In this behind the scenes look at #Pwn2Own Berlin, Zed and Dustin have run into an interesting problem - no gear! https://youtube.com/shorts/Xj9Du8iuXCw?feature=share

We have a CI job to spot unwanted utf8 letters in #curl PRs as we have noticed that GitHub will gladly show the for example (identical) Cyrillic version of a letter next to the Latin version in a diff and it is yes, entirely impossible for a human to spot the diff. I mean the diff is shown, but the significance of it is not.

Changing just a single letter like that in a URL hostname opens up for a world of grief.

my bank, deutsche bank, is serving a *revoked* tls certificate on their website db.com.

the mind reels at this level of incompetence.

https://www.ssllabs.com/ssltest/analyze.html?d=db.com

Soundcloud claims the right to train AI on your songs — but swears it hasn’t yet, honest

https://pivot-to-ai.com/2025/05/11/soundcloud-claims-the-right-to-train-ai-on-your-uploaded-music-but-swears-it-hasnt-yet-honest/ - text
https://www.youtube.com/watch?v=Cwg2TiF2Arg&list=UU9rJrMVgcXTfa8xuMnbhAEA - video

so i wrote another program for the IBM 1401 computer this past week. i wrote what it does on the card, but can you figure out how it works? the program is

,008015,022029,036043,048056,061066,070074U%U2MM%U2070WU%U2BB048B.048DATA⯒

that last little character is special!

You noticed how google search became unusably shit a few years ago?
Turns out that was on purpose

Men will literally build Kubernetes Cluster cluster at home instead of going to therapy ....

New assessment for topic: CVE-2024-58136

Topic description: "Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. ..."

"On the April 9 2025, Yii released an advisory warning that Yii framework versions before `2.0.52` were susceptible to Unsafe Reflection, with this CVE essentially a patch bypass of `CVE-2024-4990` ..."

Link: https://attackerkb.com/assessments/e6d2c5ff-8653-41a3-acf1-882330960fe1

I'm watching this video on Cisco Aironet wireless bridges and the serial interface on them is wild.
It's a /text-mode browser/, pointed at its internal web interface!

https://youtu.be/a5HMiZRuBko

Students not merely cheating with, but utterly relying on AI in "a society that treats schooling as [nothing more than] a means to a high-paying job" is deeply concerning as AI may actually make you dumber:

"research shows that when students off-load cognitive duties onto chatbots, their capacity for memory, problem-solving, and creativity could suffer. Multiple studies published within the past year have linked AI usage with a deterioration in critical-thinking skills"

https://www.msn.com/en-us/news/technology/everyone-is-cheating-their-way-through-college/ar-AA1EjCRk

Glad to report that binaryninja-docker still works with Binary Ninja 5.x in case you are on older glibc (or other dependency):

https://github.com/v-p-b/binaryninja-docker

BlackHoodie will be back at @reconmtl this year ☺️ It'll be two days of Breaking Down Binaries: Introduction to Reverse Engineering & Malware Analysis by Christina Johns and @sud0suw, registration is now open https://blackhoodie.re/recon/

💻 Have you read our recent publication?

Two Use After Free (UAF) vulnerabilities were discovered within Chrome’s Browser process by one of our researchers at SSD Labs: https://ssd-disclosure.com/ssd-advisory-miracleptr-sandbox/

Writing a Windows ARM64 Debugger for Reverse Engineering - KoiDbg by @keowu

https://keowu.re/posts/Writing-a-Windows-ARM64-Debugger-for-Reverse-Engineering-KoiDbg/

I've written an unhealthy amount of words on "the cloud" and specifically Europe's woes. In the post below I tie many articles together into a hopefully useful overview. It may be good to know that nothing I write on the cloud is novel or original, I mostly hope to report things as they are. Which is scary enough already! https://berthub.eu/articles/posts/cloud-overview/

One-Click RCE in ASUS’s Preinstalled Driver Software https://mrbruh.com/asusdriverhub/

Sierpiński triangle? In my bitwise AND?

https://lcamtuf.substack.com/p/sierpinski-triangle-in-my-bitwise

This weeks statistics:
- Random shitpost: 25 repeats, 61 favs
- Original technical content: 3 repeats, 3 favs

#social

Study: Your coworkers hate you for using AI at work

https://pivot-to-ai.com/2025/05/10/your-coworkers-hate-you-for-using-ai-at-work/ - text
https://www.youtube.com/watch?v=ONx7IFkX9OE&list=UU9rJrMVgcXTfa8xuMnbhAEA - video

"Hey, we're gonna take a screenshot of your PC every five seconds to feed our AI, mmkay? Oh wait, you want a screenshot of a meeting slide? Heck no we don't want your COMPANY to sue us!"

-Microsoft, definitely

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-will-soon-block-screen-capture-during-meetings/

#privacy #microsoft