Today we've released #OracleSolaris 11.4.81, our quarterly feature update. The announcement is at https://blogs.oracle.com/solaris/post/announcing-oracle-solaris-114-sru81 and lists the new features and software upgrades included.

Slides and video of our talk at @offensive_con are already online !
Thanks to @binary_gecko for the amazing event
https://www.reversetactics.com/publications/2025_conf_offensivecon_journeytofreedom/

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0064d910

ossl_store_handle_load_result

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0064d910.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0064d910.json&colors=light

Interesting links of the week:

Strategy:

* https://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html - what's over the horizon for PQC
* https://www.gov.uk/government/publications/secure-by-design-problem-book/secure-by-design-problem-book - HMG problem book for Secure By Design

Standards:

* https://www.ncsc.gov.uk/blog-post/new-etsi-standard-protects-ai-systems-from-evolving-cyber-threats - NCSC work on new ETSI standard for AI security

Threats:

* https://ai-incidents.mitre.org/ - MITRE ATLAS' database of AI spillages, leaks and floods
* https://unit42.paloaltonetworks.com/threat-brief-sap-netweaver-cve-2025-31324/ - SAP oopsie turns bad

Detection:

* https://community.emergingthreats.net/t/come-sail-the-cves-part-1-data-acquisition/2750 - @da_667 talks detection engineering
* https://www.magonia.io/wiresnort/ - combining Wireshark and Snort

Bugs:

* https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory - abusing service account delegation for privesc in AD
* https://astr.al/notes/2024-11-28_mdatp_privesc - when you can't even trust $argv[0] and processes called java.. a nice LPE in Defender for Linux
* https://sourceware.org/bugzilla/show_bug.cgi?id=32976 - ... or, it seems $LD_LIBRARY_PATH (what's old is new =))
* https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/ - leaky VoLTE and wifi calling
* https://starlabs.sg/blog/2025/05-breaking-out-of-restricted-mode-xss-to-rce-in-visual-studio-code/ - XSS to RCE in VSCode

Exploitation:

* https://go.dev/blog/tob-crypto-audit - @trailofbits took a look at Go Crypto

Hard hacks:

* https://idevicecentral.com/tweaks/idevice-toolkit-ipa-download/ - getting JB like tweaks running on modern iOS
* https://www.sopl.us/blog/consumer-do-it-yourself-guide-to-identifying-your-keys - getting physical with your keys

Development:

* https://docs.oracle.com/cd/E37838_01/html/E61050/gnclc.html - Oracle's guide to secure C for Solaris (thanks @alanc)
* https://allan.reyes.sh/posts/keeping-secrets-out-of-logs/ - on keeping your secrets, well, secret
* https://netascode.cisco.com/ - automate your network

Hardening:

* https://lore.kernel.org/landlock/20250519.ceihohf6a3uT@digikod.net/ - Latest news on Landlock for Linux
* https://www.man7.org/linux/man-pages/man1/systemd-analyze.1.html - analyzing systemd for signs of sense
* https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/ - another option to isolate your onions

Nerd:

* https://linuxexpert.org/from-licenses-to-liberation/ - the story of Linux, through a lens of innovation
* https://www.newscientist.com/article/2480221-chemists-discover-anti-spice-that-could-make-chilli-peppers-less-hot/ - did you know you could also make chillies hotter with salt?

#security, #research

I think that one of the reasons that I’m not worried about AGI is that I’m still waiting for the end of the world to be caused by Quantum Computing
https://alecmuffett.com/article/113401
#ItsTheEndOfTheWorldAsWeKnowItAndIFeelFine #QuantumComputing #ai2027

These days, the problem isn't how to innovate; it's how to get society to adopt the good ideas that already exist.

— Douglas Engelbart

#ideas #innovation

Two different approaches to debugging a software problem:

The Sudoku approach: stare at the limited set of clues you have, and think harder and harder about them until you find a way to deduce something useful.

The Minesweeper approach: don't even try to figure out the solution from only the clues you have right now. Instead, focus on finding a way to acquire another clue, and then using that to get another, and so on. Eventually you've collected so many clues that the answer is obvious.

Sometimes the Sudoku approach is necessary, because you've got all the clues you're ever going to get. But I think my new motto is "Never Sudoku a problem when you can Minesweeper it."

Announcing: https://justaqrcode.com.

Tired of "free" QR code generators that are full of ads and trackers, that share your data, and that want to sell you something? Me too. Here's my act of resistance: I made a one-page site that works entirely in your browser to generate a simple QR code. And that's all it does. You can download the HTML page and run it locally, even. Read the source; nothing up my sleeves. Just a QR code.

My offer to you -- I will continue to pay for the domain name and web hosting for it, myself. If you find it valuable, you can pay it back by creating your own useful thing for the world and releasing it for free. Let's take back the friendly web, one vexingly-monetized utility at a time!

#QRcode #Free #FriendlyWeb #Resistance

nailed it

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00628bf0

PKCS7_decrypt

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00628bf0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00628bf0.json&colors=light

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0048f2c0

SSL_get_version

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0048f2c0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0048f2c0.json&colors=light

The sigil was drawn in salt and ash, the candles lit at the pentagram points, the incantation declaimed.

There was a shimmer - a demon appeared.

"Curious. What ritual is this?"

"I got it from ChatGPT. I included all protections in my prompt!"

"I see," the demon said and stepped out of the sigil.

#MicroFiction #TootFic #SmallStories #vss

CVE-2025-4575: Low severity OpenSSL (3.5 only) vulnerability in openssl x509 (marking certs as trusted when asked to reject them): https://openssl-library.org/news/secadv/20250522.txt

Unlikely to have a big impact, but it's funny since this is a case of the tool doing the literal opposite of what it's asked to do. :-)

At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️

Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended with shellcode execution after MMU reconfiguration on the RTOS.

Read the full vulnerability deep dive here 👉 https://neodyme.io/en/blog/pwn2own-2024_canon_rce/

Oh, look, a rabbit hole.

sev:CRIT Spring auth bypass.

https://spring.io/security/cve-2025-41232

A thing I’ve been thinking about: when someone says “this is a good use case for generative/agentic AI”, that’s usually a sign that the process could be improved.

Like, people use LLMs to write overly fluffy covering letters for job applications. OK, just have an application form.

Or people use LLMs to understand errors when coding. Okay, that’s a sign to make the error handling more readable/helpful. E.g. the Rust compiler has pretty excellent errors compared to “syntax error on line 37”.

I hate Windows: "Why does the Windows Portable Executable (PE) format have separate tables for import names and import addresses?, part 2".

https://devblogs.microsoft.com/oldnewthing/20231130-00/?p=109084