[RSS] Dubious security vulnerability: A program does not run correctly if you run it the wrong way, redux

https://devblogs.microsoft.com/oldnewthing/20250512-00/?p=111174

Lulz...

"Impact: Muting the microphone during a FaceTime call may not result in audio being silenced"

@ https://support.apple.com/en-us/122404

CVE ID: CVE-2025-47729
Vendor: TeleMessage
Product: TM SGNL
Date Added: 2025-05-12
Vulnerability: TeleMessage TM SGNL Hidden Functionality Vulnerability
Notes: Apply mitigations per vendor instructions. Absent mitigating instructions from the vendor, discontinue use of the product. ; https://nvd.nist.gov/vuln/detail/CVE-2025-47729
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-47729

The ICAO Council has ruled that Russia is responsible for downing flight MH17, violating the Chicago Convention by using weapons against a civilian aircraft. 298 innocent lives were lost.

https://www.rijksoverheid.nl/ministeries/ministerie-van-buitenlandse-zaken/nieuws/2025/05/12/icao-raad-russische-federatie-verantwoordelijk-voor-neerhalen-van-vlucht-mh17

It's fruit update time.
https://support.apple.com/en-us/100100

This was a fun one :)

https://github.com/Binary-Gecko/ekoparty2024_challenge

There was a short period of time in history when people would unironically say "why are you asking me, go ahead and google it."
(See also: LMFGTFY)

And now we are going back to "for the love of god don't google it, ask an expert instead."

#AI #internet #DumbestTimeline

10 Burp extensions I actually use... BUT none of them are in the top 30 most popular in the BApp Store!

I get tired of seeing the same extensions come up in "top 10" lists. Here are some hidden gems you might not have tried... yet. In no particular order.

🧵👇

In this behind the scenes look at #Pwn2Own Berlin, Zed and Dustin have run into an interesting problem - no gear! https://youtube.com/shorts/Xj9Du8iuXCw?feature=share

We have a CI job to spot unwanted utf8 letters in #curl PRs as we have noticed that GitHub will gladly show the for example (identical) Cyrillic version of a letter next to the Latin version in a diff and it is yes, entirely impossible for a human to spot the diff. I mean the diff is shown, but the significance of it is not.

Changing just a single letter like that in a URL hostname opens up for a world of grief.

my bank, deutsche bank, is serving a *revoked* tls certificate on their website db.com.

the mind reels at this level of incompetence.

https://www.ssllabs.com/ssltest/analyze.html?d=db.com

Soundcloud claims the right to train AI on your songs — but swears it hasn’t yet, honest

https://pivot-to-ai.com/2025/05/11/soundcloud-claims-the-right-to-train-ai-on-your-uploaded-music-but-swears-it-hasnt-yet-honest/ - text
https://www.youtube.com/watch?v=Cwg2TiF2Arg&list=UU9rJrMVgcXTfa8xuMnbhAEA - video

so i wrote another program for the IBM 1401 computer this past week. i wrote what it does on the card, but can you figure out how it works? the program is

,008015,022029,036043,048056,061066,070074U%U2MM%U2070WU%U2BB048B.048DATA⯒

that last little character is special!

You noticed how google search became unusably shit a few years ago?
Turns out that was on purpose

Men will literally build Kubernetes Cluster cluster at home instead of going to therapy ....

New assessment for topic: CVE-2024-58136

Topic description: "Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. ..."

"On the April 9 2025, Yii released an advisory warning that Yii framework versions before `2.0.52` were susceptible to Unsafe Reflection, with this CVE essentially a patch bypass of `CVE-2024-4990` ..."

Link: https://attackerkb.com/assessments/e6d2c5ff-8653-41a3-acf1-882330960fe1

I'm watching this video on Cisco Aironet wireless bridges and the serial interface on them is wild.
It's a /text-mode browser/, pointed at its internal web interface!

https://youtu.be/a5HMiZRuBko

Students not merely cheating with, but utterly relying on AI in "a society that treats schooling as [nothing more than] a means to a high-paying job" is deeply concerning as AI may actually make you dumber:

"research shows that when students off-load cognitive duties onto chatbots, their capacity for memory, problem-solving, and creativity could suffer. Multiple studies published within the past year have linked AI usage with a deterioration in critical-thinking skills"

https://www.msn.com/en-us/news/technology/everyone-is-cheating-their-way-through-college/ar-AA1EjCRk

Glad to report that binaryninja-docker still works with Binary Ninja 5.x in case you are on older glibc (or other dependency):

https://github.com/v-p-b/binaryninja-docker

BlackHoodie will be back at @reconmtl this year ☺️ It'll be two days of Breaking Down Binaries: Introduction to Reverse Engineering & Malware Analysis by Christina Johns and @sud0suw, registration is now open https://blackhoodie.re/recon/