Posts
4263
Following
738
Followers
1632
"I'm interested in all kinds of astronomy."
repeated
Edited 8 months ago

New post: Abusing macOS tclsh as shellcode loader

https://codecolor.ist/2025/10/31/macos-abuse-tcl-lol/

Happy Halloween ๐ŸŽƒ

0
4
0
Why do online maps hide street names?! They literally had one job...
1
0
2
repeated

kind of funny that bugs that are communicated to vendors in a way they don't appreciate can result in no CVE being allocated for the vuln(s). while i guess it is bureaucratically legit (or is it?) it makes the CVE system an unreliable source of truth (more news at 11)
https://bird.makeup/users/0xmadvise/statuses/1983893375498776932

1
2
0
repeated

Oooh! Crowd Supply has finally posted a link to my talk at Teardown 2025 about trusting silicon: https://www.youtube.com/watch?v=pxQCApAAT0s

1
5
0
#music #deathmetal #technical
Show content
It's been over a decade since I first heard a guitarist playing Black Dahlia Murder on a beat up classical guitar, it was about time to check out his band too...

Really cool stuff!

https://unhumanofficial.bandcamp.com/album/unhuman

(TBDM classival cover is here: https://www.youtube.com/watch?v=c7gp8syqCBo (
0
1
1
repeated

Hello! Hello. It's today, and I wanted to show you one of the older works. This is an automotive ASIC fabbed for Toyota, part number DF028. I do not know the function of this particular device.

SiPron page: https://siliconprawn.org/archive/doku.php?id=infosecdj:toyota:d028f

2
3
0
repeated

โœ‹ Stop writing yourself for your blog. Since 1998, the W3C provides a bunch of ready to use style-sheets: the W3C Core Styles. https://www.w3.org/StyleSheets/Core/Overview

Guaranteed to work on Netscape 4!

1
3
0
repeated

Anybody remember how twitter used to work over text message?

I think I broke that feature.

You could send and receive tweets, and do some basic interactions like following keywords - for example FOLLOW Guybrush Threepwood would text you any tweets about the classic Lucasarts Adventure Game series Monkey Islandโ„ข.

So one day at work I had an idea. I took my Nokia and texted FOLLOW lol.

My phone immediately blew up. I got the next tweet someone posted that said lol. And the one after that.

I tried to text STOP lol but my phone couldn't multitask, so every new instance of lol interrupted my attempt to stop them. When my phone's text memory filled up (300!), I found out it deletes old texts and keeps going

So I turned my phone off to stop the flow (I didn't have unlimited texting, this was getting expensive!)

When I got home from the office, Twitter was down. For a while.

When it came back up, the text messaging feature did not come back up. Ever.

7
12
2
repeated

โ„’ำฑแธษฉฤ™ ๐Ÿ’พโ˜ฎโˆž๐ŸŽถโ™ฒโ˜€๐Ÿ”‹

So is deleting videos of people showing how to install 11 on computers without TPMs and using local accounts. Can't imagine why.

So, please share mine! I make absolutely no money on my videos, I purely educate.
https://peertube.wtf/w/pqMrXFbzpJAS4r5NRj5o8j

Also ๐Ÿ–• Microsoft

7
27
0
repeated
repeated

๐ŸŽƒ๐ŸŽƒ if you've got spooky business this weekend, don't forget to put on the Gameboy Halloween chiptune playlist! ๐ŸŽƒ๐ŸŽƒ

https://www.youtube.com/watch?v=henyMRqMBws

2
3
0
repeated
repeated

Microsoft:

As much as 30% of the company's code is written by AI.

Also Microsoft:
Somehow we managed to make it so that clicking the x in Task Manager doesn't close the app. Whoopsie daisy!

2
5
0
[RSS] [Blog] A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS

https://code-white.com/blog/wsus-cve-2025-59287-analysis/
0
0
0
[RSS] Micropatches Released for Windows Installer Elevation of Privilege Vulnerability (CVE-2025-50173)

https://blog.0patch.com/2025/10/micropatches-released-for-windows_30.html
0
0
0
repeated

We're spilling the TEE: We're disclosing vulnerabilities (CVE-2025-59054, CVE-2025-58356) in LUKS2 disk encryption affecting 8 confidential computing systems.

https://blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/

0
7
0
repeated

AMD, Intel and Nvidia have poured untold resources into building on-chip trusted execution environments. These enclaves use encryption to protect data and execution from being viewed or modified. The companies proudly declare that these TEEs will protect data and code even when the OS kernel has been thoroughly compromised. The chipmakers are considerably less vocal about an exclusion that physical attacks, which are becoming increasingly cheap and easy, aren't covered by the threat model These physical attacks use off the shelf equipment and only intermediate admin skills to completely break all TEEs made from these three chipmakers.

This shifting Security landscape leaves me asking a bunch of questions. What's the true value of a TEE going forward?. Can governments ever get subpoena rulings ordering a host provider to run this attack on their own infrastructure? Why do the companies market their TEEs so heavily for edge servers when one of the top edge-server threats is
physical attacks?

People say, "well yes. just run the server in Amazon or another top tier cloud provider and you'll be reasonably safe." The thing is, TEEs can only guarantee to a relying party that the server on the other end isn't infected and couldn't give up data even even if it was. There's no way for the relying party to know if the service is in Amazon or in an attackers's basement. So once again aren't we back to just trusting the cloud, which is precisely the problem TEEs were supposed to solve?

https://arstechnica.com/security/2025/10/new-physical-attacks-are-quickly-diluting-secure-enclave-defenses-from-nvidia-amd-and-intel/

1
7
0
repeated

the most important question I have about this HackingTeam revival that was exposed by @oct0xor and co is if is still saving the day when the live demos fail during a sales pitch. or did they find a new Serge?

(anyone remember ? or am I just really old?)

3
1
0
repeated

๐Ÿšจ๐Ÿšจ๐Ÿšจ Absolutely insane stuff here. @lorenzofb spent months working on this story.

Peter Williams, former L3Harris Trenchant boss โ€” the division that makes cyber exploits, zero-days and spyware for Western governments โ€” has pleaded guilty to selling Trenchant's exploits to Russia.

https://techcrunch.com/2025/10/29/former-l3harris-trenchant-boss-pleads-guilty-to-selling-zero-day-exploits-to-russian-broker/

3
10
0
repeated
Edited 8 months ago

There's an Azure outage, so in the Netherlands, rail services aren't working.

(Originally read "trains", but it's not the actual trains, it's ticket sales and planning)

https://nltimes.nl/2025/10/29/ns-hit-microsoft-cloud-outage-travel-planner-ticket-machines-affected

0
4
0
Show older