout to the marketing ‘expert’ who mailed a large, battery-powered, LCD-equipped video greeting card to our CEO to demonstrate their innovative approach to ignoring the #ewaste crisis. Bold strategy.

We’ll be sure to reach out if we need help shipping steaks and leather handbags to PETA.

New breach: Hungarian education office website TehetségKapu had almost 55k records breached in March. Data included email address, name and username. 32% were already in @haveibeenpwned. Read more: https://444.hu/2025/03/27/55-ezer-szemelyes-adat-magyar-diakok-tanarok-es-az-oktatasi-hivatal-dolgozoinak-informacioi-szivaroghattak-ki

via @ncweaver

Hey Apple. Sort your fucking house out. I just got a notification summary that ‘Dad had another stroke’ when he hadn’t (he’s had a stroke before so there was a small reference in the message).
Naturally I shit my pants and tapped on the message straight away so wasn’t able to get a screen grab.